1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My comp is all kinds of jacked up! Help!!!

Discussion in 'Virus & Other Malware Removal' started by meand3midgets, Jan 2, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
    I HAVE WINDOWS VISTA HOME PREMIUM SERVICE PACK 1, HP PAVILION SLIMLINE s3707c PC. A TROJAN WAS DETECTED BUT SAYS IT HAS TO BE REMOVED MANUALLY. MOUSE ON SCREEN MOVES BY ITSELF AND JUMPS TO OPPOSITE CORNERS. HP UPDATE DOES NOT WORK. HP SITE DIDNT HELP. I HAVE DONE ALL THE STEPS REQUIRED FOR COPY/PASTE IN THIS MSG. HERE IS EVERYTHING!!!

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by weeze's girl at 15:14:31 on 2013-01-02
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1652 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
    C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    C:\Windows\system32\dmwu.exe
    C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mystart.incredibar.com/mb185?a=6R8Q34rqTp&i=26
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
    uURLSearchHooks: {060a0a36-13dc-407d-b055-5a9accd8e083} - <orphaned>
    uURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
    uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Deal Vault: {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - LocalServer32 - <no file>
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
    BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - LocalServer32 - <no file>
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg"&"inst=NzYtOTEyODE4MDQ1LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1809"&"mid=5feef902cb9547d19f58d16dcaf7759a-6505edfc44cdc8edb9ceb2077911c888d7574ed6
    StartupFolder: C:\Users\WEEZE'~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Search - <no file>
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: netzero.com
    Trusted Zone: netzero.net
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.15.1
    TCP: Interfaces\{ADFD8513-771E-4C05-9844-C5E31D9F8EF0} : DHCPNameServer = 192.168.15.1
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - LocalServer32 - <no file>
    AppInit_DLLs= C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll
    x64-BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - LocalServer32 - <no file>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb185?a=6R8Q34rqTp&i=26
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6R8Q34rqTp&&i=26&search=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - ExtSQL: 2013-01-01 16:43; [email protected]; C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\extensions\[email protected]
    FF - ExtSQL: 2013-01-01 16:44; [email protected]; C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8Q34rqTp&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - e0ad49bb00000000000000248c139c69
    FF - user.js: extensions.incredibar_i.instlDay - 15706
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:44:05
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6R8Q34rqTp
    FF - user.js: extensions.incredibar_i.upn2n - 92825674216722907
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10700
    FF - user.js: extensions.incredibar_i.ppd - 119
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-1 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-1 1129120]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-1 167072]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120229.002\IDSviA64.sys [2012-2-29 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-1 190072]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symtdiv.sys [2012-10-1 445560]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2013-1-1 188760]
    R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2013-1-1 1261936]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-14 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-3 682344]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-3 24176]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Security Activity Dashboard Service;Security Activity Dashboard Service;C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe --> C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [?]
    S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\wkswp.exe=C:\PROGRA~2\MICROS~2\WksWP.exe "%1" [UserChoice]
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-13 09:05:54 67413224 ----a-w- C:\Windows\System32\mrt.exe
    2012-12-12 10:48:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 10:48:30 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
    2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
    2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
    2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
    2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
    2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
    2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
    2012-10-25 09:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 09:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 15:15:43.85 ===============
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/30/2009 9:57:36 PM
    System Uptime: 12/31/2012 11:03:44 AM (52 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | NutMeg
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5400+ | CPU 1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 453 GiB total, 276.504 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.8 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1398: 12/22/2012 12:00:01 AM - Scheduled Checkpoint
    RP1399: 12/23/2012 12:00:01 AM - Scheduled Checkpoint
    RP1400: 12/24/2012 12:06:55 PM - Scheduled Checkpoint
    RP1401: 12/25/2012 1:22:45 AM - Windows Update
    RP1402: 12/26/2012 12:00:01 AM - Scheduled Checkpoint
    RP1403: 12/27/2012 1:09:59 AM - Scheduled Checkpoint
    RP1404: 12/28/2012 1:47:10 AM - Scheduled Checkpoint
    RP1405: 12/29/2012 3:18:22 AM - Scheduled Checkpoint
    RP1406: 12/30/2012 12:00:01 AM - Scheduled Checkpoint
    RP1407: 12/30/2012 12:05:48 PM - Scheduled Checkpoint
    RP1408: 12/31/2012 1:03:06 AM - Scheduled Checkpoint
    RP1409: 1/1/2013 - Scheduled Checkpoint
    RP1410: 1/1/2013 1:40:44 AM - Windows Update
    RP1411: 1/1/2013 1:30:38 PM - Windows Update
    RP1412: 1/1/2013 4:43:23 PM - Uniblue SpeedUpMyPC installation
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    "Nero SoundTrax Help
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2
    Advertising Center
    Agere Systems PCI-SV92EX Soft Modem
    Amazon MP3 Downloader 1.0.17
    Amazon Unbox Video
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    Deal Vault
    DolbyFiles
    DVD Decrypter (Remove Only)
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hardware Diagnostic Tools
    Hewlett-Packard ACLM.NET v1.1.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP Product Detection
    HP Recovery Manager RSS
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    IB Updater 2.0.0.530
    IB Updater Service
    iCloud
    ImagXpress
    Incredibar Toolbar on IE
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 7
    LabelPrint
    LightScribe System Software 1.14.25.1
    LightScribe Template Labeler
    Magic DVD Copier Version 4.9.3
    Magic DVD Ripper V5.5.2
    Malwarebytes Anti-Malware version 1.70.0.1100
    MediaBar
    Menu Templates - Starter Kit
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007 Trial
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Movie Templates - Starter Kit
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    Nero 9
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero Live
    Nero Live Help
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    neroxml
    Norton Bootable Recovery Tool Wizard
    Norton Internet Security
    NVIDIA Drivers
    Pandora
    PictureMover
    Power2Go
    PowerDirector
    Progress Bar
    Python 2.5.2
    QuickTime
    Realtek High Definition Audio Driver
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    SoundTrax
    SpeedUpMyPC
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual Studio 2008 x64 Redistributables
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/31/2012 8:40:07 AM, Error: nvstor64 [5] - A parity error was detected on \Device\RaidPort0.
    12/31/2012 11:02:05 AM, Error: Service Control Manager [7000] - The Security Activity Dashboard Service service failed to start due to the following error: The system cannot find the file specified.
    12/31/2012 11:00:50 AM, Error: EventLog [6008] - The previous system shutdown at 10:53:32 AM on 12/31/2012 was unexpected.
    12/30/2012 7:39:52 PM, Error: EventLog [6008] - The previous system shutdown at 7:35:28 PM on 12/30/2012 was unexpected.
    12/30/2012 11:42:40 PM, Error: EventLog [6008] - The previous system shutdown at 11:38:45 PM on 12/30/2012 was unexpected.
    12/30/2012 10:42:35 AM, Error: EventLog [6008] - The previous system shutdown at 10:37:32 AM on 12/30/2012 was unexpected.
    12/28/2012 1:45:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
    .
    ==== End Of File ===========================
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:11:29 PM, on 1/2/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Users\weeze's girl\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb185?a=6R8Q34rqTp&i=26
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {060a0a36-13dc-407d-b055-5a9accd8e083} - (no file)
    R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: CrossriderApp0019866 - {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - (no file)
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
    O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - (no file)
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg"&"inst=NzYtOTEyODE4MDQ1LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1809"&"mid=5feef902cb9547d19f58d16dcaf7759a-6505edfc44cdc8edb9ceb2077911c888d7574ed6
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Amazon Unbox.lnk = ?
    O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.netzero.com
    O15 - Trusted Zone: *.netzero.net
    O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Security Activity Dashboard Service - Unknown owner - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13217 bytes
     
  2. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    There are two Security systems running Norton IS and Microsoft Security Essentials, that is counterproductive. One of those MUST be UNinstalled before we progress.

    Next,

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post those two logs in next reply please...

    Kevin
     
  4. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
    ComboFix 13-01-03.05 - weeze's girl 01/03/2013 22:56:38.1.2 - x64
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.3838.1632 [GMT -6:00]
    Running from: c:\users\weeze's girl\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Incredibar.com
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    c:\program files (x86)\TelevisionFanatic
    c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S
    c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
    c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
    c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
    c:\program files (x86)\TelevisionFanaticEI
    c:\users\weeze's girl\AppData\Roaming\4740372.exe
    c:\users\weeze's girl\AppData\Roaming\Adobe\plugs
    c:\users\weeze's girl\AppData\Roaming\Adobe\shed
    c:\users\weeze's girl\AppData\Roaming\inst.exe
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-04 05:08 . 2013-01-04 05:08 -------- d-----w- c:\users\WEEZE~1\AppData\Local\temp
    2013-01-04 05:08 . 2013-01-04 05:08 -------- d-----w- c:\users\TestAdmin\AppData\Local\temp
    2013-01-04 05:08 . 2013-01-04 05:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-04 01:05 . 2013-01-04 01:05 -------- d-----w- c:\program files (x86)\TeamViewer
    2013-01-02 19:29 . 2013-01-02 19:29 -------- d-----w- C:\0d9406f4b516735cc65504406064
    2013-01-01 22:44 . 2013-01-01 22:44 450 ----a-w- C:\user.js
    2013-01-01 22:43 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
    2013-01-01 22:43 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
    2013-01-01 22:43 . 2013-01-01 22:43 -------- d-----w- c:\windows\system32\ARFC
    2013-01-01 22:43 . 2012-10-02 15:20 1261936 ----a-w- c:\windows\system32\dmwu.exe
    2013-01-01 22:43 . 2012-10-02 15:19 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
    2013-01-01 22:43 . 2013-01-03 15:55 -------- d-----w- c:\windows\SysWow64\WNLT
    2013-01-01 22:43 . 2013-01-01 22:43 -------- d-----w- c:\program files\IB Updater
    2013-01-01 22:43 . 2013-01-01 22:43 -------- d-----w- c:\users\weeze's girl\AppData\Roaming\Uniblue
    2013-01-01 22:43 . 2013-01-01 22:43 -------- d-----w- c:\program files (x86)\Uniblue
    2013-01-01 22:43 . 2013-01-01 22:43 -------- d-----w- c:\users\weeze's girl\AppData\Local\Deal Vault
    2013-01-01 22:43 . 2013-01-01 22:43 -------- d-----w- c:\program files (x86)\Deal Vault
    2013-01-01 19:32 . 2013-01-01 19:32 -------- d-----w- c:\users\weeze's girl\AppData\Local\Windows Live
    2013-01-01 19:32 . 2013-01-01 19:32 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
    2013-01-01 19:31 . 2009-08-04 08:12 1103872 ----a-w- c:\windows\system32\webservices.dll
    2013-01-01 19:31 . 2009-08-04 08:02 754688 ----a-w- c:\windows\SysWow64\webservices.dll
    2013-01-01 07:41 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40125C62-A88F-44F1-AF6F-6B5262EBE477}\mpengine.dll
    2012-12-28 23:34 . 2012-12-29 16:58 -------- d-----w- c:\users\weeze's girl\CS6 Master Collection
    2012-12-21 21:16 . 2012-12-21 22:39 -------- d-----w- c:\users\weeze's girl\Adobe Photoshop Elements 11
    2012-12-21 21:15 . 2012-12-21 21:15 -------- d-----w- c:\users\weeze's girl\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-12-21 21:15 . 2012-12-21 21:15 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
    2012-12-21 09:00 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 09:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 09:00 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 09:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 19:12 . 2012-12-16 19:12 -------- d-----w- c:\program files\iPod
    2012-12-16 19:12 . 2012-12-16 19:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-16 19:12 . 2012-12-16 19:13 -------- d-----w- c:\program files\iTunes
    2012-12-16 19:12 . 2012-12-16 19:13 -------- d-----w- c:\program files (x86)\iTunes
    2012-12-16 19:02 . 2012-12-16 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-12-16 19:02 . 2012-12-16 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-12-16 19:02 . 2012-12-16 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-12-16 19:02 . 2012-12-16 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-12-16 19:02 . 2012-12-16 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-12-16 19:02 . 2012-12-16 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-12-16 19:02 . 2012-12-16 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-12-16 19:01 . 2012-12-16 19:02 -------- d-----w- c:\program files (x86)\QuickTime
    2012-12-13 09:02 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-12-12 12:03 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
    2012-12-12 12:03 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2012-12-12 12:03 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys
    2012-12-12 12:03 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-12 12:03 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-12-12 12:03 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
    2012-12-12 12:03 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
    2012-12-12 12:03 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-12-12 12:03 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
    2012-12-12 12:03 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
    2012-12-09 19:00 . 2012-12-09 19:00 -------- d-----w- c:\users\weeze's girl\AppData\Roaming\Amazon
    2012-12-06 01:20 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
    2012-12-06 01:20 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-14 22:49 . 2011-08-03 20:18 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-13 09:05 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe
    2012-12-12 10:48 . 2012-07-24 16:49 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-12 10:48 . 2011-05-17 15:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110111981166}]
    2013-01-01 22:43 617352 ----a-w- c:\program files (x86)\Deal Vault\Deal Vault.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
    2012-10-04 20:06 170840 ----a-w- c:\program files\IB Updater\Extension32.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2011-08-09 10:36 1235376 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 39408]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg&inst=NzYtOTEyODE4MDQ1LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1809&mid=5feef902cb9547d19f58d16dcaf7759a-6505edfc44cdc8edb9ceb2077911c888d7574ed6" [?]
    .
    c:\users\weeze's girl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384]
    PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - NisDrv
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 10:48]
    .
    2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 12:14]
    .
    2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 12:14]
    .
    2012-12-15 c:\windows\Tasks\HPCeeScheduleForweeze's girl.job
    - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-16 19:12]
    .
    2012-12-15 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]
    .
    2013-01-03 c:\windows\Tasks\SpeedUpMyPC.job
    - c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2013-01-01 01:44]
    .
    2013-01-03 c:\windows\Tasks\spmonitor.job
    - c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-01-01 01:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2011-08-09 10:36 1792944 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mystart.incredibar.com/mb185?a=6R8Q34rqTp&i=26
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;<local>
    mSearchAssistant =
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: netzero.com
    Trusted Zone: netzero.net
    TCP: DhcpNameServer = 192.168.15.1
    DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
    FF - ProfilePath - c:\users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb185?a=6R8Q34rqTp&i=26
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6R8Q34rqTp&&i=26&search=
    FF - ExtSQL: 2013-01-01 16:43; [email protected]; c:\users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\extensions\[email protected]
    FF - ExtSQL: 2013-01-01 16:44; [email protected]; c:\users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\extensions\[email protected]
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8Q34rqTp&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - e0ad49bb00000000000000248c139c69
    FF - user.js: extensions.incredibar_i.instlDay - 15706
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:44
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6R8Q34rqTp
    FF - user.js: extensions.incredibar_i.upn2n - 92825674216722907
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10700
    FF - user.js: extensions.incredibar_i.ppd - 119
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{060a0a36-13dc-407d-b055-5a9accd8e083} - (no file)
    URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    Toolbar-10 - (no file)
    Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
    Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    Toolbar-10 - (no file)
    WebBrowser-{060A0A36-13DC-407D-B055-5A9ACCD8E083} - (no file)
    WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    AddRemove-Progress Bar - c:\windows\system32\javaws.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
    "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-01-03 23:13:06
    ComboFix-quarantined-files.txt 2013-01-04 05:13
    .
    Pre-Run: 308,074,754,048 bytes free
    Post-Run: 308,592,627,712 bytes free
    .
    - - End Of File - - 4E18D87B77E9EAC6B6EDEC7C93ABBC12
    # AdwCleaner v2.104 - Logfile created 01/03/2013 at 23:23:16
    # Updated 29/12/2012 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : weeze's girl - WEEZESGIRL-PC
    # Boot Mode : Normal
    # Running from : C:\Users\weeze's girl\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : IB Updater

    ***** [Files / Folders] *****

    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\user.js
    File Found : C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\searchplugins\MyStart Search.xml
    Folder Found : C:\Program Files (x86)\AskTBar
    Folder Found : C:\Program Files\IB Updater
    Folder Found : C:\Users\TestAdmin\AppData\LocalLow\Conduit
    Folder Found : C:\Users\TestAdmin\AppData\LocalLow\ConduitEngine
    Folder Found : C:\Users\TestAdmin\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\weeze's girl\AppData\Local\Conduit
    Folder Found : C:\Users\weeze's girl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Folder Found : C:\Users\weeze's girl\AppData\LocalLow\Conduit
    Folder Found : C:\Users\weeze's girl\AppData\LocalLow\FunWebProducts
    Folder Found : C:\Users\weeze's girl\AppData\LocalLow\MyWebSearch
    Folder Found : C:\Users\weeze's girl\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\extensions\[email protected]
    Folder Found : C:\Windows\SysWOW64\WNLT

    ***** [Registry] *****

    Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll
    Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
    Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll
    Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\ImInstaller
    Key Found : HKCU\Software\InstalledBrowserExtensions
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\WNLT
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0019866.BHO
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0019866.Sandbox
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0019866.Sandbox.1
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
    Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
    Key Found : HKLM\SOFTWARE\Classes\I
    Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
    Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2856425
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\Software\incredibar.com
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Found : HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Found : HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Found : HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb185?a=6R8Q34rqTp&i=26

    -\\ Mozilla Firefox v15.0.1 (en-US)

    File : C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\prefs.js

    Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb185?a=6R8Q34rqTp&i=26");
    Found : user_pref("browser.search.defaultenginename", "MyStart Search");
    Found : user_pref("browser.search.selectedEngine", "MyStart Search");
    Found : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb185?a=6R8Q34rqTp&i=26");
    Found : user_pref("extensions.crossriderapp19866.19866.InstallationThankYouPage", true);
    Found : user_pref("extensions.crossriderapp19866.19866.InstallationTime", 1357080185);
    Found : user_pref("extensions.crossriderapp19866.19866.InstallationUserSettings.searchUserConifrmation", fal[...]
    Found : user_pref("extensions.crossriderapp19866.19866.InstallationUserSettings.setHomepage", false);
    Found : user_pref("extensions.crossriderapp19866.19866.InstallationUserSettings.setNewTab", false);
    Found : user_pref("extensions.crossriderapp19866.19866.InstallationUserSettings.setSearch", false);
    Found : user_pref("extensions.crossriderapp19866.19866.active", true);
    Found : user_pref("extensions.crossriderapp19866.19866.addressbar", "");
    Found : user_pref("extensions.crossriderapp19866.19866.addressbarenhanced", "");
    Found : user_pref("extensions.crossriderapp19866.19866.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW[...]
    Found : user_pref("extensions.crossriderapp19866.19866.backgroundver", 3);
    Found : user_pref("extensions.crossriderapp19866.19866.can_run_bg_code", true);
    Found : user_pref("extensions.crossriderapp19866.19866.certdomaininstaller", "");
    Found : user_pref("extensions.crossriderapp19866.19866.changeprevious", false);
    Found : user_pref("extensions.crossriderapp19866.19866.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie.InstallationTime.value", "1357080185");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_aoi.value", "1357080185");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_blocklist.expiration", "Thu Jan 03 2013 2[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_country_code.expiration", "Tue Jan 08 201[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_country_code.value", "%22US%22");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_crr.value", "1357276754");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_currenttime.value", "%221356059648%22");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_hotfix20111102645.value", "%221%22");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installer_params.value", "%7B%22source_id[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installtime.value", "%221356059648%22");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_pc_20120828.value", "1357091211411");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_product_id.value", "%221340%22");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_sr[freescore360.com].expiration", "Thu Ja[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_sr[freescore360.com].value", "1357253790"[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_zoneid.value", "%22126356%22");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie.dbtest.value", "1357091194450");
    Found : user_pref("extensions.crossriderapp19866.19866.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:0[...]
    Found : user_pref("extensions.crossriderapp19866.19866.cookie.lastrequest.value", "%7B%22path%22%3A%22/virus[...]
    Found : user_pref("extensions.crossriderapp19866.19866.description", "Deal Vault");
    Found : user_pref("extensions.crossriderapp19866.19866.domain", "");
    Found : user_pref("extensions.crossriderapp19866.19866.enablesearch", false);
    Found : user_pref("extensions.crossriderapp19866.19866.fbremoteurl", "");
    Found : user_pref("extensions.crossriderapp19866.19866.group", 0);
    Found : user_pref("extensions.crossriderapp19866.19866.homepage", "");
    Found : user_pref("extensions.crossriderapp19866.19866.iframe", false);
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_appVer.value", "11");
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_lastVersion.value", "2");
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_meta.value", "%7B%7D");
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_nextCheck.expiration", "Fri Jan [...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_nextCheck.value", "true");
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_queue.value", "%7B%7D");
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_remote_resources.expiration", "F[...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_remote_resources.value", "%7B%22[...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
    Found : user_pref("extensions.crossriderapp19866.19866.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
    Found : user_pref("extensions.crossriderapp19866.19866.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
    Found : user_pref("extensions.crossriderapp19866.19866.manifesturl", "");
    Found : user_pref("extensions.crossriderapp19866.19866.name", "Deal Vault");
    Found : user_pref("extensions.crossriderapp19866.19866.newtab", "");
    Found : user_pref("extensions.crossriderapp19866.19866.opensearch", "");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1.name", "base");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1.ver", 3);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000014.ver", 10);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},r[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000015.name", "GPL Background (BG)");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000015.ver", 4);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_13.code", "(function(a){a.selectedText[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_13.name", "CrossriderAppUtils");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_13.ver", 2);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_14.name", "CrossriderUtils");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_14.ver", 2);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_15.code", "(function(f){var u={};var e[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_15.name", "FacebookFFIE");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_15.ver", 1);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_16.code", "if((typeof isBackground===\[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_16.name", "FFAppAPIWrapper");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_16.ver", 4);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_17.name", "jQuery");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_17.ver", 3);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_21.name", "debug");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_21.ver", 3);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_22.name", "resources");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_22.ver", 2);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_28.name", "initializer");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_28.ver", 2);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_4.name", "jquery_1_7_1");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_4.ver", 3);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_47.name", "resources_background");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_47.ver", 1);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_64.name", "appApiMessage");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_64.ver", 1);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_72.name", "appApiValidation");
    Found : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_72.ver", 1);
    Found : user_pref("extensions.crossriderapp19866.19866.plugins_lists.plugins_0", "17,14,16,64,72,47,1000015"[...]
    Found : user_pref("extensions.crossriderapp19866.19866.plugins_lists.plugins_1", "17,14,13,16,15,64,72,4,1,2[...]
    Found : user_pref("extensions.crossriderapp19866.19866.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
    Found : user_pref("extensions.crossriderapp19866.19866.pluginsversion", 8);
    Found : user_pref("extensions.crossriderapp19866.19866.publisher", "215 Apps");
    Found : user_pref("extensions.crossriderapp19866.19866.searchstatus", 0);
    Found : user_pref("extensions.crossriderapp19866.19866.setnewtab", false);
    Found : user_pref("extensions.crossriderapp19866.19866.settingsurl", "");
    Found : user_pref("extensions.crossriderapp19866.19866.thankyou", "");
    Found : user_pref("extensions.crossriderapp19866.19866.updateinterval", 360);
    Found : user_pref("extensions.crossriderapp19866.19866.ver", 11);
    Found : user_pref("extensions.crossriderapp19866.adsOldValue", -1);
    Found : user_pref("extensions.crossriderapp19866.apps", "19866");
    Found : user_pref("extensions.crossriderapp19866.bic", "13bf8eff8d2e107b0bc4d88c3092e2c5");
    Found : user_pref("extensions.crossriderapp19866.cid", 19866);
    Found : user_pref("extensions.crossriderapp19866.firstrun", false);
    Found : user_pref("extensions.crossriderapp19866.hadappinstalled", true);
    Found : user_pref("extensions.crossriderapp19866.installationdate", 1357091175);
    Found : user_pref("extensions.crossriderapp19866.lastcheck", 22621279);
    Found : user_pref("extensions.crossriderapp19866.lastcheckitem", 22621279);
    Found : user_pref("extensions.crossriderapp19866.modetype", "production");
    Found : user_pref("extensions.crossriderapp19866.reportInstall", true);
    Found : user_pref("extensions.enabledAddons", "ffxtlbr%40incredibar.com:1.5.0,crossriderapp19866%40crossride[...]
    Found : user_pref("extensions.incredibar.admin", false);
    Found : user_pref("extensions.incredibar.aflt", "orgnl");
    Found : user_pref("extensions.incredibar.cntry", "US");
    Found : user_pref("extensions.incredibar.dfltLng", "");
    Found : user_pref("extensions.incredibar.dfltSrch", false);
    Found : user_pref("extensions.incredibar.did", "10700");
    Found : user_pref("extensions.incredibar.envrmnt", "production");
    Found : user_pref("extensions.incredibar.excTlbr", false);
    Found : user_pref("extensions.incredibar.hdrMd5", "42976EEA0E341E59CABC292FB422D962");
    Found : user_pref("extensions.incredibar.hmpg", false);
    Found : user_pref("extensions.incredibar.id", "e0ad49bb00000000000000248c139c69");
    Found : user_pref("extensions.incredibar.installerproductid", "26");
    Found : user_pref("extensions.incredibar.instlDay", "15706");
    Found : user_pref("extensions.incredibar.instlRef", "");
    Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:44:05");
    Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
    Found : user_pref("extensions.incredibar.newTab", false);
    Found : user_pref("extensions.incredibar.noFFXTlbr", false);
    Found : user_pref("extensions.incredibar.ppd", "119");
    Found : user_pref("extensions.incredibar.prdct", "incredibar");
    Found : user_pref("extensions.incredibar.productid", "26");
    Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
    Found : user_pref("extensions.incredibar.sg", "none");
    Found : user_pref("extensions.incredibar.smplGrp", "none");
    Found : user_pref("extensions.incredibar.tlbrId", "base");
    Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8Q34rqTp&loc=IB_T[...]
    Found : user_pref("extensions.incredibar.upn2", "6R8Q34rqTp");
    Found : user_pref("extensions.incredibar.upn2n", "92825674216722907");
    Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
    Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:44:05");
    Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
    Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Found : user_pref("extensions.incredibar_i.dfltLng", "");
    Found : user_pref("extensions.incredibar_i.did", "10700");
    Found : user_pref("extensions.incredibar_i.excTlbr", false);
    Found : user_pref("extensions.incredibar_i.id", "e0ad49bb00000000000000248c139c69");
    Found : user_pref("extensions.incredibar_i.installerproductid", "26");
    Found : user_pref("extensions.incredibar_i.instlDay", "15706");
    Found : user_pref("extensions.incredibar_i.instlRef", "");
    Found : user_pref("extensions.incredibar_i.ms_url_id", "");
    Found : user_pref("extensions.incredibar_i.newTab", false);
    Found : user_pref("extensions.incredibar_i.ppd", "119");
    Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Found : user_pref("extensions.incredibar_i.productid", "26");
    Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Found : user_pref("extensions.incredibar_i.smplGrp", "none");
    Found : user_pref("extensions.incredibar_i.tlbrId", "base");
    Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8Q34rqTp&loc=IB[...]
    Found : user_pref("extensions.incredibar_i.upn2", "6R8Q34rqTp");
    Found : user_pref("extensions.incredibar_i.upn2n", "92825674216722907");
    Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:44:05");
    Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
    Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6R8Q34rqTp&&i=26&search="[...]

    File : C:\Users\TestAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\99t9z50y.default\prefs.js

    Found : user_pref("extensions.crossriderapp19866.adsOldValue", -1);

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\weeze's girl\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\TestAdmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [35442 octets] - [03/01/2013 23:23:16]

    ########## EOF - C:\AdwCleaner[R1].txt - [35503 octets] ##########
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    The log times appear to show that Combofix was ran before AdwCleaner, is that correct? also you still seem to have two security programs with Anti-virus components installed, is that also correct?
    I did ask that Combofix was saved to and run from the Desktop, you have run it from here: c:\users\weeze's girl\Downloads\ComboFix.exe why?
     
  6. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
    I did it backwards, I apologize. The icons are on the desktop now. I hope I didn't really screw up my comp worse than it was. Do I go ahead and do the steps correctly in order now?
     
  7. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
    Also, I uninstalled MSE and Norton.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Can you run the following to re-install MSE:

    To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application. Microsoft Security Essentials covers all of those bases, but better still it is free. Go here http://www.microsoft.com/security_essentials/ select your Operating System, download, install and follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.

    Let me know if MSE finds anything from the scan...

    Next,

    Download and install the Norton removal tool from Here

    Alternative link

    Install and run the tool, follow any prompts that are given.

    Next,

    Download OTL from any of the following links and save to your desktop.

    http://itxassociates.com/OT-Tools/OTL.com
    http://oldtimer.geekstogo.com/OTL.exe
    http://www.itxassociates.com/OT-Tools/OTL.scr

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Let me know if MSE found/removed anything. Also tell me if Norton removal tool was successful. Post the two logs from OTL.

    Anything that you do not understand or need a bit of help with, just let me know... Okey dokey..(y)
     
  9. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
    Lol ok I will get started on that. I had Norton 360 last year I do believe. If the logs are saved to my comp, I need to find them. I didn't remember this when I started this log, my computer-wise cousin reminded me, Norton was the only program to find a backdoor trojan. It couldn't remove it, it just said the trojan needed to be removed manually. Please excuse my forgetfulness, I have Multiple Sclerosis.
     
  10. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
    I am also a bit confused...If I'm not mistaken, my comp says 32-bit and 64-bit. Is it suppose to have both?
     
  11. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
    MSE did not find anything, and Norton Removal Tool did not tell me what was removed, if anything, just completed successfully. When I was prompted to restart, I did so. But when my comp started back up it kept making a "ding" sound, and this kept popping up even after I clicked "ok":
    "The exception unknown software exception (0xc00000fd) occurred in the application at location 0x7730f07e"-from Googletoolbarnotifier.exe.
    Here are the two logs:
    OTL Extras logfile created on: 1/4/2013 12:53:01 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\weeze's girl\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 60.11% Memory free
    7.68 Gb Paging File | 5.71 Gb Available in Paging File | 74.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.59 Gb Total Space | 272.85 Gb Free Space | 60.29% Space Free | Partition Type: NTFS
    Drive D: | 13.17 Gb Total Space | 1.80 Gb Free Space | 13.68% Space Free | Partition Type: NTFS

    Computer Name: WEEZESGIRL-PC | User Name: weeze's girl | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-3273367965-2163244582-2790646537-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = DD 20 9B D4 9D 63 CB 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0870A656-81A7-4EAC-A68A-7460CF140CBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{0FE4D05A-B7E2-4F05-932A-9B3B13CFDF9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{16895BE2-ECED-4D76-A44D-E437104B40E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{21410080-AF31-45F7-99FD-4227F6DBE41A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{259D3AE3-05FD-41DD-B92E-C61CA52CA608}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2B6166EC-2B5D-40EB-8997-B708608B4BEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{2EDD71D9-30F6-4F5B-9B75-280402403D9F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{31714B54-566E-4FEC-B6DA-F8A829744215}" = lport=139 | protocol=6 | dir=in | app=system |
    "{548DAFC6-B1F7-4E23-BDCB-19184757661B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{55C9B62F-B557-4D9F-B9B3-9F393EC72C81}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{5CA8336B-BED3-43ED-A760-2158DB3316CB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{662027A2-435B-458E-9945-0378B2AE50C5}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{7D39C5D1-4D4B-4BF3-8A1F-3E6CA8A64A9A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8D5889ED-A582-4FC7-A103-D37CABC90CA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{8EC0D7FC-DC70-4D87-BA03-79C99DB3FFE4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{94EE8F01-6744-4057-8724-BB1657169CC2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A1B3F4F8-0653-4CA4-AF2E-3924CA0D7971}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A4785FF7-37A7-487D-AD3C-388B1DD84665}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{AAF58C1E-040B-4FF4-9952-D3C7A2C1BB4B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BFFDCCF9-F008-4A32-9230-4E3B4D506025}" = rport=137 | protocol=17 | dir=out | app=system |
    "{C885A626-FD4A-49FD-94A1-1C08C3F665EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CA1821DC-7D0C-47B4-ABF8-F6E1105A96F9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E4872055-BD47-4409-B449-A686E25CE7FC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E95AE1AC-A12C-4B7A-BAA4-4F524F0EAB04}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{EAFBCFA8-9A70-4344-B0CC-63B5E67B53F8}" = rport=138 | protocol=17 | dir=out | app=system |
    "{ECE4C341-E59A-4C2C-9DBD-D65FBE20AEB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F2F9EB1D-20BC-404A-8672-1718AD2F661A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{044D2B2F-9B7A-4CE3-9D87-A2BF30E84DF7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{07A40A29-9D41-411A-BA65-45000E5467BF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{148BC9E3-6E39-4BC4-8431-AD7BC62EF21E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{150A6A18-72B4-4F5D-BE3F-887445B2ADCA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{1741A39B-DB7F-4FB0-BDCD-66C111441390}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{259659A6-BFDE-4EA4-902C-5D0B208E5B93}" = protocol=1 | dir=in | [email protected],-28543 |
    "{26FA968B-AED4-4092-BD44-9C812F2AEFB5}" = protocol=1 | dir=out | [email protected],-28544 |
    "{2EE839A5-FA21-431B-88C6-C9F74E1BA596}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{3125DE4F-4317-47AC-904F-A37713BEE486}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{32C30E77-3157-49BA-8D59-B63CE22418C2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{34F7D00D-4EE3-42D9-8BD5-4298D5849C53}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
    "{35B5E84E-6495-49E3-B056-40853164CCCE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{35F9AFB0-F1AA-41CA-83BC-563B47F324E9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{3A331A61-06FD-42FD-AC6F-004CF7493C6B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{3B7D9A70-9A55-4D30-957F-C20976494D0D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{44C7CC26-3E03-4234-98C0-663832974965}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
    "{4B46B944-5417-48B1-9FBE-1BD12A7AA219}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4D5E3BBB-DF5E-4210-8C75-701FD6109527}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4DBEE6A6-A700-4C42-8E2C-DD3A308D332F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{4E302F0B-E7A6-49B2-BBBD-D7F12ABB3468}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4FF9E699-1B89-4597-A277-266DA51F6E20}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{523CEED9-866C-43B1-BFA3-3D628E06D3AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{52688C30-E7F5-4370-A547-3A117A250A4D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{52B496D6-E4B1-4E34-9294-244F2360D0BF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{5952E121-82A7-457A-90FA-A093191B39C3}" = protocol=58 | dir=in | [email protected],-28545 |
    "{66B539AC-7C3B-4E76-B931-D1EAF4D25644}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{6734673D-8C70-4EB3-8C66-B13815D06E40}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{67700AF1-420F-402E-8F6E-CB5B156E3E12}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6C780EB6-4DFE-4A4A-B9DF-0FC3F99139EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{73E27BB0-52A2-46CE-B6BD-2AE6ACC5C7A6}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{7653C988-0CF8-429A-B13D-1884536C38C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{76BB5077-D74D-4CDE-B774-C34ED0F2E394}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{8613622E-6E5A-41BC-AD01-D6072477FBAA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
    "{879B672E-035E-4149-A8E9-9C94A5718A63}" = protocol=6 | dir=in | app=c:\users\weeze's girl\appdata\local\temp\7zs84c9.tmp\symnrt.exe |
    "{8B1CF7F3-4805-427D-9E90-81B11642F9EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8B41F8DE-E33C-42AA-BDD7-75AB7D9A7E29}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{8B542A01-AC8A-4B3C-B4AA-504F6A3BC19A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8BAD439E-B51D-442E-B8A7-9C0E4ADD4EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
    "{8CC0F45A-3D65-437E-89A4-C132F78E3813}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
    "{92745621-EA93-4677-A2FF-F6531FB39100}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{978A6DE5-8F34-4BD6-8A3A-B5C32167E069}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{9C7059AE-D9BD-4D92-AFF8-8EF8FCC9AFB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A0146D9D-8B78-4976-B9C1-190EADECF926}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{A7E55D68-19F0-4906-90C5-B549CE0136CC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{A7FDD07D-04B0-49C6-B687-A0394E71F378}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AA87C5A8-2F5E-4BA3-80B8-94FFA17A5D97}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{ABE210B0-17F9-4759-AE3C-D8F789511539}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AD0C8B42-49B8-4DA7-802B-EF6BD8CB153D}" = protocol=58 | dir=out | [email protected],-28546 |
    "{B068D39C-053C-4AA7-AA77-DBC63D6714C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B440073B-B08B-4C0D-AA36-9308A982C2D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B48550B8-4620-49C9-B51A-D9959F8AC8B6}" = protocol=17 | dir=in | app=c:\users\weeze's girl\appdata\local\temp\7zs84c9.tmp\symnrt.exe |
    "{B64F447C-1923-44F2-B0BB-8E3BD511CB24}" = protocol=6 | dir=out | app=system |
    "{B74EF4AF-A1D5-4C5A-901E-AA911F1059DD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{C94EBEF3-A3D6-4F9B-B5E1-24DDB85C4BB3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{CB263691-9135-4AD0-BAFA-920067958A07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CFA811C6-4643-45D1-B97F-F4FEC04D9780}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
    "{D36D0F5A-498F-4B7B-86DC-01A422A6D56A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{D38D0A39-2369-4811-A3DF-F57C4F89C2F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
    "{DD33D4DD-0F88-4AB8-B708-01182F6B4540}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
    "{E0D8569A-50D0-4926-84BA-6DEFCB16E737}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
    "{E138850E-FF89-4F7D-AFC9-2F50B27B5108}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E729B88F-3EE6-43A5-A2E3-72096049A907}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EE5F4097-3B51-49CF-8C03-BB90C0835A3C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F1A13C69-62AD-43A9-A4C8-C361E067CBDE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{F96D4D27-A1D9-460A-8A91-D83D4DF6D734}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{FD9EDAEE-8421-487D-9C0B-9F0109552A04}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{FDD9FE5C-0D03-4EB7-965B-471756A6DBEF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
    "{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC-Doctor for Windows" = Hardware Diagnostic Tools

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
    "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
    "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
    "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
    "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
    "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{1fe5305e-20f4-41e2-ab21-422f30e35135}" = Nero 9
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
    "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
    "{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
    "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
    "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
    "{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
    "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
    "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
    "{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
    "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
    "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
    "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
    "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
    "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
    "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
    "{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
    "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
    "{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
    "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
    "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "BearShare 2 MediaBar" = MediaBar
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
    "Deal Vault" = Deal Vault
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "Magic DVD Copier_is1" = Magic DVD Copier Version 4.9.3
    "Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NBRTWizard" = Norton Bootable Recovery Tool Wizard
    "TeamViewer 8" = TeamViewer 8
    "WildTangent hp Master Uninstall" = My HP Games
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3273367965-2163244582-2790646537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/31/2012 1:44:21 AM | Computer Name = weezesgirl-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 12/31/2012 1:44:21 AM | Computer Name = weezesgirl-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 12/31/2012 1:44:21 AM | Computer Name = weezesgirl-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 12/31/2012 1:44:21 AM | Computer Name = weezesgirl-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 12/31/2012 1:44:21 AM | Computer Name = weezesgirl-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 12/31/2012 1:44:21 AM | Computer Name = weezesgirl-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 12/31/2012 1:44:21 AM | Computer Name = weezesgirl-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 12/31/2012 2:36:55 AM | Computer Name = weezesgirl-PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
    9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
    "" on line . A component version required by the application conflicts with another
    component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

    Error - 12/31/2012 2:36:55 AM | Computer Name = weezesgirl-PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
    9\Nero Recode\Recode.exe.Manifest".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

    Error - 12/31/2012 2:36:58 AM | Computer Name = weezesgirl-PC | Source = HP AdvisorUpdate | ID = 0
    Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
    path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
    share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
    uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
    String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
    XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
    targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
    path) ValidateDocument failed Business\SearchTargets.xml

    [ System Events ]
    Error - 1/4/2013 1:07:53 AM | Computer Name = weezesgirl-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 1/4/2013 1:10:16 AM | Computer Name = weezesgirl-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 1/4/2013 1:44:21 AM | Computer Name = weezesgirl-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/4/2013 1:44:21 AM | Computer Name = weezesgirl-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 1/4/2013 2:00:29 AM | Computer Name = weezesgirl-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 1/4/2013 2:04:41 AM | Computer Name = weezesgirl-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 1/4/2013 1:33:11 PM | Computer Name = weezesgirl-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/4/2013 1:33:11 PM | Computer Name = weezesgirl-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 1/4/2013 2:44:54 PM | Computer Name = weezesgirl-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/4/2013 2:44:54 PM | Computer Name = weezesgirl-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
    OTL logfile created on: 1/4/2013 12:53:01 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\weeze's girl\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 60.11% Memory free
    7.68 Gb Paging File | 5.71 Gb Available in Paging File | 74.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.59 Gb Total Space | 272.85 Gb Free Space | 60.29% Space Free | Partition Type: NTFS
    Drive D: | 13.17 Gb Total Space | 1.80 Gb Free Space | 13.68% Space Free | Partition Type: NTFS

    Computer Name: WEEZESGIRL-PC | User Name: weeze's girl | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/04 12:49:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\weeze's girl\Downloads\OTL.exe
    PRC - [2013/01/01 16:43:27 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/14 03:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2012/12/12 04:48:31 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    PRC - [2012/12/07 15:55:29 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/11/22 19:44:00 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
    PRC - [2011/11/23 20:21:24 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
    PRC - [2011/11/23 20:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    PRC - [2009/04/11 00:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2008/09/19 14:36:32 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008/09/08 17:12:40 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/12/12 04:48:30 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    MOD - [2012/12/07 15:55:29 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/12/06 03:53:24 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
    MOD - [2012/12/06 03:52:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
    MOD - [2012/12/06 03:52:23 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\850a371af19c00078a8cfbee763fb449\System.Transactions.ni.dll
    MOD - [2012/12/06 03:52:22 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1f0ff07c7fa3ef235a9e2b3b6a49db04\System.EnterpriseServices.ni.dll
    MOD - [2012/12/06 03:52:22 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1f0ff07c7fa3ef235a9e2b3b6a49db04\System.EnterpriseServices.Wrapper.dll
    MOD - [2012/12/06 03:52:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
    MOD - [2012/12/06 03:44:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
    MOD - [2012/12/06 03:44:40 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
    MOD - [2012/12/06 03:44:32 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
    MOD - [2012/12/06 03:44:20 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll
    MOD - [2012/12/06 03:44:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39cc0e726e5b80a46337fa969cde2b66\PresentationFramework.Aero.ni.dll
    MOD - [2012/12/06 03:44:10 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fb15c044e4e7d611a5cbe5a1aa6db455\PresentationFramework.ni.dll
    MOD - [2012/12/06 03:43:56 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\09ab834223f9c860f08de8d58688b1a3\PresentationCore.ni.dll
    MOD - [2012/12/06 03:43:44 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0e3cff5f58a9a75de7fcac112c8bbca0\WindowsBase.ni.dll
    MOD - [2012/12/06 03:43:41 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
    MOD - [2012/12/06 03:43:35 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
    MOD - [2012/03/08 08:21:50 | 012,290,432 | ---- | M] () -- C:\Users\weeze's girl\AppData\Roaming\PictureMover\Bin\Core.dll
    MOD - [2012/03/08 08:21:43 | 001,699,200 | ---- | M] () -- C:\Users\weeze's girl\AppData\Roaming\PictureMover\EN-US\Presentation.dll
    MOD - [2012/01/04 02:47:42 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/04/11 00:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
    MOD - [2009/04/10 20:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    MOD - [2009/03/29 22:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2008/10/17 11:39:18 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
    MOD - [2008/10/17 11:32:58 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
    MOD - [2008/10/17 11:32:54 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2008/10/17 11:32:48 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
    MOD - [2008/10/17 11:32:46 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    MOD - [2008/10/17 11:32:26 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    MOD - [2008/10/17 11:32:26 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    MOD - [2008/10/17 11:32:26 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe -- (Security Activity Dashboard Service)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2008/08/26 09:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/14 03:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2012/12/12 04:48:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/07 15:55:29 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/11/23 20:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/09/19 14:36:32 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/04/21 21:03:47 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2008/09/09 19:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
    DRV:64bit: - [2008/03/21 06:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{3E025EAB-4E22-4645-BD1C-716C8077902F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{FD9ABF6C-52C0-4CB0-9030-A29BB2050722}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{3E025EAB-4E22-4645-BD1C-716C8077902F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002Z1us&ptnrS=XPxdm002Z1us&si=CICoiuXs4a0CFS6CtgodVh7OiQ&ptb=33A7D8B6-1F10-4F4E-9F35-C8BB9F01D6DE&psa=&ind=2012022716&st=sb&n=77ed07bc&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{FD9ABF6C-52C0-4CB0-9030-A29BB2050722}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes\{1EAB9BA2-069B-4481-96E0-F137B1272FE1}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes\{3E025EAB-4E22-4645-BD1C-716C8077902F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_enUS327
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002Z1us&ptb=33A7D8B6-1F10-4F4E-9F35-C8BB9F01D6DE&psa=&ind=2012012114&ptnrS=XPxdm002Z1us&si=CICoiuXs4a0CFS6CtgodVh7OiQ&st=sb&n=77ecde52&searchfor={searchTerms}
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes\{B0D0B98F-EA50-4494-8FCF-AD3900BE910F}: "URL" = http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes\{FD9ABF6C-52C0-4CB0-9030-A29BB2050722}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: crossriderapp19866%40crossrider.com:0.86.10
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/16 13:02:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/16 13:02:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/07/23 23:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weeze's girl\AppData\Roaming\Mozilla\Extensions
    [2012/01/21 19:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/01/21 19:17:28 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2013/01/03 23:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\extensions
    [2013/01/02 16:11:44 | 000,000,000 | ---D | M] ("Deal Vault") -- C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\extensions\[email protected]
    [2013/01/02 16:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weeze's girl\AppData\Roaming\Mozilla\Firefox\Profiles\e6wnsuel.default\extensions\[email protected]\chrome\content\extensionCode
    [2012/12/07 15:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/12/07 15:55:29 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/22 09:19:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/12/07 15:55:29 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://search.conduit.com/?ctid=CT2786678&SearchSource=48
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - Extension: YouTube = C:\Users\weeze's girl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\weeze's girl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: No name found = C:\Users\weeze's girl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
    CHR - Extension: Gmail = C:\Users\weeze's girl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/01/03 23:10:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Deal Vault) - {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll (215 Apps)
    O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found.
    O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..Trusted Domains: netzero.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..Trusted Domains: netzero.net ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADFD8513-771E-4C05-9844-C5E31D9F8EF0}: DhcpNameServer = 192.168.15.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
    O18 - Protocol\Handler\tmtb - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\weeze's girl\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\weeze's girl\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/04 12:22:21 | 013,529,576 | ---- | C] (Microsoft Corporation) -- C:\Users\weeze's girl\Documents\mseinstall(1).exe
    [2013/01/04 12:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2013/01/04 12:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2013/01/04 12:19:34 | 013,529,576 | ---- | C] (Microsoft Corporation) -- C:\Users\weeze's girl\Desktop\mseinstall(1).exe
    [2013/01/04 11:33:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/03 23:21:25 | 005,018,515 | R--- | C] (Swearware) -- C:\Users\weeze's girl\Desktop\ComboFix.exe
    [2013/01/03 22:52:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/03 22:52:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/03 22:52:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/03 22:43:31 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/03 22:43:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/03 19:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
    [2013/01/02 13:29:44 | 000,000,000 | ---D | C] -- C:\0d9406f4b516735cc65504406064
    [2013/01/01 16:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2013/01/01 16:43:50 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
    [2013/01/01 16:43:50 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
    [2013/01/01 16:43:49 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
    [2013/01/01 16:43:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC
    [2013/01/01 16:43:23 | 000,000,000 | ---D | C] -- C:\Users\weeze's girl\AppData\Roaming\Uniblue
    [2013/01/01 16:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
    [2013/01/01 16:43:09 | 000,000,000 | ---D | C] -- C:\Users\weeze's girl\AppData\Local\Deal Vault
    [2013/01/01 16:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deal Vault
    [2013/01/01 13:32:34 | 000,000,000 | ---D | C] -- C:\Users\weeze's girl\AppData\Local\Windows Live
    [2013/01/01 13:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2013/01/01 13:31:11 | 001,103,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
    [2013/01/01 13:31:11 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
    [2012/12/28 17:34:01 | 000,000,000 | ---D | C] -- C:\Users\weeze's girl\CS6 Master Collection
    [2012/12/21 15:16:49 | 000,000,000 | ---D | C] -- C:\Users\weeze's girl\Adobe Photoshop Elements 11
    [2012/12/21 15:15:55 | 000,000,000 | ---D | C] -- C:\Users\weeze's girl\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/12/21 15:15:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
    [2012/12/21 03:00:53 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/21 03:00:53 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/21 03:00:53 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/21 03:00:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/16 13:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/12/16 13:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/12/16 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/12/16 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/12/16 13:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/12/16 13:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/12/16 13:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2012/12/13 03:04:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2012/12/13 03:04:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2012/12/13 03:04:10 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
    [2012/12/13 03:04:09 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2012/12/13 03:04:07 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2012/12/13 03:04:07 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2012/12/13 03:04:07 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2012/12/13 03:02:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/12/13 03:02:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/12/13 03:02:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/12/13 03:02:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/12/13 03:02:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/12/13 03:02:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/12/13 03:02:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/12/13 03:02:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/12/13 03:02:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/12/13 03:02:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/12/13 03:02:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/12/13 03:02:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/12/13 03:02:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/12/13 03:02:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/12/13 03:02:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/12/12 06:03:56 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012/12/12 06:03:47 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
    [2012/12/12 06:03:47 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
    [2012/12/12 06:03:47 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
    [2012/12/12 06:03:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
    [2012/12/12 06:03:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
    [2012/12/09 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\weeze's girl\Documents\Amazon MP3
    [2012/12/09 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\weeze's girl\AppData\Roaming\Amazon
    [2012/12/07 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/12/05 19:20:22 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
    [2012/12/05 19:20:22 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
    [2012/01/13 19:58:35 | 000,026,464 | R--- | C] (Adobe Systems Incorporated) -- C:\Users\weeze's girl\acrotextextractor.exe
    [2009/04/21 21:03:47 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\weeze's girl\AppData\Roaming\pcouffin.sys
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/04 12:49:59 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/04 12:49:59 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/04 12:49:59 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/04 12:48:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/04 12:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/04 12:45:08 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
    [2013/01/04 12:43:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/04 12:43:49 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2013/01/04 12:43:47 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
    [2013/01/04 12:43:39 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/04 12:43:38 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/04 12:43:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/04 12:21:48 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/01/04 12:19:50 | 013,529,576 | ---- | M] (Microsoft Corporation) -- C:\Users\weeze's girl\Documents\mseinstall(1).exe
    [2013/01/04 12:19:50 | 013,529,576 | ---- | M] (Microsoft Corporation) -- C:\Users\weeze's girl\Desktop\mseinstall(1).exe
    [2013/01/03 23:45:08 | 000,001,368 | ---- | M] () -- C:\Users\weeze's girl\AppData\Roaming\wklnhst.dat
    [2013/01/03 23:43:12 | 000,315,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/03 23:33:18 | 000,080,896 | ---- | M] () -- C:\AdwCleaner[R1].wps
    [2013/01/03 23:20:40 | 000,551,997 | ---- | M] () -- C:\Users\weeze's girl\Desktop\adwcleaner.exe
    [2013/01/03 23:10:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/01/03 22:42:21 | 005,018,515 | R--- | M] (Swearware) -- C:\Users\weeze's girl\Desktop\ComboFix.exe
    [2013/01/03 19:05:28 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2013/01/01 16:45:43 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/01/01 16:43:25 | 000,001,011 | ---- | M] () -- C:\Users\weeze's girl\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
    [2013/01/01 14:05:16 | 000,007,592 | ---- | M] () -- C:\Users\weeze's girl\AppData\Local\d3d9caps.dat
    [2012/12/28 17:00:16 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/24 21:22:31 | 000,036,864 | ---- | M] () -- C:\Users\weeze's girl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/12/21 15:15:50 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    [2012/12/16 13:13:11 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/12/16 13:02:03 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/12/16 07:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/16 07:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/16 05:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/16 04:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/15 17:42:11 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForweeze's girl.job
    [2012/12/15 00:19:31 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/12/12 04:48:30 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/12/12 04:48:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/12/09 13:00:27 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
    [2012/12/05 17:34:42 | 000,000,442 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/04 12:21:44 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2013/01/03 23:33:18 | 000,080,896 | ---- | C] () -- C:\AdwCleaner[R1].wps
    [2013/01/03 23:20:32 | 000,551,997 | ---- | C] () -- C:\Users\weeze's girl\Desktop\adwcleaner.exe
    [2013/01/03 22:52:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/03 22:52:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/03 22:52:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/03 22:52:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/03 22:52:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/03 19:05:28 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
    [2013/01/03 19:05:28 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2013/01/02 13:26:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2013/01/01 16:45:43 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/01/01 16:43:49 | 001,261,936 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
    [2013/01/01 16:43:30 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\spmonitor.job
    [2013/01/01 16:43:27 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
    [2013/01/01 16:43:25 | 000,001,011 | ---- | C] () -- C:\Users\weeze's girl\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
    [2012/12/21 15:15:51 | 000,000,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    [2012/12/21 15:15:50 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    [2012/12/16 13:13:11 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/12/16 13:02:03 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/12/15 13:20:30 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForweeze's girl.job
    [2012/12/13 03:04:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/12/13 03:04:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/12/09 13:00:27 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
    [2011/07/02 15:43:31 | 000,000,000 | ---- | C] () -- C:\Users\weeze's girl\AppData\Local\{69687261-61E4-4AD3-81A9-9E8418FDF4BB}
    [2009/04/30 13:19:37 | 000,007,592 | ---- | C] () -- C:\Users\weeze's girl\AppData\Local\d3d9caps.dat
    [2009/04/21 21:03:47 | 000,007,859 | ---- | C] () -- C:\Users\weeze's girl\AppData\Roaming\pcouffin.cat
    [2009/04/21 21:03:47 | 000,001,167 | ---- | C] () -- C:\Users\weeze's girl\AppData\Roaming\pcouffin.inf
    [2009/03/17 21:17:43 | 000,001,368 | ---- | C] () -- C:\Users\weeze's girl\AppData\Roaming\wklnhst.dat
    [2009/03/08 00:50:31 | 000,445,148 | ---- | C] () -- C:\Users\weeze's girl\ (2)
    [2009/02/28 20:35:03 | 000,006,202 | ---- | C] () -- C:\Users\weeze's girl\AppData\Roaming\default.rss
    [2009/02/18 21:18:24 | 000,036,864 | ---- | C] () -- C:\Users\weeze's girl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== LOP Check ==========

    [2011/12/29 17:59:52 | 000,000,000 | ---D | M] -- C:\Users\TestAdmin\AppData\Roaming\AVG2012
    [2011/08/03 17:03:00 | 000,000,000 | ---D | M] -- C:\Users\TestAdmin\AppData\Roaming\CheckPoint
    [2011/08/03 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\TestAdmin\AppData\Roaming\PictureMover
    [2012/12/09 13:00:46 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\Amazon
    [2011/09/02 12:32:31 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\AVG2012
    [2011/05/08 18:59:26 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\CheckPoint
    [2012/12/21 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/05/20 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
    [2012/01/09 13:19:37 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\DriverCure
    [2009/12/09 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\FloodLightGames
    [2011/04/02 08:01:13 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\funkitron
    [2011/03/15 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\Gamelab
    [2009/05/19 09:51:48 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\GetRightToGo
    [2011/03/14 16:52:09 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\Ludia
    [2011/09/06 09:24:17 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\MusicNet
    [2009/02/18 11:15:47 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\PictureMover
    [2011/04/02 17:01:11 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\PlayFirst
    [2009/08/31 10:37:06 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\SecondLife
    [2012/01/09 13:19:37 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\SpeedyPC Software
    [2011/03/16 11:54:11 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\SPORE Creature Creator
    [2011/08/03 13:57:19 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\TeamViewer
    [2009/03/17 21:17:46 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\Template
    [2011/09/07 15:22:16 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\Tific
    [2013/01/01 16:43:23 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\Uniblue
    [2010/03/28 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\Vso
    [2009/12/09 15:40:26 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\WildTangent
    [2010/10/06 01:07:47 | 000,000,000 | ---D | M] -- C:\Users\weeze's girl\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Re-Run [​IMG] by double left click, Vista and Widows 7 users accept UAC alert.

    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      IE:64bit: - HKLM\..\SearchScopes\{3E025EAB-4E22-4645-BD1C-716C8077902F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
      IE - HKLM\..\SearchScopes\{3E025EAB-4E22-4645-BD1C-716C8077902F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
      IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002Z1us&ptnrS=XPxdm002Z1us&si=CICoiuXs4a0CFS6CtgodVh7O iQ&ptb=33A7D8B6-1F10-4F4E-9F35-C8BB9F01D6DE&psa=&ind=2012022716&st=sb&n=77ed07bc&searchfor={searchTerms}
      IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes\{3E025EAB-4E22-4645-BD1C-716C8077902F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
      IE - HKU\S-1-5-21-3273367965-2163244582-2790646537-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002Z1us&ptb=33A7D8B6-1F10-4F4E-9F35-C8BB9F01D6DE&psa=&ind=2012012114&ptnrS=XPxdm002Z1us&si=CICoiuXs4a0CFS6Ctgod Vh7OiQ&st=sb&n=77ecde52&searchfor={searchTerms}
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
      [2012/09/22 09:19:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/12/07 15:55:29 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      O2:64bit: - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (Deal Vault) - {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll (215 Apps)
      O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found.
      O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
      O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
      O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
      O18 - Protocol\Handler\tmtb - No CLSID value found
      [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      :Files
      ipconfig /flushdns /c
      C:\Users\TestAdmin\AppData\Roaming\AVG2012
      C:\Users\weeze's girl\AppData\Roaming\AVG2012
      :Commands
      [emptytemp]
      [CREATERESTOREPOINT]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those 3 logs, also let me know what issues/concerns remain...

    Kevin,....
     
  13. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
    The mouse is still jumping on the screen..not sure why, maybe I need a new one. MBAM did not find anything on quick scan. Also, how can I tell if the trojan is gone?

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E025EAB-4E22-4645-BD1C-716C8077902F}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E025EAB-4E22-4645-BD1C-716C8077902F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E025EAB-4E22-4645-BD1C-716C8077902F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E025EAB-4E22-4645-BD1C-716C8077902F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3273367965-2163244582-2790646537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3E025EAB-4E22-4645-BD1C-716C8077902F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E025EAB-4E22-4645-BD1C-716C8077902F}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3273367965-2163244582-2790646537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22181a4d-af90-4ca3-a569-faed9118d6bc}\ not found.
    File C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension not found.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ deleted successfully.
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111981166}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111981166}\ deleted successfully.
    C:\Program Files (x86)\Deal Vault\Deal Vault.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ deleted successfully.
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
    File Protocol\Handler\ms-itss - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmtb\ deleted successfully.
    File Protocol\Handler\tmtb - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmtb\ not found.
    File Protocol\Handler\tmtb - No CLSID value found not found.
    C:\Windows\SysNative\drivers\~GLH0023.TMP deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\weeze's girl\Downloads\cmd.bat deleted successfully.
    C:\Users\weeze's girl\Downloads\cmd.txt deleted successfully.
    C:\Users\TestAdmin\AppData\Roaming\AVG2012\cfgall folder moved successfully.
    C:\Users\TestAdmin\AppData\Roaming\AVG2012 folder moved successfully.
    C:\Users\weeze's girl\AppData\Roaming\AVG2012\cfgall folder moved successfully.
    C:\Users\weeze's girl\AppData\Roaming\AVG2012 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TestAdmin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2844823 bytes
    ->FireFox cache emptied: 32582753 bytes
    ->Google Chrome cache emptied: 856432 bytes
    ->Flash cache emptied: 57265 bytes

    User: weeze's girl
    ->Temp folder emptied: 22311604 bytes
    ->Temporary Internet Files folder emptied: 332377168 bytes
    ->Java cache emptied: 7740354 bytes
    ->FireFox cache emptied: 106185264 bytes
    ->Google Chrome cache emptied: 13657731 bytes
    ->Apple Safari cache emptied: 6859776 bytes
    ->Flash cache emptied: 2898999 bytes

    User: WEEZE~1
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2840755 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 13529576 bytes

    Total Files Cleaned = 520.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01042013_144450

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\Amazon Digital Video\Servicelog.adv scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\TMP0000024A1321001AAE2B4BDC not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.04.08

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    weeze's girl :: WEEZESGIRL-PC [administrator]

    1/4/2013 3:05:33 PM
    mbam-log-2013-01-04 (15-05-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 248157
    Time elapsed: 4 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    Results of screen317's Security Check version 0.99.56
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 23
    Java(TM) 6 Update 7
    Java version out of Date!
    Adobe Flash Player 11.5.502.135
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 15.0.1 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete. <----- Make sure to use Delete and not Search!!!!!
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Kevin.....:)
     
  15. meand3midgets

    meand3midgets Thread Starter

    Joined:
    Jan 2, 2013
    Messages:
    185
    Does this scan usually take a long time? It's not even halfway thru the scan yet.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083449

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice