1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved pups galore

Discussion in 'Malware and Virus Removal Archive' started by rthompson, 2011/12/18.

Page 1 of 2
  1. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    [Resolved] pups galore

    My son downloaded a bunch of pups, I need help in removing them.

    dds


    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170
    Run by PC Owner at 19:13:47 on 2011-12-17
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    mStart Page = hxxp://home.sweetim.com/?st=1&barid={0874288A-176A-11E1-9D5D-0024E80B28B9}
    mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80643&lng=en
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80643
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
    uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
    mURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
    mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
    BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.5.4\PriceGongIE.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
    BHO: FastestIE: {54404f81-99cc-4fd3-9d29-92689b86c2cc} - c:\program files\fastestie\FastestIE.dll
    BHO: EpicPlay: {56e4076b-a42b-4745-ba35-34da8ac4c2f2} - EpicPlay
    BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - c:\program files\rewardsarcade\RewardsArcade.dll
    BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
    BHO: Shop to Win: {65c3061d-4456-415a-b97c-1c14099ab2ff} - c:\program files\shop to win 15\Shop to Win 15.dll
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
    BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - c:\progra~1\rebate~1\RebateI.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
    BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
    BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
    BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
    TB: !{07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
    TB: !{0b84b4b4-8af8-4f1f-91fe-074a666f6425} - No File
    TB: !{46897C77-E7A6-4c33-BFFB-E9C2E2718942} - No File
    TB: !{5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File
    TB: !{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File
    TB: !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
    TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
    TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
    TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
    TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
    TB: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
    uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [TaskTray] c:\program files\driverdoc\driverdoc\TaskTray.exe
    mRun: [PCPowerSpeed] "c:\program files\pcpowerspeed\PCPowerTray.exe" /startup
    mRun: [MFARestart] "c:\programdata\mfadata\pack\avgrunasx.exe" /usereg
    mRun: [StartNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe "
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
    mRun: [CommonToolkitTray] c:\program files\fighters\tray\FightersTray.exe
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe "
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [iBryte playbryte Desktop] c:\program files\ibryte\playbryte\ibrytedesktop.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
    IE: Upload to Facebook - c:\program files\webcammax\share\iecontext.htm
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {44D32BD3-31DA-4FD4-A0F4-B4782652B97B} - {C0CDA7E4-1369-4FA6-A679-546B34783099} - c:\program files\fastestie\FastestIE.dll
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8D27EB08-6815-46DE-8B08-5DCF2FEAA991} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{EEFC9B8E-F857-4F31-9134-3DE3E714B5B7} : DhcpNameServer = 192.168.1.1
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\rebate~1\RebateI.dll
    AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? FilmFanaticService;FilmFanaticService
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? MBAMSwissArmy;MBAMSwissArmy
    R? RelevantKnowledge;RelevantKnowledge
    R? SwitchBoard;Adobe SwitchBoard
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? amacpi;Microsoft Away Mode System
    S? aswFsBlk;aswFsBlk
    S? aswMonFlt;aswMonFlt
    S? aswSnx;aswSnx
    S? aswSP;aswSP
    S? avast! Antivirus;avast! Antivirus
    S? Avgfwfd;AVG network filter service
    S? AVGIDSAgent;AVGIDSAgent
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSEH;AVGIDSEH
    S? AVGIDSFilter;AVGIDSFilter
    S? AVGIDSShim;AVGIDSShim
    S? Avgldx86;AVG AVI Loader Driver
    S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx86;AVG Anti-Rootkit Driver
    S? Avgtdix;AVG TDI Driver
    S? avgwd;AVG WatchDog
    S? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
    S? bbcap;bbcap
    S? FontCache;Windows Font Cache Service
    S? FOXOSDService;Dell OSD Service
    S? FXOSDDRV;Foxconn ACPI BIOS Simulator Driver
    S? ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver
    S? MBAMProtector;MBAMProtector
    S? MBAMService;MBAMService
    S? nvamacpi;Nvidia Away Mode System
    S? nvUpdatusService;NVIDIA Update Service Daemon
    S? PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service
    S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
    S? Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar
    S? WCMVCAM;WebcamMax, WDM Video Capture
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-12-17 23:52:25 54016 ----a-w- c:\windows\system32\drivers\xdoco.sys
    2011-12-17 22:00:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-17 21:53:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-29 21:58:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-11-29 21:58:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-25 12:13:47 4608 ----a-w- c:\windows\system32\bbchlp.dll
    2011-11-25 12:13:47 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
    2011-11-25 12:13:47 30720 ----a-w- c:\windows\system32\bbcap.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ============= FINISH: 19:15:51.67 ===============
     
    rthompson,
    #1
  2. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/26/2011 5:53:24 PM
    System Uptime: 12/17/2011 2:30:46 PM (5 hours ago)
    .
    Motherboard: Dell Inc. | | 0K837J
    Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 157.374 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 13.572 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop CS5.1
    ALOT Toolbar
    AppGraffiti
    Ask Toolbar
    ASPCA TriMini Reminder by We-Care.com v5.0.2.1
    avast! Free Antivirus
    AVG 2011
    Bandoo
    BB FlashBack Express
    Beneton Movie GIF 1.1.2
    Bing Bar
    Bing Bar Platform
    BitTorrent
    Cakewalk Music Creator LE 3
    Camfrog Video Chat 6.1
    CDBurnerXP
    DivX Setup
    DreamLight Photo Editor 4.2
    DreamStation DXi2
    Driver Detective
    DriverDoc
    EpicPlay
    EZ Fonts
    Fast Break Basketball
    FastestIE
    FLV Blaster v5.9.0
    FoxTab Media Player
    FoxTab PDF Creator
    Freeze.com NetAssistant
    GameSpy Arcade
    GIMP 2.6.10
    Google Chrome
    Google Earth
    Google SketchUp 8
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Officejet 6500 E710n-z Basic Device Software
    HP Officejet 6500 E710n-z Help
    HP Officejet 6500 E710n-z Product Improvement Study
    HP Update
    I.R.I.S. OCR
    iLivid
    IMVU Inc Toolbar
    Inbox Toolbar
    Itibiti RTC
    Java Auto Updater
    Java(TM) 6 Update 3
    Java(TM) 6 Update 30
    JMicron Flash Media Controller Driver
    Kaspersky Security Scan
    Knctr
    Magic Photo Editor 6.1
    Malwarebytes' Anti-Malware version 1.51.2.1300
    ManyCam 2.6.55 (remove only)
    Marketsplash Shortcuts
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Default Manager
    Microsoft GIF Animator
    Microsoft Halo Trial
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Need for Speed Underground 2 Demo
    NetAssistant
    NextWindow TSA
    Norton Security Scan
    NVIDIA Control Panel 275.33
    NVIDIA Drivers
    NVIDIA Graphics Driver 275.33
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.3.5
    NVIDIA Update Components
    OSD
    Paint.NET v3.5.10
    Patch Maker
    PC Power Speed 1.0.0.21
    PDF Reader
    PDF Settings CS5
    PhotoScape
    PlayBryte
    PokerStars.net
    PriceGong 2.5.4
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    RebateInformer
    Registry Mechanic 10.0
    RewardsArcade
    rooftopconfessions 1.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Shop To Win
    SLOW-PCfighter
    StartNow Toolbar
    SweetIM for Messenger 3.6
    SweetIM Toolbar for Internet Explorer 4.2
    The Weather Channel Desktop 6
    Uniblue DriverScanner
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VC80CRTRedist - 8.0.50727.4053
    WeatherBug
    WebcamMax
    Windows Live ID Sign-in Assistant
    WinRAR 4.10 beta 4 (32-bit)
    WinZip 16.0
    WinZipBar Toolbar
    Xvid Video Codec
    Yahoo! Software Update
    Yahoo! Toolbar
    Yontoo Layers Runtime 1.10.01
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/17/2011 6:51:33 PM, Error: Service Control Manager [7034] - The RelevantKnowledge service terminated unexpectedly. It has done this 1 time(s).
    12/17/2011 4:53:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null
    12/17/2011 4:52:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FilmFanaticService service to connect.
    12/17/2011 4:52:40 PM, Error: Service Control Manager [7000] - The FilmFanaticService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/17/2011 4:52:31 PM, Error: Microsoft-Windows-PrintSpooler [64] - The attempt to install printer Microsoft XPS Document Writer 6.0.6002.18005 into an offline operating system image failed with Win32 error code 3016 (0xbc8). This can occur if the printer driver requires user input or displays a user interface (UI) during installation.
    12/17/2011 4:51:20 PM, Error: EventLog [6008] - The previous system shutdown at 2:28:28 PM on 12/17/2011 was unexpected.
    12/17/2011 1:50:36 PM, Error: EventLog [6008] - The previous system shutdown at 1:30:02 PM on 12/17/2011 was unexpected.
    12/17/2011 1:24:17 PM, Error: EventLog [6008] - The previous system shutdown at 2:04:44 PM on 12/16/2011 was unexpected.
    12/14/2011 7:30:57 AM, Error: EventLog [6008] - The previous system shutdown at 7:29:19 AM on 12/14/2011 was unexpected.
    12/14/2011 12:13:57 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{EEFC9B8E-F857-4F31-9134-3DE3E714B5B7} because another computer on the network has the same name. The server could not start.
    12/12/2011 7:46:33 PM, Error: EventLog [6008] - The previous system shutdown at 7:44:48 PM on 12/12/2011 was unexpected.
    .
    ==== End Of File ===========================
     
    rthompson,
    #2


  3. to hide this advert.

  4. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    mbam

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8390

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19170

    12/17/2011 6:51:37 PM
    mbam-log-2011-12-17 (18-51-37).txt

    Scan type: Quick scan
    Objects scanned: 198601
    Time elapsed: 11 minute(s), 1 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 123
    Registry Values Infected: 3
    Registry Data Items Infected: 1
    Folders Infected: 39
    Files Infected: 177

    Memory Processes Infected:
    c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> 3648 -> Unloaded process successfully.

    Memory Modules Infected:
    c:\Users\PC Owner\AppData\Local\Google\Chrome\user data\Default\extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.331.4_0\plugins\rlcm.dll (Adware.RelevantKnowledge) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FilmFanaticService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d5e9b421-c309-41de-9014-800a2adcdeb0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07d09e63-294f-4aa3-ab44-e61331aec6a3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e9594c59-aa17-4e5b-b9a5-3b4b023b9a2e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0A3A3A48-06BF-464E-B43F-D773259AD9C3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{12659bab-1b90-4fbb-97cf-db2d3475dc38} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.ScriptButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.ScriptButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1da22a28-324d-4dd4-b2dc-66a3cebf447f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3e5b610b-f82d-42fd-aa36-10b0c103bdd5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{A492E40A-865C-435F-B4A8-DC62DB312387} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1DA22A28-324D-4DD4-B2DC-66A3CEBF447F} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2f38d624-ac5d-4096-88cc-a58d2ac806e1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{95c0d70c-e5ed-4618-aecc-e11066f86960} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{D3062CC1-B8A4-4FDF-8E7F-6BECE6270D34} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F38D624-AC5D-4096-88CC-A58D2AC806E1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{37A2255C-D173-4B54-A455-13DE1DDA9F44} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37A2255C-D173-4B54-A455-13DE1DDA9F44} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e9be71d-a3fa-4224-ab29-2602acd577ff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{83afb8a1-dfd5-4103-b5f7-52f2f114d188} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4A8CE0E0-739D-418A-A236-E6555449AD78} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4c2743f0-a2e2-41a0-9e65-798943109f42} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{80154db4-dc3d-41d7-a5da-3b63549377a4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C2743F0-A2E2-41A0-9E65-798943109F42} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CLASSES_ROOT\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CLASSES_ROOT\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CLASSES_ROOT\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CLASSES_ROOT\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CLASSES_ROOT\RewardsArcade.FBApi (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CLASSES_ROOT\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CLASSES_ROOT\CLSID\{5ce76f81-af51-4aad-8d83-5a28e163530e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{9f5fedb2-90bb-43e9-becd-69758c60b00a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9AC684A9-83A0-4A6D-AB4C-2B00AF57E93B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.RadioSettings.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.RadioSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{631acb68-57c3-48af-9cc5-fcec0837ffd3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7f4a94dc-2191-4ee3-9f0b-c8a12199d22c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{93fc722b-ab04-4ce2-b1a5-5b6889a72830} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{335fdf69-47e2-4099-8b85-f743014942c5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{70BD58F8-B097-4C58-8E2E-0C1FB9719F73} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{946653ac-5e9d-4c95-bf99-ae5b0b0dd4c6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9549f17f-105d-4802-96cb-6113acc2cb53} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{864d5a22-9c34-48f6-9385-2e1eaf5f8c33} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2BAC1F62-5FD8-43A6-A213-48CEC8E58172} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.FeedManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.FeedManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{99b340f7-76e0-44ab-9948-b95a1b475d39} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99B340F7-76E0-44AB-9948-B95A1B475D39} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a876a1c1-d9f6-4562-8dbc-d98b61b3f281} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{bf893c5b-8433-4209-8beb-6584510fe686} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{329CCEB3-D542-4D26-A948-649ABA3D4071} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.XMLSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.XMLSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A876A1C1-D9F6-4562-8DBC-D98B61B3F281} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{af51acfa-1320-4087-a9f8-0ace3f2bd0c8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.Radio.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.Radio (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bde564f7-15c9-4c39-a5ba-6ad66a289997} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dbb38792-eda6-4557-999b-1974290253a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.DynamicBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.DynamicBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{edec5cdc-b714-4b45-9b66-c370451a74f9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FilmFanatic.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{efbf47aa-3c29-4c00-9225-6001e6a0b1ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{1eacd8b0-9bba-4197-9e72-7d26347d5c7c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{E083908B-BD7D-414D-A96B-5D3345593181} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{796B75F6-6187-47E2-8F1F-C16E059E6E19} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Not selected for removal.
    HKEY_CLASSES_ROOT\FREEzeFrogAx.Info (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FREEzeFrogAx.Info.1 (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Seekapp (Adware.SeekApp) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilmFanaticbar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FREEzeFrogSA (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FilmFanatic.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{978310b7-0743-4200-b8a2-fb9706995251} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{796B75F6-6187-47E2-8F1F-C16E059E6E19} (Adware.MyWebSearch) -> Value: {796B75F6-6187-47E2-8F1F-C16E059E6E19} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{796b75f6-6187-47e2-8f1f-c16e059e6e19} (Adware.MyWebSearch) -> Value: {796b75f6-6187-47e2-8f1f-c16e059e6e19} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\paffxtbr@FilmFanatic.com (Adware.MyWebSearch) -> Value: paffxtbr@FilmFanatic.com -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\program files\rewardsarcade (PUP.RewardsArcade) -> Not selected for removal.
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\programdata\Seekapp (Adware.SeekApp) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\Seekapp (Adware.SeekApp) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\freezefrogsa (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    c:\program files\freezefrog\bin\1.0.670.0 (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498 (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Chrome (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\defaults (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\locale (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498 (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Chrome (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\defaults (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\locale (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin (PUP.RewardsArcade) -> Not selected for removal.

    Files Infected:
    c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Google\Chrome\user data\Default\extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.331.4_0\plugins\rlcm.dll (Adware.RelevantKnowledge) -> Delete on reboot.
    c:\program files\filmfanatic\bar\1.bin\pabarsvc.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\padatact.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pascript.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\patpinst.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paskin.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pahtmlmu.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pahtml.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\rewardsarcade\rewardsarcade.dll (PUP.RewardsArcade) -> Not selected for removal.
    c:\program files\filmfanatic\bar\1.bin\paradio.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pahttpct.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\T8FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pafeedmg.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pamsg.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pamlbtn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\padyn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pauabtn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\padlghk.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\Addons\34A4860A\zugo.exe (PUP.Zugo) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\Temp\Addons\35F09736\zugo.exe (PUP.Zugo) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\Temp\Addons\5368B20D\zugo.exe (PUP.Zugo) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\Temp\nsmA26B.tmp\seekapp.exe (Adware.Ziniky) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\nsqFAD.tmp\seekapp.exe (Adware.Ziniky) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~os4B81.tmp\rlxh.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~os4B81.tmp\rlxi.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~os4B81.tmp\rlxj.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~os4B81.tmp\rlxk.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~os7F8E.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~os7F8E.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~os7F8E.tmp\rlxh.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~os7F8E.tmp\rlxi.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~os7F8E.tmp\rlxj.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~osDBAF.tmp\rlxh.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~osDBAF.tmp\rlxi.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~osDBAF.tmp\rlxj.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\~osDBAF.tmp\rlxk.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\downloads\7zip_setup.exe (PUP.Bundle.Installer.OI) -> Not selected for removal.
    c:\program files\rewardsarcade\fb.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\program files\rewardsarcade\appapiinternalwrapper.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\program files\rewardsarcade\jquery.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\program files\rewardsarcade\json.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\program files\rewardsarcade\rewardsarcade.exe (PUP.RewardsArcade) -> Not selected for removal.
    c:\program files\rewardsarcade\uninstall.exe (PUP.RewardsArcade) -> Not selected for removal.
    c:\program files\rewardsarcade\userconfirmation.exe (PUP.RewardsArcade) -> Not selected for removal.
    c:\programdata\Seekapp\seekapp132.exe (Adware.SeekApp) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\ncncf.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\nscf.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\rlcm.crx (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\rlcm.txt (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\shfscp.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\components\rlxh.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\components\rlxi.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\components\rlxj.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\components\rlxk.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\freezefrogsa\freezefrogsa.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    c:\programdata\freezefrogsa\freezefrogsaabout.mht (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    c:\programdata\freezefrogsa\freezefrogsaau.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    c:\programdata\freezefrogsa\freezefrogsaeula.mht (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    c:\programdata\freezefrogsa\freezefrogsa_kyf.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    c:\program files\freezefrog\bin\1.0.670.0\freezefrogsahook.dll (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    c:\program files\freezefrog\bin\1.0.670.0\launchhelp.dll (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\LOGO.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paauxstb.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pabrstub.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pahighin.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paidle.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paieovr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paimpipe.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\pamedint.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paPlugin.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paregfft.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paregiet.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\paskplay.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\T8PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\T8UNPAT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\filmfanatic\bar\1.bin\chrome\paffxtbr.jar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\uninstall.ico (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\uninstall.ico (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Not selected for removal.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Not selected for removal.
     
    rthompson,
    #3
  5. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    aswMBR

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-17 18:54:00
    -----------------------------
    18:54:00.292 OS Version: Windows 6.0.6002 Service Pack 2
    18:54:00.293 Number of processors: 2 586 0x1706
    18:54:00.295 ComputerName: OWNER-PC UserName: PC Owner
    18:54:02.608 Initialize success
    18:54:03.405 AVAST engine defs: 11121702
    18:54:09.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
    18:54:09.220 Disk 0 Vendor: SAMSUNG_ 1AC0 Size: 305245MB BusType: 3
    18:54:11.367 Disk 0 MBR read successfully
    18:54:11.370 Disk 0 MBR scan
    18:54:11.374 Disk 0 Windows VISTA default MBR code
    18:54:11.410 Disk 0 scanning sectors +625140400
    18:54:11.642 Disk 0 scanning C:\Windows\system32\drivers
    18:54:59.345 Service scanning
    18:55:00.802 Modules scanning
    18:55:51.211 Disk 0 trace - called modules:
    18:55:51.252 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    18:55:51.255 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8648f910]
    18:55:51.259 3 CLASSPNP.SYS[8b5b98b3] -> nt!IofCallDriver -> [0x85909a80]
    18:55:51.263 5 acpi.sys[8ae9b6bc] -> nt!IofCallDriver -> \Device\0000005c[0x84f42c90]
    18:55:52.591 AVAST engine scan C:\Windows
    18:57:16.310 AVAST engine scan C:\Windows\system32
    18:59:59.687 AVAST engine scan C:\Windows\system32\drivers
    19:00:08.585 AVAST engine scan C:\Users\PC Owner
    19:07:09.888 AVAST engine scan C:\ProgramData
    19:08:37.902 Disk 0 MBR has been saved successfully to "C:\Users\PC Owner\Documents\MBR.dat "
    19:08:37.910 The log file has been saved successfully to "C:\Users\PC Owner\Documents\aswMBR.txt "
     
    rthompson,
    #4
  6. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    gmer

    my gmer log is too long to post.
     
    rthompson,
    #5
  7. 2011/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    1. Uninstall Ask Toolbar, typical foistware.

    2. You're running two AV programs, Avast and AVG.
    One of them has to go.
    If AVG (my suggestion) use AVG Remover ot uninstall it: http://www.avg.com/us-en/utilities

    3. Why some items in MBAM are marked "Not selected for removal "?

    4. Upload GMER log here: http://www.filedropper.com/
    Post download link (copy URL: link):
    [​IMG]
     
    broni,
    #6
  8. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    rthompson,
    #7
  9. 2011/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run MBAM, fix ALL items and post new log.

    GMER log looks fine.

    When done with the above....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    mbam

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8391

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19170

    12/18/2011 7:43:20 PM
    mbam-log-2011-12-18 (19-43-20).txt

    Scan type: Quick scan
    Objects scanned: 198476
    Time elapsed: 6 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 11
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 29
    Files Infected: 100

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\rewardsarcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\rewardsarcade\rewardsarcade.dll (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\Addons\34A4860A\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\Addons\35F09736\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\Temp\Addons\5368B20D\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\downloads\7zip_setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
    c:\program files\rewardsarcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\program files\rewardsarcade\appapiinternalwrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\program files\rewardsarcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\program files\rewardsarcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\program files\rewardsarcade\rewardsarcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\program files\rewardsarcade\uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\program files\rewardsarcade\userconfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\AppData\Local\rewardsarcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\Users\PC Owner\local settings\application data\rewardsarcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
     
    rthompson,
    #9
  11. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    combofix

    ComboFix 11-12-18.01 - PC Owner 12/18/2011 19:56:30.1.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2161 [GMT -5:00]
    Running from: c:\users\PC Owner\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Blinkx
    c:\program files\Blinkx\blinkx.ico
    c:\program files\Blinkx\blinkxss.exe
    c:\program files\Blinkx\blinkxstop.exe
    c:\program files\Blinkx\lang.dll
    c:\program files\Blinkx\templates\beat.ico
    c:\program files\Blinkx\templates\index.html
    c:\program files\Blinkx\templates\noflash.html
    c:\program files\Blinkx\templates\offline.html
    c:\program files\Blinkx\templates\offline.swf
    c:\program files\Blinkx\templates\uninstall.exe
    c:\program files\FilmFanatic
    c:\program files\FilmFanatic\bar\Cache\03229BB2
    c:\program files\FilmFanatic\bar\Cache\03229E41
    c:\program files\FilmFanatic\bar\Cache\0322A0A2.bmp
    c:\program files\FilmFanatic\bar\Cache\0322A19B.bmp
    c:\program files\FilmFanatic\bar\Cache\0322A36F.bmp
    c:\program files\FilmFanatic\bar\Cache\0322A4B7.bmp
    c:\program files\FilmFanatic\bar\Cache\0322A5FF.bmp
    c:\program files\FilmFanatic\bar\Cache\0322A794.bmp
    c:\program files\FilmFanatic\bar\Cache\0322A8CC.bmp
    c:\program files\FilmFanatic\bar\Cache\0322A9F5.bmp
    c:\program files\FilmFanatic\bar\Cache\0322ACE1.bmp
    c:\program files\FilmFanatic\bar\Cache\0322ADDB.bmp
    c:\program files\FilmFanatic\bar\Cache\0322AEF4.bmp
    c:\program files\FilmFanatic\bar\Cache\0322B106.bmp
    c:\program files\FilmFanatic\bar\Cache\0322B2CB.jhtml
    c:\program files\FilmFanatic\bar\Cache\files.ini
    c:\program files\FilmFanatic\bar\History\search3
    c:\program files\FilmFanatic\bar\IE9Mesg\COMMON.T8S
    c:\program files\FilmFanatic\bar\Message\COMMON.T8S
    c:\program files\FilmFanatic\bar\Settings\prevcfg2.htm
    c:\program files\FilmFanatic\bar\Settings\s_pid.dat
    c:\program files\FilmFanatic\bar\Settings\s_w1.dat
    c:\program files\FilmFanatic\FilmFanatic\Cache\MovieNewsBtn.html
    c:\program files\FilmFanatic\FilmFanatic\Cache\MovieReviewsBtn.html
    c:\program files\FilmFanatic\FilmFanatic\Cache\PopupProperties100064938.html
    c:\program files\FilmFanatic\FilmFanatic\Cache\PopupProperties200821703.html
    c:\program files\FilmFanatic\FilmFanatic\Cache\Radio.html
    c:\program files\FilmFanatic\FilmFanatic\Cache\TrailersBtn.html
    c:\program files\FilmFanatic\FilmFanatic\Cache\VideosBtn.html
    c:\program files\FilmFanatic\FilmFanatic\Cache\WatchMoviesBtn.html
    c:\program files\FilmFanaticEI
    c:\program files\FREEzeFrog
    c:\program files\Shop to Win 15
    c:\program files\Shop to Win 15\patch.bat
    c:\program files\Shop to Win 15\settings.xml
    c:\program files\Shop to Win 15\Shop to Win 15.dll
    c:\program files\Shop to Win 15\ShoppingBHO.dll
    c:\program files\Shop to Win 15\ShopToWin.ico
    c:\program files\Shop to Win 15\Uninst.exe
    c:\program files\Shop to Win 15\version.txt
    c:\program files\Shop to Win
    c:\program files\Shop to Win\InstallNotifier.exe
    c:\program files\Shop to Win\unins000.dat
    c:\program files\Shop to Win\unins000.exe
    c:\program files\StartNow Toolbar
    c:\program files\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files\StartNow Toolbar\Resources\installer.xml
    c:\program files\StartNow Toolbar\Resources\protect\index.html
    c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files\StartNow Toolbar\Resources\protect\window.css
    c:\program files\StartNow Toolbar\Resources\protect\window.js
    c:\program files\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files\StartNow Toolbar\Resources\skin\separator.png
    c:\program files\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files\StartNow Toolbar\Resources\toolbar.xml
    c:\program files\StartNow Toolbar\Resources\update.xml
    c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files\StartNow Toolbar\Toolbar32.dll
    c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files\StartNow Toolbar\uninstall.dat
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Check out Previous Winners.lnk
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Frequently Asked Questions.lnk
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\How can I win $100,000.lnk
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\How can I win $500 Today.lnk
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Shop To Win Privacy Policy.lnk
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Shop to Win Terms and Conditions.lnk
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Sweepstakes Official Rules.lnk
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Uninstall.lnk
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\View My Shop to Win Account.lnk
    c:\users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Visit the Shop to Win Mall.lnk
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-19 01:03 . 2011-12-19 01:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-12-19 01:03 . 2011-12-19 01:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-12-19 01:03 . 2011-12-19 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-17 23:29 . 2011-12-17 23:29 -------- d-----w- c:\users\PC Owner\AppData\Roaming\Malwarebytes
    2011-12-17 23:29 . 2011-12-17 23:29 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-17 23:29 . 2011-12-17 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-17 23:29 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-17 22:01 . 2011-12-17 22:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-17 19:17 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-12-17 19:17 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-12-17 19:17 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-12-17 19:17 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-12-17 19:17 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-12-17 19:17 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-12-17 19:16 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2011-12-17 19:16 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-12-17 19:15 . 2011-12-17 19:15 -------- d-----w- c:\programdata\AVAST Software
    2011-12-17 19:15 . 2011-12-17 19:15 -------- d-----w- c:\program files\AVAST Software
    2011-12-15 14:02 . 2011-12-15 14:02 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-12-13 22:39 . 2011-12-13 22:39 -------- d-----w- c:\users\PC Owner\AppData\Local\Unity
    2011-12-06 04:16 . 2011-12-06 04:16 -------- d-----w- c:\programdata\Uniblue
    2011-12-04 14:34 . 2011-12-04 14:34 -------- d-----w- c:\program files\Magic Photo Editor
    2011-12-04 14:31 . 2011-12-04 14:33 -------- d-----w- c:\users\PC Owner\AppData\Roaming\PhotoScape
    2011-12-04 14:27 . 2011-12-04 14:29 -------- d-----w- c:\users\PC Owner\Zero G Registry
    2011-12-03 15:31 . 2011-12-03 15:31 -------- d-----w- c:\users\Guest\AppData\Local\Adobe
    2011-12-02 13:13 . 2011-12-02 13:13 -------- d-----w- c:\users\PC Owner\AppData\Roaming\Uniblue
    2011-12-02 13:13 . 2011-12-02 13:13 -------- d-----w- c:\program files\Uniblue
    2011-12-02 13:12 . 2011-12-02 13:12 -------- d-----w- c:\programdata\Premium
    2011-12-02 13:12 . 2011-12-02 14:23 -------- d-----w- c:\programdata\InstallMate
    2011-12-02 12:46 . 2011-12-02 12:46 -------- d-----w- c:\users\PC Owner\AppData\Roaming\PDAppFlex
    2011-12-02 12:45 . 2011-12-02 12:45 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2011-12-02 12:32 . 2011-12-02 12:38 -------- d-----w- c:\program files\Common Files\Adobe
    2011-12-02 12:10 . 2011-12-02 12:10 -------- d-----w- c:\users\PC Owner\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2011-12-02 12:10 . 2011-12-02 12:10 -------- d-----w- c:\program files\Adobe Download Assistant
    2011-12-02 12:10 . 2011-12-02 12:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-12-02 12:09 . 2011-12-02 12:55 -------- d-----w- c:\users\PC Owner\AppData\Local\Adobe
    2011-12-02 12:03 . 2011-12-02 12:03 -------- d-----w- c:\program files\7-Zip
    2011-12-02 12:03 . 2011-12-02 12:03 -------- d-----w- c:\program files\PriceGong
    2011-12-02 12:03 . 2011-12-02 12:03 -------- d-----w- c:\program files\iBryte
    2011-11-29 22:41 . 2011-11-29 22:41 -------- d-----w- C:\$AVG
    2011-11-29 21:59 . 2011-11-29 21:59 -------- d-----w- c:\program files\Common Files\xing shared
    2011-11-27 15:57 . 2011-11-27 15:57 -------- d-----w- c:\program files\BitTorrent
    2011-11-27 15:57 . 2011-12-19 01:06 -------- d-----w- c:\users\PC Owner\AppData\Roaming\BitTorrent
    2011-11-27 15:57 . 2011-11-27 15:57 -------- d-----w- c:\users\PC Owner\AppData\Local\BitTorrent
    2011-11-27 15:55 . 2011-11-27 15:55 -------- d-----w- c:\program files\Kaspersky Security Scan
    2011-11-27 15:54 . 2011-11-27 15:54 -------- d-----w- c:\users\PC Owner\AppData\Local\Conduit
    2011-11-27 15:54 . 2011-11-27 15:55 -------- d-----w- c:\users\PC Owner\AppData\Local\WinZip
    2011-11-27 15:54 . 2011-11-27 15:55 -------- d-----w- c:\programdata\WinZip
    2011-11-26 18:03 . 2011-11-26 18:03 -------- d-----w- c:\users\Guest\AppData\Roaming\Fighters
    2011-11-26 14:31 . 2011-11-26 14:32 -------- d-----w- c:\program files\Ask.com
    2011-11-26 14:31 . 2011-11-26 14:31 -------- d-----w- C:\Firefox
    2011-11-26 14:31 . 2011-11-26 14:31 -------- d-----w- c:\program files\FoxTabFLVPlayer
    2011-11-26 11:55 . 2011-11-26 11:55 -------- d-----w- c:\program files\EZ Fonts
    2011-11-26 11:55 . 2011-11-26 11:55 -------- d-----w- c:\users\PC Owner\AppData\Roaming\Itibiti
    2011-11-26 11:55 . 2011-11-26 11:55 -------- d-----w- c:\program files\Itibiti Soft Phone
    2011-11-26 11:55 . 2011-11-26 11:55 -------- d-----w- c:\users\PC Owner\AppData\Roaming\Fighters
    2011-11-26 11:55 . 2011-11-26 11:55 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-11-26 11:55 . 2011-11-26 11:55 -------- d-----w- c:\program files\FastestIE
    2011-11-26 11:55 . 2011-11-26 11:55 -------- d-----w- c:\program files\Fighters
    2011-11-26 11:55 . 2011-11-26 11:55 -------- d-----w- c:\programdata\Fighters
    2011-11-26 11:54 . 2011-11-26 11:54 -------- d-----w- c:\program files\Freeze.com
    2011-11-26 11:54 . 2011-11-26 11:54 -------- d-----w- c:\programdata\Yahoo!
    2011-11-26 11:54 . 2011-11-26 11:54 -------- d-----w- c:\programdata\Yahoo! Companion
    2011-11-26 11:54 . 2011-11-26 11:54 -------- d-----w- c:\program files\Yahoo!
    2011-11-26 11:54 . 2011-11-26 11:54 -------- d-----w- c:\users\PC Owner\AppData\Roaming\Yahoo!
    2011-11-25 16:03 . 2011-11-25 16:03 -------- d-----w- c:\users\Guest\AppData\Roaming\Bandoo
    2011-11-25 13:34 . 2011-11-25 13:34 -------- d-----w- C:\Multimedia Files
    2011-11-25 13:34 . 2011-11-25 13:34 -------- d-----w- c:\program files\Microsoft GIF Animator
    2011-11-25 13:33 . 2011-11-25 13:33 -------- d-----w- c:\program files\SweetIM
    2011-11-25 13:33 . 2011-11-25 13:33 -------- d-----w- c:\programdata\SweetIM
    2011-11-25 13:28 . 2011-11-25 13:43 -------- d-----w- c:\program files\Beneton Movie GIF
    2011-11-25 12:15 . 2011-11-25 12:17 -------- d-----w- c:\programdata\Blueberry
    2011-11-25 12:15 . 2011-11-25 12:18 -------- d-----w- c:\users\Guest\AppData\Roaming\Blueberry
    2011-11-25 12:15 . 2011-11-25 12:15 -------- d-----w- c:\users\Guest\AppData\Roaming\LogSys
    2011-11-25 12:15 . 2011-11-27 16:53 -------- d-----w- c:\users\PC Owner\AppData\Roaming\Blueberry
    2011-11-25 12:13 . 2011-11-25 12:13 4608 ----a-w- c:\windows\system32\bbchlp.dll
    2011-11-25 12:13 . 2011-11-25 12:13 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
    2011-11-25 12:13 . 2011-11-25 12:13 30720 ----a-w- c:\windows\system32\bbcap.dll
    2011-11-25 12:13 . 2011-11-25 12:15 -------- d-----w- c:\users\PC Owner\AppData\Roaming\LogSys
    2011-11-25 12:13 . 2011-11-25 12:13 -------- d-----w- c:\programdata\LogSys
    2011-11-25 12:13 . 2011-11-25 12:13 -------- d-----w- c:\program files\Common Files\Blueberry Software
    2011-11-25 12:13 . 2011-11-25 12:13 -------- d-----w- c:\program files\Blueberry Software
    2011-11-24 21:51 . 2011-11-24 21:51 0 ---ha-w- c:\users\PC Owner\AppData\Local\BIT77E.tmp
    2011-11-24 19:39 . 2011-12-05 11:15 -------- d-----w- c:\users\Guest\AppData\Roaming\gtk-2.0
    2011-11-24 19:39 . 2011-11-24 19:39 -------- d-----w- c:\users\Guest\.thumbnails
    2011-11-24 17:17 . 2011-12-05 11:28 -------- d-----w- c:\users\Guest\.gimp-2.6
    2011-11-24 16:22 . 2011-12-14 00:47 -------- d-----w- c:\users\PC Owner\AppData\Roaming\gtk-2.0
    2011-11-24 16:22 . 2011-11-24 16:22 -------- d-----w- c:\users\PC Owner\.thumbnails
    2011-11-24 15:42 . 2011-12-14 01:18 -------- d-----w- c:\users\PC Owner\.gimp-2.6
    2011-11-24 15:41 . 2011-11-24 15:41 -------- d-----w- c:\program files\GIMP-2.0
    2011-11-24 15:40 . 2011-11-24 15:40 18944 ----a-r- c:\users\PC Owner\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2011-11-24 15:40 . 2011-11-24 15:40 11264 ----a-r- c:\users\PC Owner\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
    2011-11-24 15:40 . 2011-12-17 19:39 -------- d-----w- c:\program files\EpicPlay
    2011-11-24 15:39 . 2011-11-24 15:39 -------- d-----w- c:\program files\alot
    2011-11-24 13:29 . 2007-08-21 18:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
    2011-11-24 13:29 . 2011-11-24 13:29 -------- d-----w- c:\program files\Yontoo Layers Runtime
    2011-11-24 13:29 . 2011-11-24 13:29 -------- d-----w- c:\program files\FoxTabPDFConverter
    2011-11-24 12:00 . 2011-11-24 12:00 -------- d-----w- c:\programdata\WeCareReminder
    2011-11-24 12:00 . 2011-11-24 12:00 -------- d-----w- c:\users\PC Owner\AppData\Roaming\SumatraPDF
    2011-11-24 12:00 . 2011-11-24 12:00 -------- d-----w- c:\program files\PDFReader
    2011-11-20 22:28 . 2011-11-20 22:29 -------- d-----w- C:\GIMP 2
    2011-11-20 22:27 . 2011-11-20 22:27 -------- d-----w- c:\program files\GIMP 2
    2011-11-19 21:58 . 2011-11-20 21:53 -------- d-----w- c:\users\PC Owner\AppData\Local\PokerStars.NET
    2011-11-19 19:47 . 2011-11-19 19:47 -------- d-----w- c:\users\Guest\AppData\Roaming\WebcamMax
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-17 21:53 . 2011-05-18 15:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-29 21:58 . 2011-06-20 21:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-11-29 21:58 . 2011-06-20 21:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-09-20 21:02 . 2011-11-09 11:12 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
    "{EEE6C35D-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} "= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} "= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\WinZipBar\prxtbWinZ.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54404F81-99CC-4FD3-9D29-92689B86C2CC}]
    2011-08-17 05:38 136192 ----a-w- c:\program files\FastestIE\FastestIE.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}]
    2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
    2011-01-17 20:54 175912 ----a-w- c:\program files\IMVU_Inc\prxtbIMVU.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
    2011-10-05 02:30 832680 ----a-w- c:\progra~1\REBATE~1\RebateI.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-11-18 00:29 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2011-08-24 23:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2011-07-22 23:53 787744 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{90b49673-5506-483e-b92b-ca0265bd9ca8} "= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
    "{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} "= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{90B49673-5506-483E-B92B-CA0265BD9CA8} "= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
    "{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
    "{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} "= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @= "{472083B0-C522-11CF-8763-00608CC02F24} "
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "BitTorrent "= "c:\program files\BitTorrent\BitTorrent.exe" [2011-11-27 5960560]
    "DriverScanner "= "c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-10-20 338296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "TaskTray "= "c:\program files\DriverDoc\DriverDoc\TaskTray.exe" [2010-08-08 284016]
    "PCPowerSpeed "= "c:\program files\PCPowerSpeed\PCPowerTray.exe" [2011-09-27 385664]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Bing Bar "= "c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
    "Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "SweetIM "= "c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
    "CommonToolkitTray "= "c:\program files\Fighters\Tray\FightersTray.exe" [2011-10-05 1429128]
    "ApnUpdater "= "c:\program files\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
    "TkBellExe "= "c:\program files\real\realplayer\Update\realsched.exe" [2011-11-29 296056]
    "iBryte playbryte Desktop "= "c:\program files\iBryte\playbryte\ibrytedesktop.exe" [2011-12-02 163840]
    "AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "SwitchBoard "= "c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager "= "c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Kaspersky Security Scan.lnk - c:\program files\Kaspersky Security Scan\KSS.exe [2010-11-29 2402696]
    OSD Utility.lnk - c:\program files\DELL\OSD\AIO_OSD.exe [2011-4-27 523352]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2011-11-17 611144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Bandoo\BndHook.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Touch Screen Application.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Touch Screen Application.lnk
    backup=c:\windows\pss\Touch Screen Application.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
    2011-11-18 00:29 901800 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
    2011-06-08 14:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPowerSpeed]
    2011-09-27 04:00 385664 ----a-w- c:\program files\PCPowerSpeed\PCPowerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RebateInformer]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 03:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
    2010-11-15 21:05 112600 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-11-29 21:58 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    2010-10-29 20:12 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
    2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 135664]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-21 4608]
    S0 FXOSDDRV;Foxconn ACPI BIOS Simulator Driver;c:\windows\system32\DRIVERS\FxOSDdrv.sys [2008-11-28 13400]
    S0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2008-07-22 24608]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
    S2 FOXOSDService;Dell OSD Service;c:\program files\DELL\OSD\OSDSvr.exe [2010-07-10 55856]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
    S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-23 1068216]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
    S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2011-11-25 4096]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-19 c:\windows\Tasks\DriverScanner.job
    - c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-12-02 19:43]
    .
    2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 05:59]
    .
    2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 05:59]
    .
    2011-12-15 c:\windows\Tasks\Norton Security Scan for Owner.job
    - c:\progra~1\NORTON~2\Engine\311~1.6\Nss.exe [2011-06-28 08:19]
    .
    2011-12-19 c:\windows\Tasks\RMSchedule.job
    - c:\program files\Registry Mechanic\RegMech.exe [2011-06-28 21:05]
    .
    2011-12-19 c:\windows\Tasks\SLOW-PCfighter-PC Owner-Notification.job
    - c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2011-10-05 18:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    mStart Page = hxxp://home.sweetim.com/?st=1&barid={0874288A-176A-11E1-9D5D-0024E80B28B9}
    IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: Upload to Facebook - c:\program files\WebcamMax\share\iecontext.htm
    IE: {{44D32BD3-31DA-4FD4-A0F4-B4782652B97B} - {C0CDA7E4-1369-4FA6-A679-546B34783099} - c:\program files\FastestIE\FastestIE.dll
    LSP: c:\windows\system32\wpclsp.dll
    TCP: DhcpNameServer = 192.168.1.254
    Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\REBATE~1\RebateI.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Toolbar-{b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
    HKLM-Run-MFARestart - c:\programdata\MFAData\pack\avgrunasx.exe
    HKLM-Run-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
    MSConfigStartUp-DATAMNGR - c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
    MSConfigStartUp-FilmFanatic Browser Plugin Loader - c:\progra~1\FILMFA~2\bar\1.bin\pabrmon.exe
    MSConfigStartUp-FREEzeFrogSA - c:\program files\FREEzeFrog\bin\1.0.670.0\FREEzeFrogSA.exe
    MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    MSConfigStartUp-Play Pickle - c:\program files\Play Pickle\playpickle32.exe
    AddRemove-EpicPlay - c:\program files\EpicPlay\epicRemoval.exe
    AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~3\TARMAI~1\{889DF~1\Setup.exe
    AddRemove-{FE112330-9654-453C-A060-883C854F9613}_is1 - c:\program files\Shop To Win\unins000.exe
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\program files\Common Files\microsoft shared\ink\TabTip.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\program files\Common Files\microsoft shared\ink\TabTip.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\progra~1\Bandoo\Bandoo.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Common Files\microsoft shared\ink\TabTip.exe
    c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-18 20:12:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-19 01:12
    .
    Pre-Run: 167,031,955,456 bytes free
    Post-Run: 171,132,264,448 bytes free
    .
    - - End Of File - - 97976DE7DF83A8EDC20A12BC08BF2D68
     
    rthompson,
    #10
  12. 2011/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You forgot to uninstall Ask Toolbar.

    ============================================

    Uninstall Registry Mechanic 10.0.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==========================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #11
  13. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    otl

    http://www.filedropper.com/otl_1

    extras


    OTL Extras logfile created on: 12/18/2011 9:08:10 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\PC Owner\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 58.42% Memory free
    6.72 Gb Paging File | 5.32 Gb Available in Paging File | 79.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 158.73 Gb Free Space | 56.01% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 13.57 Gb Free Space | 92.65% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: PC Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\iBryte\playbryte\ibrytedesktop.exe" = C:\Program Files\iBryte\playbryte\ibrytedesktop.exe:*:Enabled:iBryteDesktop -- (iBryte)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{086B5CE3-25CD-4249-94C6-0620E8C0D69A}" = lport=139 | protocol=6 | dir=in | app=system |
    "{15974FCD-9A80-43BC-944F-13F7097559F2}" = rport=445 | protocol=6 | dir=out | app=system |
    "{23F9D7C7-4157-43D9-B745-46429AD32A68}" = lport=138 | protocol=17 | dir=in | app=system |
    "{53815BED-0603-4844-A8DE-609623707EFF}" = rport=139 | protocol=6 | dir=out | app=system |
    "{542444CF-949E-4932-8F1F-B8D38FACA54F}" = rport=137 | protocol=17 | dir=out | app=system |
    "{55689525-F21D-4C6E-9447-4553B89C02D8}" = lport=137 | protocol=17 | dir=in | app=system |
    "{80E7E264-E3A5-4EBF-8D45-813BA7564C7C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8361D179-1A70-41D1-962C-996F76E5A9D4}" = rport=138 | protocol=17 | dir=out | app=system |
    "{9E249DAC-D05A-4847-A50C-8764B34AD846}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E9418C78-6A4C-415E-A83C-FDD5C9A2D8FC}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0E452163-4364-4C4D-96A4-93DC9BA09D56}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{116EEA7A-AD00-4D36-8EF8-82EA2B6E1B38}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{1890F7AC-9A4B-4A1B-8184-ED5ED2719B7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{1FB49DCF-CA10-416A-8213-86826DE02F81}" = protocol=6 | dir=in | app=c:\users\pc owner\appdata\local\temp\~os63d2.tmp\rlvknlg.exe |
    "{21519C33-AAF5-4A71-B5D1-09D9CA7836B1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{2632FC25-7D99-4574-B4C2-FD40532F168C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{26A09DF9-75D8-4E6D-B0D0-F52BBBE38B08}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
    "{27948506-97D7-44C6-974A-B45ACA96AF77}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{289F66EE-2AB9-4CF4-A978-F65213EFD1C0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{32D5C463-CAAE-42BD-8FEE-9E272D812A9D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{34611C37-272F-4994-BDA2-1139CEC79DFE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{3C808D56-7A4C-437B-ADFD-1972DF3CB631}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    "{3D144525-7E48-4295-938B-86C2952040F7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{486170EE-A5D2-49D1-9CF4-1CF24ACD6E26}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{4AE8E724-1570-4E26-A90C-08633EB7E2D2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{4C31CDD9-DBEA-4B57-A559-E4E256739D62}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{4E641ADF-724E-4F99-A9B0-DC76BFCD2A74}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{5191046C-FC35-4AFF-AF1D-5C7901454DEB}" = protocol=6 | dir=in | app=c:\users\pc owner\appdata\local\temp\~os4b81.tmp\rlvknlg.exe |
    "{69E9B01F-F01A-4489-8779-622F582D2887}" = protocol=6 | dir=in | app=c:\users\pc owner\appdata\local\temp\~osdbaf.tmp\rlvknlg.exe |
    "{6BDAEF94-494A-42C5-A5BC-F968F836C1DC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{712DD533-7CC2-42B0-B54D-087931C9CDE2}" = protocol=17 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |
    "{829E225F-B47C-4096-A9AB-2731ED003DA2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{84F18B57-CD08-48DE-8B0F-CE16570523EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{8640C8AD-F877-4D3C-A52F-06EFA2920C1C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{903A4C49-F46F-43D4-BFFD-0B9016EC06E5}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    "{9524E999-32FB-4641-B234-0F4C146AAA80}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{9AA3308A-57B5-4C37-A0CB-8BBD35ED018C}" = protocol=6 | dir=in | app=c:\users\pc owner\appdata\local\temp\~os7f8e.tmp\rlvknlg.exe |
    "{A5D89716-DEDF-4305-BC7A-AE6113A50B50}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{BABE1531-CD5B-4126-B0C9-D390DF3B304E}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{BD6744BC-F27D-49DB-90CA-65D5F33EB62D}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{BF2A8DE6-CE22-4A5D-9AD4-E996C7F3D33B}" = protocol=6 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |
    "{C18D1CF5-8C15-45EA-907B-DA86CD787B9A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{C6B781BB-C0AA-4B8D-B3F7-114A1CCE4222}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D3A07DFB-C051-4179-9A5F-394E973AD0AE}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{D91CFBC4-55E4-4085-BA1D-5149D6A31EB0}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{E84B9A47-6C19-486C-A1A5-BC6BB6E59309}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{F148C229-1FD7-471A-AFBC-5FDCBF508545}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{FB3B5567-55B0-42D3-987A-1F8F17AE1873}" = protocol=58 | dir=in | app=system |
    "TCP Query User{119B8678-EF24-4478-B426-104C34099AA2}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
    "TCP Query User{262650A9-77CC-4451-AC77-2BEF6F916E39}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{3EEDFBCE-6C99-48D6-9FD8-725DAE19B34A}C:\program files\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
    "TCP Query User{3F6E8803-2E51-42F3-A31C-153C2D7B2497}C:\program files\itibiti soft phone\itibiti.exe" = protocol=6 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |
    "TCP Query User{6FC282ED-D5B0-40BE-9EAF-F09E5D19C6FE}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
    "TCP Query User{E88F7E16-AEEE-4E83-BDBF-B13AB987296F}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "UDP Query User{27BC6F7A-52D4-4436-9AD5-3A34CF6AFFEC}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
    "UDP Query User{3EE7016E-78FC-4AD3-A6F0-2DED7EF24A3C}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
    "UDP Query User{B20C281B-5F23-43CE-8148-05AD9E1AF6E5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{BF8402CE-3AE9-45DA-991E-FF8DDF576538}C:\program files\itibiti soft phone\itibiti.exe" = protocol=17 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |
    "UDP Query User{D1232DE2-585A-4417-BE97-CC66BF309898}C:\program files\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
    "UDP Query User{ED3BCC26-47BE-44C8-947F-9122B21C829D}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{05813AC2-611B-4ABD-A81D-4420120ABEDD}" = HP Officejet 6500 E710n-z Product Improvement Study
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23199BD2-AFD7-450E-ADC8-3E16132F17A2}" = HP Officejet 6500 E710n-z Basic Device Software
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
    "{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5D4875F6-89D1-4E9C-B7B9-9164C9D20C9C}" = Kaspersky Security Scan
    "{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
    "{76CB3301-6463-4D01-8BE2-A3C99692EB31}" = OSD
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7E482AF6-AA1F-4CC5-BA13-0536675F5744}" = ASPCA TriMini Reminder by We-Care.com v5.0.2.1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
    "{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
    "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{BE86E366-BD75-4405-BF7C-A185CDB85B6E}" = NextWindow TSA
    "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
    "{C5EB90E1-8A46-4ED5-009D-C793E646C04F}" = Need for Speed Underground 2 Demo
    "{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C8}" = WinZip 16.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
    "{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Help
    "{F6FCC591-A21B-47C7-BCB3-F535FBA210E2}" = SLOW-PCfighter
    "{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "alotToolbar" = ALOT Toolbar
    "avast" = avast! Free Antivirus
    "Bandoo" = Bandoo
    "BB FlashBack Express" = BB FlashBack Express
    "Beneton Movie GIF_is1" = Beneton Movie GIF 1.1.2
    "BitTorrent" = BitTorrent
    "Cakewalk Music Creator LE 3" = Cakewalk Music Creator LE 3
    "Camfrog 6.1" = Camfrog Video Chat 6.1
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "DivX Setup.divx.com" = DivX Setup
    "DreamLight Photo Editor_is1" = DreamLight Photo Editor 4.2
    "DreamStation DXi2" = DreamStation DXi2
    "DriverDoc_is1" = DriverDoc
    "Fast Break Basketball_is1" = Fast Break Basketball
    "FastestIE" = FastestIE
    "FLV Blaster_is1" = FLV Blaster v5.9.0
    "GameSpy Arcade" = GameSpy Arcade
    "GIF Animator" = Microsoft GIF Animator
    "Google Chrome" = Google Chrome
    "Halo Trial" = Microsoft Halo Trial
    "iBryte_playbryte" = PlayBryte
    "iLivid" = iLivid
    "IMVU_Inc Toolbar" = IMVU Inc Toolbar
    "Itibiti_is1" = Knctr
    "Magic Photo Editor_is1" = Magic Photo Editor 6.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "ManyCam" = ManyCam 2.6.55 (remove only)
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NSS" = Norton Security Scan
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Patch Maker" = Patch Maker
    "PhotoScape" = PhotoScape
    "PokerStars.net" = PokerStars.net
    "PriceGong" = PriceGong 2.5.4
    "RealPlayer 15.0" = RealPlayer
    "rooftopconfessions" = rooftopconfessions 1.0
    "SLOW-PCfighter" = SLOW-PCfighter
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "WebcamMax" = WebcamMax
    "WinGimp-2.0_is1" = GIMP 2.6.10
    "WinRAR archiver" = WinRAR 4.10 beta 4 (32-bit)
    "WinZipBar Toolbar" = WinZipBar Toolbar
    "Xvid Video Codec 1.3.1" = Xvid Video Codec
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "FoxTab Media Player" = FoxTab Media Player
    "FoxTab PDF Creator" = FoxTab PDF Creator
    "NetAssistant 3.8.3" = Freeze.com NetAssistant
    "PDF Reader" = PDF Reader
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/18/2011 8:45:54 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/18/2011 8:47:59 PM | Computer Name = Owner-PC | Source = ESENT | ID = 494
    Description = InputPersonalization (5800) InkStore: Database recovery failed with
    error -1216 because it encountered references to a database, 'C:\Users\PC Owner\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb',
    which is no longer present. The database was not brought to a Clean Shutdown state
    before it was removed (or possibly moved or renamed). The database engine will
    not permit recovery to complete for this instance until the missing database is
    re-instated. If the database is truly no longer available and no longer required,
    procedures for recovering from this error are available in the Microsoft Knowledge
    Base or by following the "more information" link at the bottom of this message.

    Error - 12/18/2011 8:47:59 PM | Computer Name = Owner-PC | Source = ESENT | ID = 454
    Description = InputPersonalization (5800) InkStore: Database recovery/restore failed
    with unexpected error -1216.

    Error - 12/18/2011 9:06:32 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/18/2011 9:11:00 PM | Computer Name = Owner-PC | Source = ESENT | ID = 494
    Description = InputPersonalization (5060) InkStore: Database recovery failed with
    error -1216 because it encountered references to a database, 'C:\Users\PC Owner\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb',
    which is no longer present. The database was not brought to a Clean Shutdown state
    before it was removed (or possibly moved or renamed). The database engine will
    not permit recovery to complete for this instance until the missing database is
    re-instated. If the database is truly no longer available and no longer required,
    procedures for recovering from this error are available in the Microsoft Knowledge
    Base or by following the "more information" link at the bottom of this message.

    Error - 12/18/2011 9:11:00 PM | Computer Name = Owner-PC | Source = ESENT | ID = 454
    Description = InputPersonalization (5060) InkStore: Database recovery/restore failed
    with unexpected error -1216.

    Error - 12/18/2011 9:25:27 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/18/2011 9:27:23 PM | Computer Name = Owner-PC | Source = ESENT | ID = 494
    Description = InputPersonalization (4528) InkStore: Database recovery failed with
    error -1216 because it encountered references to a database, 'C:\Users\PC Owner\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb',
    which is no longer present. The database was not brought to a Clean Shutdown state
    before it was removed (or possibly moved or renamed). The database engine will
    not permit recovery to complete for this instance until the missing database is
    re-instated. If the database is truly no longer available and no longer required,
    procedures for recovering from this error are available in the Microsoft Knowledge
    Base or by following the "more information" link at the bottom of this message.

    Error - 12/18/2011 9:27:23 PM | Computer Name = Owner-PC | Source = ESENT | ID = 454
    Description = InputPersonalization (4528) InkStore: Database recovery/restore failed
    with unexpected error -1216.

    Error - 12/18/2011 10:03:25 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11730
    Description =

    [ System Events ]
    Error - 8/4/2011 1:55:55 PM | Computer Name = OWNER-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.5 for the Network Card with network
    address 0024E80B28B9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/4/2011 1:56:00 PM | Computer Name = Owner-PC | Source = Print | ID = 64
    Description = The attempt to install printer Microsoft XPS Document Writer 6.0.6002.18005
    into an offline operating system image failed with Win32 error code 3016 (0xbc8).
    This can occur if the printer driver requires user input or displays a user interface
    (UI) during installation.

    Error - 8/4/2011 1:56:01 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.9 for the Network Card with network
    address 00242C31F173 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/4/2011 1:56:22 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 8/5/2011 9:49:28 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.5 for the Network Card with network
    address 0024E80B28B9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/5/2011 9:49:42 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.6 for the Network Card with network
    address 00242C31F173 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/7/2011 5:27:34 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.2 for the Network Card with network
    address 0024E80B28B9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/7/2011 5:27:53 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.6 for the Network Card with network
    address 00242C31F173 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/7/2011 9:10:00 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.2 for the Network Card with network
    address 0024E80B28B9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/7/2011 9:10:44 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.3 for the Network Card with network
    address 00242C31F173 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >
     
    rthompson,
    #12
  14. 2011/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #13
  15. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    the otl log was too big, therefore i used filedropper to post the file.
     
    rthompson,
    #14
  16. 2011/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    .....
     
    broni,
    #15
  17. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    OTL logfile created on: 12/18/2011 9:08:10 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\PC Owner\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 58.42% Memory free
    6.72 Gb Paging File | 5.32 Gb Available in Paging File | 79.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 158.73 Gb Free Space | 56.01% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 13.57 Gb Free Space | 92.65% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: PC Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/18 21:05:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\PC Owner\Downloads\OTL.exe
    PRC - [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2011/11/29 16:58:57 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/10/20 14:43:56 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
    PRC - [2011/10/05 12:34:50 | 001,429,128 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\Tray\FightersTray.exe
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
    PRC - [2011/05/25 09:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
    PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/05/21 05:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2011/05/21 05:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2010/07/10 15:45:00 | 000,055,856 | ---- | M] () -- C:\Program Files\DELL\OSD\OSDSvr.exe
    PRC - [2009/07/14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/06/01 09:02:32 | 000,523,352 | ---- | M] (Dell Corporation) -- C:\Program Files\DELL\OSD\AIO_OSD.exe
    PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/07 06:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
    MOD - [2011/12/07 06:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
    MOD - [2011/12/07 06:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll
    MOD - [2011/12/07 06:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll
    MOD - [2011/12/07 06:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
    MOD - [2011/12/07 02:22:33 | 008,593,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/05/25 09:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
    SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/07/10 15:45:00 | 000,055,856 | ---- | M] () [Auto | Running] -- C:\Program Files\DELL\OSD\OSDSvr.exe -- (FOXOSDService)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/11/25 07:13:47 | 000,004,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bbcap.sys -- (bbcap)
    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/06/23 01:43:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
    DRV - [2011/05/21 05:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/06/15 23:58:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/08/04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2008/11/28 08:32:14 | 000,013,400 | ---- | M] (Foxconn Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\FxOSDdrv.sys -- (FXOSDDRV)
    DRV - [2008/08/25 01:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/07/22 09:11:16 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NVAMACPI.sys -- (nvamacpi)
    DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2007/10/09 12:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL5.SYS -- (BCM43XX)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={0874288A-176A-11E1-9D5D-0024E80B28B9}
    IE - HKLM\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




    IE - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3106777
    IE - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 9E 6B 3E 6C 96 CC 01 [binary data]
    IE - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
    IE - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PC Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/28 11:15:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/29 16:59:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/11/08 18:10:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/11/08 18:10:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\PC Owner\AppData\Local\RewardsArcade\498\Firefox
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.5.4\FF [2011/12/02 07:03:18 | 000,000,000 | ---D | M]

    [2011/11/24 10:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Owner\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: SweetIM Search (Enabled)
    CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0874288A-176A-11E1-9D5D-0024E80B28B9}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\FilmFanatic\bar\1.bin\NPpaStub.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: PriceGong = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.4_0\
    CHR - Extension: YouTube = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: Google Search = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Basketfox by BSGoodies = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmjkgdhcdknomegkngeilboppeligdjf\1.11.2_0\
    CHR - Extension: avast! WebRep = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: We-Care Reminder Lite = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\
    CHR - Extension: We-Care Reminder Lite = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\.bak
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
    CHR - Extension: Gmail = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
    CHR - Extension: EpicPlay = C:\Users\PC Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik\

    O1 HOSTS File: ([2011/12/18 20:06:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    O2 - BHO: (FastestIE) - {54404F81-99CC-4FD3-9D29-92689B86C2CC} - C:\Program Files\FastestIE\FastestIE.dll (fastestie.com)
    O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
    O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
    O4 - HKLM..\Run: [iBryte playbryte Desktop] C:\Program Files\iBryte\playbryte\iBryteDesktop.exe (iBryte)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
    O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TaskTray] C:\Program Files\DriverDoc\DriverDoc\TaskTray.exe (Driver-Soft Inc.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
    O4 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2004063284-151891861-2942422004-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2004063284-151891861-2942422004-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2004063284-151891861-2942422004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
    O8 - Extra context menu item: Upload to Facebook - C:\Program Files\WebcamMax\share\iecontext.htm File not found
    O9 - Extra 'Tools' menuitem : FastestIE Options - {44D32BD3-31DA-4FD4-A0F4-B4782652B97B} - C:\Program Files\FastestIE\FastestIE.dll (fastestie.com)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D27EB08-6815-46DE-8B08-5DCF2FEAA991}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
    O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) -c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
     
    rthompson,
    #16
  18. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/18 20:12:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/12/18 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Local\temp
    [2011/12/18 19:54:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/12/18 19:54:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/12/18 19:54:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/12/18 19:54:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/12/18 19:54:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/18 19:49:17 | 004,343,835 | R--- | C] (Swearware) -- C:\Users\PC Owner\Desktop\ComboFix.exe
    [2011/12/17 18:29:30 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Malwarebytes
    [2011/12/17 18:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/17 18:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/12/17 18:29:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/12/17 18:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/17 17:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/12/17 17:01:01 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2011/12/17 17:01:01 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/12/17 17:01:01 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/12/17 17:01:01 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/12/17 14:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/12/17 14:17:38 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/12/17 14:17:36 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/12/17 14:17:28 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/12/17 14:17:22 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/12/17 14:17:21 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/12/17 14:17:19 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/12/17 14:16:32 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/12/17 14:16:07 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/12/17 14:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/12/17 14:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/12/13 17:39:20 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Local\Unity
    [2011/12/13 16:57:47 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/12/13 16:57:46 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/12/13 16:57:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011/12/13 16:57:44 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/12/13 16:57:43 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2011/12/13 16:57:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/12/13 16:57:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/12/13 16:57:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/12/13 16:57:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/12/13 16:57:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2011/12/13 16:57:36 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2011/12/13 16:57:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2011/12/13 16:57:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2011/12/13 16:57:36 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2011/12/13 16:57:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/12/13 16:57:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2011/12/13 16:57:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2011/12/13 16:57:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/12/13 16:57:35 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2011/12/13 16:57:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2011/12/13 16:57:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2011/12/13 16:57:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2011/12/13 16:57:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2011/12/13 16:57:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2011/12/05 23:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
    [2011/12/04 09:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Photo Editor
    [2011/12/04 09:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Photo Editor
    [2011/12/04 09:31:23 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\PhotoScape
    [2011/12/04 09:27:01 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\Zero G Registry
    [2011/12/02 09:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
    [2011/12/02 08:13:28 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Uniblue
    [2011/12/02 08:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
    [2011/12/02 08:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2011/12/02 08:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2011/12/02 07:46:17 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\PDAppFlex
    [2011/12/02 07:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2011/12/02 07:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2011/12/02 07:11:47 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\Desktop\Ps
    [2011/12/02 07:10:40 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/12/02 07:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2011/12/02 07:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
    [2011/12/02 07:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2011/12/02 07:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2011/12/02 07:09:57 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Local\Adobe
    [2011/12/02 07:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/12/02 07:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/12/02 07:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
    [2011/12/02 07:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
    [2011/12/02 07:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\iBryte
    [2011/12/02 06:59:50 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\WinRAR
    [2011/12/02 06:59:50 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/12/02 06:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/12/02 06:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2011/12/01 06:49:38 | 001,107,264 | ---- | C] (Alactro LLC) -- C:\Users\PC Owner\Desktop\BestVideoDownloaderSetup-Silent[1].exe
    [2011/12/01 06:34:14 | 001,107,264 | ---- | C] (Alactro LLC) -- C:\Users\PC Owner\Desktop\BestVideoDownloaderSetup-Silent.exe
    [2011/11/29 17:41:14 | 000,000,000 | ---D | C] -- C:\$AVG
    [2011/11/29 16:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2011/11/29 16:59:08 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
    [2011/11/29 16:59:00 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
    [2011/11/29 16:59:00 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
    [2011/11/29 16:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
    [2011/11/27 10:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
    [2011/11/27 10:57:27 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\BitTorrent
    [2011/11/27 10:57:27 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Local\BitTorrent
    [2011/11/27 10:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
    [2011/11/27 10:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Security Scan
    [2011/11/27 10:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipBar
    [2011/11/27 10:54:56 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Local\Conduit
    [2011/11/27 10:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    [2011/11/27 10:54:24 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Local\WinZip
    [2011/11/27 10:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
    [2011/11/27 10:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2011/11/26 10:07:47 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Google
    [2011/11/26 10:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2011/11/26 10:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
    [2011/11/26 09:31:22 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Media Player
    [2011/11/26 09:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabFLVPlayer
    [2011/11/26 08:26:14 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\Documents\BB FlashBack Movies
    [2011/11/26 06:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ Fonts
    [2011/11/26 06:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\EZ Fonts
    [2011/11/26 06:55:47 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Itibiti
    [2011/11/26 06:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Itibiti VoIP Phone
    [2011/11/26 06:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Itibiti Soft Phone
    [2011/11/26 06:55:26 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Fighters
    [2011/11/26 06:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
    [2011/11/26 06:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
    [2011/11/26 06:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\FastestIE
    [2011/11/26 06:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
    [2011/11/26 06:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
    [2011/11/26 06:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
    [2011/11/26 06:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2011/11/26 06:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2011/11/26 06:54:39 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Yahoo!
    [2011/11/26 06:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2011/11/25 19:11:03 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\Documents\seeing kalee violent
    [2011/11/25 08:34:51 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft GIF Animator
    [2011/11/25 08:34:47 | 000,000,000 | ---D | C] -- C:\Multimedia Files
    [2011/11/25 08:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft GIF Animator
    [2011/11/25 08:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
    [2011/11/25 08:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
    [2011/11/25 08:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beneton Movie GIF
    [2011/11/25 08:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Beneton Movie GIF
    [2011/11/25 07:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Blueberry
    [2011/11/25 07:15:05 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Blueberry
    [2011/11/25 07:13:47 | 000,030,720 | ---- | C] (Blueberry Consultants Ltd.) -- C:\Windows\System32\bbcap.dll
    [2011/11/25 07:13:47 | 000,004,608 | ---- | C] (Blueberry Consultants Ltd.) -- C:\Windows\System32\bbchlp.dll
    [2011/11/25 07:13:47 | 000,004,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\bbcap.sys
    [2011/11/25 07:13:39 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\LogSys
    [2011/11/25 07:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\LogSys
    [2011/11/25 07:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blueberry Software
    [2011/11/25 07:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blueberry Software
    [2011/11/25 07:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Blueberry Software
    [2011/11/24 11:22:59 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\gtk-2.0
    [2011/11/24 11:22:58 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\.thumbnails
    [2011/11/24 10:42:11 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\.gimp-2.6
    [2011/11/24 10:42:10 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\Documents\gegl-0.0
    [2011/11/24 10:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
    [2011/11/24 10:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
    [2011/11/24 10:40:55 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
    [2011/11/24 10:40:05 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Mozilla
    [2011/11/24 10:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\EpicPlay
    [2011/11/24 10:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\alot
    [2011/11/24 08:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
    [2011/11/24 08:29:20 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Creator
    [2011/11/24 08:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabPDFConverter
    [2011/11/24 07:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
    [2011/11/24 07:00:26 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\SumatraPDF
    [2011/11/24 07:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
    [2011/11/24 07:00:17 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
    [2011/11/20 17:28:54 | 000,000,000 | ---D | C] -- C:\GIMP 2
    [2011/11/20 17:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
    [2011/11/19 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\Documents\Paint.NET User Files
    [2011/11/19 16:58:56 | 000,000,000 | ---D | C] -- C:\Users\PC Owner\AppData\Local\PokerStars.NET
    [1 C:\Users\PC Owner\AppData\Local\*.tmp files -> C:\Users\PC Owner\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/18 20:27:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/18 20:25:12 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-PC Owner-Notification.job
    [2011/12/18 20:24:41 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/18 20:24:41 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
    [2011/12/18 20:24:34 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/18 20:24:34 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/18 20:24:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/18 20:24:29 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
    [2011/12/18 20:24:27 | 3488,813,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/18 20:06:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/12/18 19:49:41 | 004,343,835 | R--- | M] (Swearware) -- C:\Users\PC Owner\Desktop\ComboFix.exe
    [2011/12/18 16:06:34 | 770,579,064 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/12/17 20:07:18 | 000,000,680 | ---- | M] () -- C:\Users\PC Owner\AppData\Local\d3d9caps.dat
    [2011/12/17 19:08:37 | 000,000,512 | ---- | M] () -- C:\Users\PC Owner\Documents\MBR.dat
    [2011/12/17 18:29:25 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/17 17:00:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/12/17 17:00:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/12/17 17:00:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/12/17 17:00:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2011/12/17 16:53:52 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011/12/17 14:17:40 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/12/17 14:17:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/12/15 09:27:38 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/12/15 01:03:10 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Owner.job
    [2011/12/14 03:22:15 | 003,585,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/13 20:18:53 | 000,018,320 | ---- | M] () -- C:\Users\PC Owner\.recently-used.xbel
    [2011/12/12 21:44:12 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/12/12 21:44:12 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/11 16:50:33 | 000,001,637 | ---- | M] () -- C:\Users\PC Owner\Desktop\Paint.lnk
    [2011/12/04 09:34:57 | 000,000,838 | ---- | M] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Magic Photo Editor.lnk
    [2011/12/04 09:29:40 | 000,000,016 | ---- | M] () -- C:\Users\PC Owner\persistent_state
    [2011/12/02 09:23:35 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
    [2011/12/02 09:23:35 | 000,000,983 | ---- | M] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
    [2011/12/01 06:49:39 | 001,107,264 | ---- | M] (Alactro LLC) -- C:\Users\PC Owner\Desktop\BestVideoDownloaderSetup-Silent[1].exe
    [2011/12/01 06:47:54 | 1794,850,844 | ---- | M] () -- C:\Users\PC Owner\Desktop\InstallerR12.043DEMO[1].zip
    [2011/12/01 06:34:20 | 001,107,264 | ---- | M] (Alactro LLC) -- C:\Users\PC Owner\Desktop\BestVideoDownloaderSetup-Silent.exe
    [2011/12/01 06:30:35 | 1794,850,844 | ---- | M] () -- C:\Users\PC Owner\Desktop\InstallerR12.043DEMO.zip
    [2011/11/29 16:59:24 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2011/11/29 16:59:08 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
    [2011/11/29 16:59:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
    [2011/11/29 16:59:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
    [2011/11/29 16:58:59 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
    [2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/11/27 10:58:03 | 000,000,798 | ---- | M] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2011/11/27 10:58:03 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
    [2011/11/27 10:55:03 | 000,001,681 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
    [2011/11/27 10:55:03 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
    [2011/11/27 10:54:31 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
    [2011/11/27 10:54:31 | 000,001,800 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2011/11/27 03:58:23 | 000,233,382 | ---- | M] () -- C:\Users\PC Owner\CordellNeon.xcf
    [2011/11/26 11:44:22 | 000,066,701 | ---- | M] () -- C:\Users\PC Owner\Desktop\555555555555555555555555.xcf
    [2011/11/26 10:06:11 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
    [2011/11/26 09:31:22 | 000,000,862 | ---- | M] () -- C:\Users\PC Owner\Desktop\FoxTab Media Player.lnk
    [2011/11/26 06:56:00 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\EZ Fonts.lnk
    [2011/11/26 06:55:35 | 000,000,893 | ---- | M] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
    [2011/11/26 06:55:35 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Knctr.lnk
    [2011/11/26 06:55:20 | 000,001,737 | ---- | M] () -- C:\Users\PC Owner\Desktop\Free Music Downloads.lnk
    [2011/11/26 06:55:19 | 000,001,736 | ---- | M] () -- C:\Users\PC Owner\Desktop\7 GB FREE - Online Backup from MiMedia!.lnk
    [2011/11/25 19:18:30 | 000,000,778 | ---- | M] () -- C:\Users\PC Owner\Desktop\messy# 2 - Shortcut.lnk
    [2011/11/25 19:16:43 | 000,000,560 | ---- | M] () -- C:\Users\PC Owner\Desktop\Messy2! - Shortcut.lnk
    [2011/11/25 11:06:46 | 000,002,219 | ---- | M] () -- C:\ProgramData\repository.xml
    [2011/11/25 08:34:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/11/25 08:34:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/11/25 07:13:47 | 000,030,720 | ---- | M] (Blueberry Consultants Ltd.) -- C:\Windows\System32\bbcap.dll
    [2011/11/25 07:13:47 | 000,004,608 | ---- | M] (Blueberry Consultants Ltd.) -- C:\Windows\System32\bbchlp.dll
    [2011/11/25 07:13:47 | 000,004,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\bbcap.sys
    [2011/11/25 07:13:38 | 000,001,233 | ---- | M] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BB FlashBack Express Recorder.lnk
    [2011/11/25 07:13:38 | 000,001,223 | ---- | M] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BB FlashBack Express Player.lnk
    [2011/11/25 07:13:38 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\BB FlashBack Express Recorder.lnk
    [2011/11/25 07:13:38 | 000,001,199 | ---- | M] () -- C:\Users\Public\Desktop\BB FlashBack Express Player.lnk
    [2011/11/24 16:51:38 | 000,000,000 | ---- | M] () -- C:\Users\PC Owner\AppData\Local\{271F2B64-9ADB-477E-9A2C-60BFA02272EF}
    [2011/11/24 10:41:39 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
    [2011/11/24 10:40:55 | 000,001,845 | ---- | M] () -- C:\Users\PC Owner\Desktop\WeatherBug.lnk
    [2011/11/24 07:00:17 | 000,000,825 | ---- | M] () -- C:\Users\PC Owner\Desktop\PDF Reader.lnk
    [2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/11/19 18:52:43 | 000,005,110 | ---- | M] () -- C:\Users\PC Owner\Desktop\Colorzz.jpg
    [1 C:\Users\PC Owner\AppData\Local\*.tmp files -> C:\Users\PC Owner\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/18 19:54:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/12/18 19:54:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/12/18 19:54:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/12/18 19:54:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/12/18 19:54:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/12/17 19:08:37 | 000,000,512 | ---- | C] () -- C:\Users\PC Owner\Documents\MBR.dat
    [2011/12/17 18:29:25 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/17 14:17:40 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/12/13 20:18:53 | 000,018,320 | ---- | C] () -- C:\Users\PC Owner\.recently-used.xbel
    [2011/12/11 16:50:33 | 000,001,637 | ---- | C] () -- C:\Users\PC Owner\Desktop\Paint.lnk
    [2011/12/04 09:34:57 | 000,000,838 | ---- | C] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Magic Photo Editor.lnk
    [2011/12/04 09:27:01 | 000,000,016 | ---- | C] () -- C:\Users\PC Owner\persistent_state
    [2011/12/02 08:13:30 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
    [2011/12/02 08:13:28 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
    [2011/12/02 08:13:28 | 000,000,983 | ---- | C] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
    [2011/12/02 07:39:17 | 000,001,018 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
    [2011/12/02 07:37:44 | 000,000,980 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
    [2011/12/02 07:37:21 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
    [2011/12/02 07:36:17 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
    [2011/12/02 07:36:10 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
    [2011/12/02 07:35:28 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    [2011/12/02 07:10:34 | 000,000,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    [2011/12/01 06:15:19 | 1794,850,844 | ---- | C] () -- C:\Users\PC Owner\Desktop\InstallerR12.043DEMO[1].zip
    [2011/12/01 05:58:13 | 1794,850,844 | ---- | C] () -- C:\Users\PC Owner\Desktop\InstallerR12.043DEMO.zip
    [2011/11/29 16:59:24 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2011/11/29 16:56:34 | 000,000,680 | ---- | C] () -- C:\Users\PC Owner\AppData\Local\d3d9caps.dat
    [2011/11/27 10:58:03 | 000,000,798 | ---- | C] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2011/11/27 10:58:03 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
    [2011/11/27 10:55:03 | 000,001,681 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
    [2011/11/27 10:55:03 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
    [2011/11/27 10:54:31 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
    [2011/11/27 10:54:29 | 000,001,800 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2011/11/27 03:55:25 | 000,233,382 | ---- | C] () -- C:\Users\PC Owner\CordellNeon.xcf
    [2011/11/26 11:44:22 | 000,066,701 | ---- | C] () -- C:\Users\PC Owner\Desktop\555555555555555555555555.xcf
    [2011/11/26 10:06:11 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
    [2011/11/26 09:31:22 | 000,000,862 | ---- | C] () -- C:\Users\PC Owner\Desktop\FoxTab Media Player.lnk
    [2011/11/26 06:56:00 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\EZ Fonts.lnk
    [2011/11/26 06:55:35 | 000,000,893 | ---- | C] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
    [2011/11/26 06:55:35 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Knctr.lnk
    [2011/11/26 06:55:28 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-PC Owner-Notification.job
    [2011/11/26 06:55:20 | 000,001,737 | ---- | C] () -- C:\Users\PC Owner\Desktop\Free Music Downloads.lnk
    [2011/11/26 06:55:19 | 000,001,736 | ---- | C] () -- C:\Users\PC Owner\Desktop\7 GB FREE - Online Backup from MiMedia!.lnk
    [2011/11/25 19:18:30 | 000,000,778 | ---- | C] () -- C:\Users\PC Owner\Desktop\messy# 2 - Shortcut.lnk
    [2011/11/25 19:16:43 | 000,000,560 | ---- | C] () -- C:\Users\PC Owner\Desktop\Messy2! - Shortcut.lnk
    [2011/11/25 17:52:14 | 000,000,031 | ---- | C] () -- C:\Windows\System32\bbcap.err
    [2011/11/25 11:06:46 | 000,002,219 | ---- | C] () -- C:\ProgramData\repository.xml
    [2011/11/25 08:34:08 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2011/11/25 08:34:08 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2011/11/25 07:13:38 | 000,001,233 | ---- | C] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BB FlashBack Express Recorder.lnk
    [2011/11/25 07:13:38 | 000,001,223 | ---- | C] () -- C:\Users\PC Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BB FlashBack Express Player.lnk
    [2011/11/25 07:13:38 | 000,001,209 | ---- | C] () -- C:\Users\Public\Desktop\BB FlashBack Express Recorder.lnk
    [2011/11/25 07:13:38 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\BB FlashBack Express Player.lnk
    [2011/11/24 16:51:38 | 000,000,000 | ---- | C] () -- C:\Users\PC Owner\AppData\Local\{271F2B64-9ADB-477E-9A2C-60BFA02272EF}
    [2011/11/24 10:41:39 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
    [2011/11/24 10:40:55 | 000,001,845 | ---- | C] () -- C:\Users\PC Owner\Desktop\WeatherBug.lnk
    [2011/11/24 08:29:23 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
    [2011/11/24 07:00:17 | 000,000,825 | ---- | C] () -- C:\Users\PC Owner\Desktop\PDF Reader.lnk
    [2011/11/19 18:54:18 | 000,005,110 | ---- | C] () -- C:\Users\PC Owner\Desktop\Colorzz.jpg
    [2011/09/08 18:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/09/08 18:37:30 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011/08/12 13:53:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/06/20 18:09:39 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
    [2011/06/20 16:55:13 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
    [2011/04/27 15:18:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/04/27 15:17:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/04/27 15:17:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/04/27 10:44:05 | 000,032,879 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2011/04/27 10:44:05 | 000,032,879 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 003,585,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/04/08 16:45:08 | 000,000,293 | ---- | M] () -- C:\0
    [2011/04/21 21:06:50 | 000,000,590 | ---- | M] () -- C:\0.bak
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 22:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/06/24 05:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
    [2011/04/26 19:39:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/12/18 20:12:20 | 000,035,696 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/05/22 16:51:21 | 000,003,532 | RH-- | M] () -- C:\dell.sdr
    [2011/12/18 20:24:27 | 3488,813,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/25 08:34:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/11/25 08:34:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/12/18 20:24:25 | 3802,468,352 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/05 19:15:20 | 000,000,186 | ---- | M] () -- C:\picsetup.log
    [2009/05/22 14:26:57 | 001,360,070 | ---- | M] () -- C:\vcredist_x86.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/04/27 15:24:22 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/11/15 23:30:49 | 000,000,286 | -HS- | M] () -- C:\Users\PC Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/01 06:34:20 | 001,107,264 | ---- | M] (Alactro LLC) -- C:\Users\PC Owner\Desktop\BestVideoDownloaderSetup-Silent.exe
    [2011/12/01 06:49:39 | 001,107,264 | ---- | M] (Alactro LLC) -- C:\Users\PC Owner\Desktop\BestVideoDownloaderSetup-Silent[1].exe
    [2011/12/18 19:49:41 | 004,343,835 | R--- | M] (Swearware) -- C:\Users\PC Owner\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/10/26 14:19:40 | 000,000,402 | -HS- | M] () -- C:\Users\PC Owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/10/26 14:18:22 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/04/27 10:51:12 | 000,032,879 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/11/25 11:06:46 | 000,002,219 | ---- | M] () -- C:\ProgramData\repository.xml

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >
     
    rthompson,
    #17
  19. 2011/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager]  "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O8 - Extra context menu item: Upload to Facebook - C:\Program Files\WebcamMax\share\iecontext.htm File not found
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (Reg Error: Key error.)
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #18
  20. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    otl fix

    All processes killed
    Error: Unable to interpret <Code:> in the current context!
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Upload to Facebook\ deleted successfully.
    Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
    C:\Windows\Downloaded Program Files\setup.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
    ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 76659695 bytes
    ->Google Chrome cache emptied: 392005215 bytes
    ->Flash cache emptied: 52073 bytes

    User: PC Owner
    ->Temp folder emptied: 1846785 bytes
    ->Temporary Internet Files folder emptied: 57927817 bytes
    ->Java cache emptied: 13631506 bytes
    ->Google Chrome cache emptied: 192456318 bytes
    ->Flash cache emptied: 153945 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2030792 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 703.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: PC Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb

    Error: Unable to interpret <Then click the Run Fix button at the top> in the current context!

    OTL by OldTimer - Version 3.2.31.0 log created on 12182011_220008

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
    rthompson,
    #19
  21. 2011/12/18
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    security check

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 30
    Java(TM) 6 Update 3
    Out of date Java installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    Kaspersky Security Scan KSS.exe
    ``````````End of Log````````````
     
    rthompson,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...