Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AV security suite virus, not letting me open downloads [Solved]

Started by alraina , Jul 10 2010 01:00 AM

  • This topic is locked This topic is locked

#1
alraina
Posted 10 July 2010 - 01:00 AM

alraina

    Member

  • Member
  • PipPip
  • 41 posts
Earlier today I had the AV security suite pop up. It is blocking everything, I can't open anything I download like the malwarebyte program, ERUNT, etc so I am not really sure where to start. Is there a way to bypass this block? It had blocked the internet too but I finally figured out how to unblock it. If there isn't a way to unblock the block on all my programs, should I just wipe my computer or is there something else I can do? Thank you in advanced.
  • 0

Advertisements

#2
Essexboy
Posted 10 July 2010 - 01:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets try this first, if it fails go to Plan B

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Posted Image

Then select Start OTL. OTL will now run

  • Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Click the Internet Explorer button, post these logs in your Virus Removal topic.


Plan B

Download Rkill from here : there are several flavours to choose from, if one does not work then try the next

* rkill.com http://download.blee...inler/rkill.com
* rkill.scr http://download.blee...inler/rkill.scr
* rkill.pif http://download.blee...inler/rkill.pif

Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above
  • 0

#3
alraina
Posted 11 July 2010 - 08:04 PM

alraina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Sorry it has taken me so long to reply, I was away all weekend. I'm having issues finding your attachment, its not showing in the post.
  • 0

#4
Essexboy
Posted 12 July 2010 - 12:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
[attachment=43382:scan.txt]
Some numpty forgot to upload it :)
  • 0

#5
alraina
Posted 12 July 2010 - 12:27 PM

alraina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
It's all good :) Thank you very much for all your help as well. I'll start the process and get the logs up asap.
  • 0

#6
Essexboy
Posted 12 July 2010 - 12:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah I am forgiven then :)
  • 0

#7
alraina
Posted 12 July 2010 - 12:54 PM

alraina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here is the OTL Log, I had to do it in safemode however, Its not letting me do anything in normal.

OTL logfile created on: 7/12/2010 11:49:20 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Laura\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 135.36 Gb Free Space | 47.39% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 233.11 Mb Total Space | 148.75 Mb Free Space | 63.81% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAURA-PC
Current User Name: Laura
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/11 18:58:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.scr
PRC - [2010/07/11 18:57:50 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTH.scr


========== Modules (SafeList) ==========

MOD - [2010/07/11 18:58:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.scr
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/21 23:33:32 | 000,240,128 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/12 12:35:46 | 006,554,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2008/12/12 12:35:36 | 000,285,824 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 19:50:24 | 000,027,648 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/03/26 11:16:04 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 13:10:42 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2008/09/24 19:08:26 | 000,296,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/09/24 19:08:26 | 000,116,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/09/23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/03/25 22:23:58 | 000,894,976 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/21 23:33:32 | 000,487,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/17 16:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/09/19 18:43:58 | 000,068,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/04 10:48:00 | 000,064,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/14 03:18:54 | 008,029,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/07/15 01:20:42 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/19 18:37:42 | 000,325,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 16:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 19:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 18:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/02/03 09:26:00 | 000,024,568 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\SwSetup\sp43819\iscflashx64.sys -- (iscFlash)
DRV - [2008/09/26 03:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/01/04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....com//login.php"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/18 16:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/06/06 09:00:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/02 16:42:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/02 16:42:18 | 000,000,000 | ---D | M]

[2009/03/05 13:32:00 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Mozilla\Extensions
[2010/07/09 23:14:35 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ux4kodga.default\extensions
[2009/09/29 22:54:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ux4kodga.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/09 23:51:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/09 23:51:15 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2009/05/07 17:27:36 | 000,283,952 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmusicn.dll
[2010/03/02 12:36:24 | 000,221,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppanda3d.dll
[2010/04/07 07:09:07 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Erogokowucaf] C:\Users\Laura\AppData\Local\wbda018.DLL (CyberLink Corp.)
O4 - HKCU..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\Users\Laura\AppData\Local\Temp\dog53.exe ()
O4 - HKCU..\Run: [hsehf98u34i9tjioaugy987iuegdsg] C:\Users\Laura\AppData\Local\Temp\avp32.exe ()
O4 - HKCU..\Run: [mcexecwin] C:\Users\Laura\AppData\Local\Temp\k7vdwv.DLL ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RTHDBPL] C:\Users\Laura\AppData\Roaming\SystemProc\lsass.exe (Jznof)
O4 - HKCU..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\Users\Laura\AppData\Local\Temp\drweb.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [vmshuvmc] C:\Users\Laura\AppData\Local\yqrwyvjwq\gjqndcbtssd.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} http://m1.cdn.gaiaon...ns/IDMFlash.cab (AXIDMDCP Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://games.myspace...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Laura\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laura\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - wdmaud.drv ()
Drivers32:64bit: midi - wdmaud.drv ()
Drivers32:64bit: midi1 - wdmaud.drv ()
Drivers32:64bit: midimapper - midimap.dll ()
Drivers32:64bit: mixer - wdmaud.drv ()
Drivers32:64bit: mixer1 - wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - msadp32.acm ()
Drivers32:64bit: msacm.msg711 - msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm ()
Drivers32:64bit: MSVideo8 - VfWWDM32.dll ()
Drivers32:64bit: vidc.i420 - iyuv_32.dll ()
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - msrle32.dll ()
Drivers32:64bit: vidc.msvc - msvidc32.dll ()
Drivers32:64bit: VIDC.UYVY - msyuv.dll ()
Drivers32:64bit: VIDC.YUY2 - msyuv.dll ()
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll ()
Drivers32:64bit: VIDC.YVYU - msyuv.dll ()
Drivers32:64bit: wave - wdmaud.drv ()
Drivers32:64bit: wave1 - wdmaud.drv ()
Drivers32:64bit: wavemapper - msacm32.drv ()
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/11 18:57:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.scr
[2010/07/11 18:57:49 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTH.scr
[2010/07/09 23:51:17 | 000,000,000 | -HSD | C] -- C:\Users\Laura\AppData\Roaming\SystemProc
[2010/07/09 23:51:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/09 23:47:28 | 005,434,248 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laura\Desktop\mbam-rules.exe
[2010/07/09 23:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/09 23:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/09 23:11:25 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Verizon
[2010/07/09 23:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2010/07/09 23:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2010/07/09 23:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2010/07/09 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\yqrwyvjwq
[2010/05/31 19:07:54 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\My Kindle Content
[2010/05/31 19:07:48 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\Amazon
[2010/05/27 17:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystic Inn
[2010/05/18 08:37:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/15 19:23:05 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\Electronic Arts
[2010/04/29 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\Panda3D
[2010/04/29 12:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda3D
[2010/04/28 17:10:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/04/19 06:30:27 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\New Folder (2)

========== Files - Modified Within 90 Days ==========

[2010/07/12 11:42:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/12 11:41:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/12 11:41:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 11:41:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 11:35:52 | 004,194,304 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT
[2010/07/12 11:35:50 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/07/12 11:35:50 | 000,065,536 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/07/12 11:35:44 | 002,446,859 | -H-- | M] () -- C:\Users\Laura\AppData\Local\IconCache.db
[2010/07/12 11:35:09 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{74E18BAD-E91E-4B89-944B-83BA4F8CC532}.job
[2010/07/12 11:30:27 | 000,002,716 | ---- | M] () -- C:\Users\Laura\AppData\Local\eruhaqitejig.dll
[2010/07/12 11:29:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 08:23:01 | 000,000,732 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps64.dat
[2010/07/11 18:58:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.scr
[2010/07/11 18:57:50 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTH.scr
[2010/07/11 18:44:48 | 000,002,716 | ---- | M] () -- C:\Users\Laura\AppData\Local\iyijadan.dll
[2010/07/10 06:26:20 | 000,002,716 | ---- | M] () -- C:\Users\Laura\AppData\Local\aguyesic.dll
[2010/07/10 04:51:33 | 000,016,384 | ---- | M] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 04:49:26 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/09 23:51:10 | 000,006,756 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat
[2010/07/09 23:47:37 | 005,434,248 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Laura\Desktop\mbam-rules.exe
[2010/07/09 23:04:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/09 22:55:18 | 000,000,000 | ---- | M] () -- C:\Users\Laura\AppData\Local\unurohil.dll
[2010/07/09 22:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127547017-1507687882-1723143581-1000UA.job
[2010/07/09 16:01:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127547017-1507687882-1723143581-1000Core.job
[2010/07/05 21:18:00 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/05 21:18:00 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/05 21:18:00 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/02 12:01:45 | 000,002,042 | ---- | M] () -- C:\Users\Laura\Desktop\Google Chrome.lnk
[2010/07/02 12:01:45 | 000,002,004 | ---- | M] () -- C:\Users\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/02 10:25:35 | 000,001,142 | ---- | M] () -- C:\Users\Laura\Desktop\ Mabinogi .lnk
[2010/06/29 15:51:30 | 000,134,229 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0006.jpg
[2010/06/29 15:51:29 | 000,140,024 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0005.jpg
[2010/06/28 02:25:01 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLaura.job
[2010/06/19 22:31:45 | 000,024,064 | ---- | M] () -- C:\Users\Laura\Desktop\Measurements.doc
[2010/06/19 08:50:38 | 000,149,753 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0003.jpg
[2010/06/15 20:41:36 | 000,024,576 | ---- | M] () -- C:\Users\Laura\Desktop\Dinner Schedule.doc
[2010/06/15 16:15:30 | 000,024,576 | ---- | M] () -- C:\Users\Laura\Documents\return info.doc
[2010/06/14 21:44:38 | 000,030,720 | ---- | M] () -- C:\Users\Laura\Documents\soup.doc
[2010/06/14 13:02:44 | 000,142,775 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0004.jpg
[2010/06/10 03:32:01 | 000,385,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/10 03:06:13 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010/06/03 19:23:29 | 000,038,912 | ---- | M] () -- C:\Users\Laura\Desktop\Grocery List.doc
[2010/06/01 15:10:59 | 000,134,413 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0001.jpg
[2010/06/01 15:10:59 | 000,134,315 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0002.jpg
[2010/06/01 15:10:59 | 000,133,493 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0000.jpg
[2010/05/31 19:07:50 | 000,002,108 | ---- | M] () -- C:\Users\Laura\Desktop\Kindle For PC.lnk
[2010/05/31 13:32:34 | 000,024,064 | ---- | M] () -- C:\Users\Laura\Documents\Blue twin 2.doc
[2010/05/27 17:12:46 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\Play Mystic Inn.lnk
[2010/05/27 17:12:46 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/05/27 17:11:59 | 000,001,778 | ---- | M] () -- C:\Users\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/05/27 17:11:59 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/05/26 09:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 07:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2010/05/18 08:37:42 | 517,428,604 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/15 19:32:27 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
[2010/05/15 19:01:15 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/05/03 23:54:49 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/05/03 23:52:45 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/05/03 23:52:04 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/05/03 23:51:49 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/05/03 23:51:49 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/05/03 23:51:48 | 002,334,208 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/05/03 23:51:48 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/05/03 23:51:48 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/05/03 23:51:47 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/05/03 22:01:59 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/05/03 22:01:39 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/05/03 22:01:04 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/04/16 09:40:20 | 001,570,816 | ---- | M] () -- C:\Windows\SysNative\quartz.dll
[2010/04/16 09:35:56 | 000,032,256 | ---- | M] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/04/16 07:50:22 | 004,240,384 | ---- | M] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/04/14 11:35:26 | 000,375,808 | ---- | M] () -- C:\Windows\SysNative\psisdecd.dll
[2010/04/14 11:35:24 | 000,289,792 | ---- | M] () -- C:\Windows\SysNative\psisrndr.ax
[2010/04/14 11:35:23 | 000,558,592 | ---- | M] () -- C:\Windows\SysNative\EncDec.dll
[2010/04/14 11:33:49 | 000,101,376 | ---- | M] () -- C:\Windows\SysNative\MSNP.ax
[2010/04/14 11:33:13 | 000,227,328 | ---- | M] () -- C:\Windows\SysNative\mpg2splt.ax

========== Files Created - No Company Name ==========

[2010/07/12 11:30:26 | 000,002,716 | ---- | C] () -- C:\Users\Laura\AppData\Local\eruhaqitejig.dll
[2010/07/11 18:44:48 | 000,002,716 | ---- | C] () -- C:\Users\Laura\AppData\Local\iyijadan.dll
[2010/07/10 06:26:19 | 000,002,716 | ---- | C] () -- C:\Users\Laura\AppData\Local\aguyesic.dll
[2010/07/10 00:21:43 | 000,000,732 | ---- | C] () -- C:\Users\Laura\AppData\Local\d3d9caps64.dat
[2010/07/09 22:55:18 | 000,000,000 | ---- | C] () -- C:\Users\Laura\AppData\Local\unurohil.dll
[2010/06/29 15:51:30 | 000,134,229 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0006.jpg
[2010/06/29 15:51:29 | 000,140,024 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0005.jpg
[2010/06/24 03:01:48 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/24 03:01:48 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/24 03:01:33 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/24 03:01:33 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/24 03:01:33 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/24 03:00:54 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 03:00:54 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 03:00:54 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 03:00:54 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 03:00:54 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 12:17:49 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/23 12:17:48 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/19 22:31:45 | 000,024,064 | ---- | C] () -- C:\Users\Laura\Desktop\Measurements.doc
[2010/06/15 20:41:36 | 000,024,576 | ---- | C] () -- C:\Users\Laura\Desktop\Dinner Schedule.doc
[2010/06/14 21:44:37 | 000,030,720 | ---- | C] () -- C:\Users\Laura\Documents\soup.doc
[2010/06/14 15:53:22 | 000,024,576 | ---- | C] () -- C:\Users\Laura\Documents\return info.doc
[2010/06/14 13:02:44 | 000,149,753 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0003.jpg
[2010/06/14 13:02:44 | 000,142,775 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0004.jpg
[2010/06/09 04:20:37 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/09 04:20:37 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/09 04:20:29 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/09 04:20:28 | 012,468,736 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/09 04:20:25 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/09 04:20:24 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/09 04:20:24 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/09 04:20:24 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/09 04:20:23 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/09 04:20:23 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/09 04:20:23 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/09 04:20:21 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/09 04:20:21 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/09 04:20:20 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/09 04:20:20 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/06/09 04:20:20 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/09 04:20:20 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/09 04:20:20 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/09 04:20:20 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/09 04:20:20 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/09 04:20:20 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/09 04:20:20 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/09 04:20:19 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/09 04:20:02 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/09 04:19:56 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/09 04:19:53 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/01 15:10:59 | 000,134,413 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0001.jpg
[2010/06/01 15:10:59 | 000,134,315 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0002.jpg
[2010/06/01 15:10:59 | 000,133,493 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0000.jpg
[2010/05/31 19:07:50 | 000,002,108 | ---- | C] () -- C:\Users\Laura\Desktop\Kindle For PC.lnk
[2010/05/31 16:53:03 | 000,038,912 | ---- | C] () -- C:\Users\Laura\Desktop\Grocery List.doc
[2010/05/31 13:32:34 | 000,024,064 | ---- | C] () -- C:\Users\Laura\Documents\Blue twin 2.doc
[2010/05/27 17:12:46 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Play Mystic Inn.lnk
[2010/05/27 17:11:59 | 000,001,778 | ---- | C] () -- C:\Users\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/05/27 17:11:59 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/05/27 17:11:59 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/05/26 00:49:09 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/18 08:37:00 | 517,428,604 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/15 19:32:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
[2010/05/15 19:01:15 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/05/11 21:33:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/04/29 02:14:04 | 000,270,208 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/04/13 23:00:08 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/04/13 23:00:07 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/04/13 23:00:07 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/04/13 23:00:03 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/04/13 23:00:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/04/13 23:00:03 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/04/13 23:00:00 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/13 22:59:57 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/04/13 22:59:52 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/13 13:29:14 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/04/13 13:29:03 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2009/02/17 22:33:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/14 12:29:21 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/02/14 12:29:20 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/02/14 12:29:20 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/01/10 22:40:12 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Amazon
[2009/05/07 04:08:27 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\blg
[2009/03/25 14:49:07 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Gamelab
[2009/02/17 22:24:41 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\GetRightToGo
[2009/08/13 15:41:24 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Meridian93
[2009/08/12 07:01:40 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\My Games
[2009/02/15 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Nexon
[2009/07/22 21:56:18 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\PlayFirst
[2010/07/09 23:51:17 | 000,000,000 | -HSD | M] -- C:\Users\Laura\AppData\Roaming\SystemProc
[2009/04/26 08:05:06 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Template
[2009/07/02 14:40:44 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\UClick
[2009/02/13 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\WildTangent
[2010/07/12 11:41:26 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/12 11:35:09 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{74E18BAD-E91E-4B89-944B-83BA4F8CC532}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 19:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/07/12 11:42:07 | 241,451,007 | -HS- | M] () -- C:\pagefile.sys
[2009/02/13 20:22:12 | 000,000,204 | ---- | M] () -- C:\Plugins

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:35:48 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.dat >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2008/01/20 19:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 19:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 02:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:F67AAFC5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2B99FE60
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:55FBB3E8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:8247A199
< End of report >
  • 0

#8
alraina
Posted 12 July 2010 - 12:58 PM

alraina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Whoops, forgot this one.

OTL Extras logfile created on: 7/12/2010 11:49:21 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Laura\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 135.36 Gb Free Space | 47.39% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 233.11 Mb Total Space | 148.75 Mb Free Space | 63.81% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAURA-PC
Current User Name: Laura
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{78242EBF-3B05-4FD7-999C-5D9C5B696482}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D00A4E5D-1D22-4286-9A28-A3301F66155E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DA0325A1-1BAD-4410-AA61-BFF9FBCF8EC8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{104FB753-2D44-48F0-BF07-324EE29C9666}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{14997E85-0EA5-49B4-9324-B0C175AE7FCE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{17F92742-AD0A-47A8-8CBD-43C801BFBDE7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{19AD7003-5BBA-4456-BBA9-EB5B959FC5B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{1A22ACFF-B5BB-4908-9E75-01727FCB38C7}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1B3396CC-4B13-4328-863B-D4950B3ECE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1E2A3A46-1CCA-4E81-ADBF-9CA8AEFFAC1D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{1EB30212-E203-405A-B0C4-37ACAC989859}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{1EC3ED2F-9981-40FB-A4FE-5FAF02CB5E42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1F566648-C725-47B4-8AEB-7C0371CBEAC1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{216D0B92-DB7E-4156-811D-18DC1DE2B708}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{23D7EEF8-6DD5-4A18-8D32-6FB2EB41A3E6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{307F1C1C-03E8-4F01-BC81-96B2A4735FEC}" = protocol=17 | dir=in | app=c:\program files (x86)\verizon\vsp\servicepointservice.exe |
"{30AAED2A-2BA6-44CF-91A8-419E91663595}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3494A6DA-0AB9-44C2-A80C-7AF37626C532}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3E5E6E2E-DFC5-4782-B604-ED7FE3D01DC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{4025617C-E58B-49C8-8C5A-6990E5CA6686}" = protocol=6 | dir=in | app=c:\program files (x86)\verizon\vsp\servicepointservice.exe |
"{40E86481-6820-4F6C-B892-D9A39B08D132}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{44E824AC-D5A8-44AB-9F33-0CB278D157CA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4CFD2620-6A85-4A1D-9496-09279E3A1A3D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5348A7ED-5F82-4F53-888A-E333680E2A31}" = protocol=17 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{53B95F3E-AD91-4744-BE63-B22C46B7E482}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{57530218-F8B3-4C46-8996-6A6158320BB9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{5AF9A4D2-45A6-4CAA-85B0-B7F9704F2CE6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{5F6E78BD-107D-4BBD-8643-5563085DAA18}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6736B449-2B08-4E54-AB10-389C0573ABA8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{6E6CC0AB-0827-43FD-B7DC-F83AF56470C3}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7D836149-6210-487B-867B-959600C5D5EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8238091D-1675-4A62-A510-92C78318DDE5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{86FBE80F-5AA4-430F-81EA-F7328099C7CD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{8A1EFB3D-4AB0-4C03-8649-0DC6B2DAAA10}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8CD9C113-D96A-436E-A81F-CC4590AEF347}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{91FBACA8-C52F-4CE3-99AB-52FB27363306}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{938FCBF3-299A-4F1C-88C9-8FC4366B8F48}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A2872EE4-4B88-4AB5-AE81-93C497DBBDCF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{A48F90BA-778D-44C1-86C7-C425AF3BA819}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A7B77142-9804-4D14-835F-E87EE048BA84}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{B0FF33B9-490D-43D5-B800-AB26175B14FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B0FFE300-2C85-4EE7-8E0C-893F23F88140}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B5E9F84B-D3A2-4344-B50B-FCD8D3E2DD19}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{B6A182F0-8606-44E5-8AB6-CA67CE307716}" = protocol=6 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{CEB1C9A2-E2CB-4C23-BD33-734DD3DE5F3A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D29505A0-F961-4EFF-A276-68A5ECEEE77B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DCDA6049-2DEE-499B-84BA-9F17F84BA03C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E3BAD4E5-33C5-4C2A-A08F-6FE1B8888FFE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EA082022-7D2E-4942-9AB4-BE858DEDE401}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{EB2A54B2-25B2-43FE-83ED-073D7C2AFC50}" = dir=in | app=e:\setup\hpznui40.exe |
"{EF98A9D9-2D1D-4E71-B861-40747C75E028}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F70B9278-15B7-4837-8168-28BEE9A10BEF}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"TCP Query User{10127805-FE0E-462D-811A-277572F4158D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{1C09D9F7-FC5B-44E2-A919-EAE889814967}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{57896175-E969-4B66-B7CC-5C43468AFDFA}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{ACEFF26C-F912-4A9A-B28A-C3EE3772E4BC}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
"TCP Query User{FAF34C45-6BB1-494A-93E1-015EE00813F7}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{07D4D14A-0913-43FC-AB9D-918A4AE1C618}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{73E21BF9-4DBB-4F5A-AD73-2E54FEAB6231}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{77B96211-E80D-4AFB-9C6A-5BF1030D06C6}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
"UDP Query User{99D5E9FF-816D-4737-8178-98BB5BB23384}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{9E64AEE6-DFFD-4060-B36D-F418F4D19E95}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}" = HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DDEDFD63-E430-4b0c-8D61-5E4E7280F027}" = Network64
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02A17452-B723-4A32-88A4-E1A1C9CCF1E8}" = MapleStory
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43C0C354-A185-4D2D-A057-67C9160460E1}" = PS_AIO_04_C4580_Software_Min
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8769100B-B645-51A7-5D0F-77AE578A3EBA}" = EA Download Manager UI
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6A195F5-BCAB-4F38-8459-DF693303CD8D}" = PS_AIO_04_C4580_ProductContext
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D4278897-1541-493E-9D39-59CC6AB0FC09}" = PS_AIO_04_C4580_Software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DF507C99-7DE1-4fa8-8632-AB8A205F1258}" = The Sims™ 2 Store Edition
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystic Inn" = Mystic Inn ™
"BFG-Spa Mania" = Spa Mania
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.0 (beta)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Mabinogi" = Mabinogi
"MagicFarm_is1" = MagicFarm 1.026
"MapleStory" = MapleStory
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.0
"NetstormLaunch" = Netstorm Launcher (Console)
"Panda3D Game Engine" = Panda3D Game Engine
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.14
"Tradewinds™ Legends" = Tradewinds™ Legends
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 4.2.0.56)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#9
Essexboy
Posted 12 July 2010 - 01:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Found it :)

If for some reason you are unable to copy and paste the fix I have included it as a downloadable text file. To use this press the Run Fix button and a dialogue box will pop up asking for the location - select the file you downloaded called fix.txt
[attachment=43383:fix.txt]

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
O4 - HKCU..\Run: [Erogokowucaf] C:\Users\Laura\AppData\Local\wbda018.DLL (CyberLink Corp.)
O4 - HKCU..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\Users\Laura\AppData\Local\Temp\dog53.exe ()
O4 - HKCU..\Run: [hsehf98u34i9tjioaugy987iuegdsg] C:\Users\Laura\AppData\Local\Temp\avp32.exe ()
O4 - HKCU..\Run: [mcexecwin] C:\Users\Laura\AppData\Local\Temp\k7vdwv.DLL ()
O4 - HKCU..\Run: [RTHDBPL] C:\Users\Laura\AppData\Roaming\SystemProc\lsass.exe (Jznof)
O4 - HKCU..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\Users\Laura\AppData\Local\Temp\drweb.exe ()
O4 - HKCU..\Run: [vmshuvmc] C:\Users\Laura\AppData\Local\yqrwyvjwq\gjqndcbtssd.exe ()
[2010/07/09 23:51:17 | 000,000,000 | -HSD | C] -- C:\Users\Laura\AppData\Roaming\SystemProc
[2010/07/09 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\yqrwyvjwq
[2010/07/12 11:30:27 | 000,002,716 | ---- | M] () -- C:\Users\Laura\AppData\Local\eruhaqitejig.dll
[2010/07/11 18:44:48 | 000,002,716 | ---- | M] () -- C:\Users\Laura\AppData\Local\iyijadan.dll
[2010/07/10 06:26:20 | 000,002,716 | ---- | M] () -- C:\Users\Laura\AppData\Local\aguyesic.dll
[2010/07/09 22:55:18 | 000,000,000 | ---- | M] () -- C:\Users\Laura\AppData\Local\unurohil.dll
[2010/07/12 11:30:26 | 000,002,716 | ---- | C] () -- C:\Users\Laura\AppData\Local\eruhaqitejig.dll
[2010/07/11 18:44:48 | 000,002,716 | ---- | C] () -- C:\Users\Laura\AppData\Local\iyijadan.dll
[2010/07/10 06:26:19 | 000,002,716 | ---- | C] () -- C:\Users\Laura\AppData\Local\aguyesic.dll
[2010/07/09 22:55:18 | 000,000,000 | ---- | C] () -- C:\Users\Laura\AppData\Local\unurohil.dll

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

You should now be able to run normally in normal mode

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#10
alraina
Posted 12 July 2010 - 02:38 PM

alraina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Being able to start my computer in normal mode with out having that virus shut everything down totally made my day, I give you many cyber hugs! Thank you so much!

Here are all the logs:
OTL Log

OTL logfile created on: 7/12/2010 1:15:03 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Laura\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 136.66 Gb Free Space | 47.85% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 233.11 Mb Total Space | 148.75 Mb Free Space | 63.81% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAURA-PC
Current User Name: Laura
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/11 18:58:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.scr
PRC - [2010/04/07 08:48:43 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/04/07 07:09:07 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/01/11 13:10:42 | 000,689,392 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
PRC - [2010/01/11 13:10:36 | 004,281,584 | ---- | M] (Verizon) -- C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/10/31 14:26:51 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/19 16:26:22 | 003,561,720 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/05/11 22:45:30 | 000,202,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/03/02 19:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/02/02 19:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/09/26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 19:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 19:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/24 19:08:26 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 19:08:26 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/09/23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2010/07/11 18:58:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.scr
MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/21 23:33:32 | 000,240,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/12 12:35:46 | 006,554,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2008/12/12 12:35:36 | 000,285,824 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 19:50:24 | 000,027,648 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/03/26 11:16:04 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 13:10:42 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2008/09/24 19:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/09/24 19:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/09/23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/03/25 22:23:58 | 000,894,976 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/21 23:33:32 | 000,487,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/17 16:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/09/19 18:43:58 | 000,068,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/04 10:48:00 | 000,064,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/14 03:18:54 | 008,029,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/07/15 01:20:42 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/19 18:37:42 | 000,325,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 16:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 19:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 18:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/02/03 09:26:00 | 000,024,568 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\SwSetup\sp43819\iscflashx64.sys -- (iscFlash)
DRV - [2008/09/26 03:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/01/04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....com//login.php"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/18 16:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/06/06 09:00:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/02 16:42:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/02 16:42:18 | 000,000,000 | ---D | M]

[2009/03/05 13:32:00 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Mozilla\Extensions
[2010/07/09 23:14:35 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ux4kodga.default\extensions
[2009/09/29 22:54:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ux4kodga.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/09 23:51:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/09 23:51:15 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2009/05/07 17:27:36 | 000,283,952 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmusicn.dll
[2010/03/02 12:36:24 | 000,221,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppanda3d.dll
[2010/04/07 07:09:07 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/07/12 13:06:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} http://m1.cdn.gaiaon...ns/IDMFlash.cab (AXIDMDCP Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://games.myspace...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Laura\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laura\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/12 13:03:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/11 18:57:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.scr
[2010/07/11 18:57:49 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTH.scr
[2010/07/09 23:51:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/09 23:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/09 23:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/09 23:11:25 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Verizon
[2010/07/09 23:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2010/07/09 23:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2010/07/09 23:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2010/05/31 19:07:54 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\My Kindle Content
[2010/05/31 19:07:48 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\Amazon
[2010/05/27 17:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystic Inn
[2010/05/18 08:37:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/15 19:23:05 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\Electronic Arts
[2010/04/29 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\Panda3D
[2010/04/29 12:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda3D
[2010/04/28 17:10:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/04/19 06:30:27 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\New Folder (2)

========== Files - Modified Within 90 Days ==========

[2010/07/12 13:17:03 | 004,194,304 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT
[2010/07/12 13:15:16 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{74E18BAD-E91E-4B89-944B-83BA4F8CC532}.job
[2010/07/12 13:09:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 13:09:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 13:09:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 13:09:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/12 13:09:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/12 13:09:12 | 4222,832,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 13:08:35 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/07/12 13:08:35 | 000,065,536 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/07/12 12:21:10 | 000,000,732 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps64.dat
[2010/07/11 18:58:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.scr
[2010/07/11 18:57:50 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTH.scr
[2010/07/10 04:51:33 | 000,016,384 | ---- | M] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 04:49:26 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/09 23:51:10 | 000,006,756 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat
[2010/07/09 23:04:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/09 22:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127547017-1507687882-1723143581-1000UA.job
[2010/07/09 16:01:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127547017-1507687882-1723143581-1000Core.job
[2010/07/05 21:18:00 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/05 21:18:00 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/05 21:18:00 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/02 12:01:45 | 000,002,042 | ---- | M] () -- C:\Users\Laura\Desktop\Google Chrome.lnk
[2010/07/02 12:01:45 | 000,002,004 | ---- | M] () -- C:\Users\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/02 10:25:35 | 000,001,142 | ---- | M] () -- C:\Users\Laura\Desktop\ Mabinogi .lnk
[2010/06/29 15:51:30 | 000,134,229 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0006.jpg
[2010/06/29 15:51:29 | 000,140,024 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0005.jpg
[2010/06/28 02:25:01 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLaura.job
[2010/06/19 22:31:45 | 000,024,064 | ---- | M] () -- C:\Users\Laura\Desktop\Measurements.doc
[2010/06/19 08:50:38 | 000,149,753 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0003.jpg
[2010/06/15 20:41:36 | 000,024,576 | ---- | M] () -- C:\Users\Laura\Desktop\Dinner Schedule.doc
[2010/06/15 16:15:30 | 000,024,576 | ---- | M] () -- C:\Users\Laura\Documents\return info.doc
[2010/06/14 21:44:38 | 000,030,720 | ---- | M] () -- C:\Users\Laura\Documents\soup.doc
[2010/06/14 13:02:44 | 000,142,775 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0004.jpg
[2010/06/10 03:32:01 | 000,385,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/10 03:06:13 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010/06/03 19:23:29 | 000,038,912 | ---- | M] () -- C:\Users\Laura\Desktop\Grocery List.doc
[2010/06/01 15:10:59 | 000,134,413 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0001.jpg
[2010/06/01 15:10:59 | 000,134,315 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0002.jpg
[2010/06/01 15:10:59 | 000,133,493 | ---- | M] () -- C:\Users\Laura\Desktop\Maple0000.jpg
[2010/05/31 19:07:50 | 000,002,108 | ---- | M] () -- C:\Users\Laura\Desktop\Kindle For PC.lnk
[2010/05/31 13:32:34 | 000,024,064 | ---- | M] () -- C:\Users\Laura\Documents\Blue twin 2.doc
[2010/05/27 17:12:46 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\Play Mystic Inn.lnk
[2010/05/27 17:12:46 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/05/27 17:11:59 | 000,001,778 | ---- | M] () -- C:\Users\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/05/27 17:11:59 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/05/26 09:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 07:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2010/05/18 08:37:42 | 517,428,604 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/15 19:32:27 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
[2010/05/15 19:01:15 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/05/03 23:54:49 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/05/03 23:52:45 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/05/03 23:52:04 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/05/03 23:51:49 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/05/03 23:51:49 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/05/03 23:51:48 | 002,334,208 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/05/03 23:51:48 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/05/03 23:51:48 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/05/03 23:51:47 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/05/03 22:01:59 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/05/03 22:01:39 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/05/03 22:01:04 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/04/16 09:40:20 | 001,570,816 | ---- | M] () -- C:\Windows\SysNative\quartz.dll
[2010/04/16 09:35:56 | 000,032,256 | ---- | M] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/04/16 07:50:22 | 004,240,384 | ---- | M] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/04/14 11:35:26 | 000,375,808 | ---- | M] () -- C:\Windows\SysNative\psisdecd.dll
[2010/04/14 11:35:24 | 000,289,792 | ---- | M] () -- C:\Windows\SysNative\psisrndr.ax
[2010/04/14 11:35:23 | 000,558,592 | ---- | M] () -- C:\Windows\SysNative\EncDec.dll
[2010/04/14 11:33:49 | 000,101,376 | ---- | M] () -- C:\Windows\SysNative\MSNP.ax
[2010/04/14 11:33:13 | 000,227,328 | ---- | M] () -- C:\Windows\SysNative\mpg2splt.ax

========== Files Created - No Company Name ==========

[2010/07/12 13:09:12 | 4222,832,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 00:21:43 | 000,000,732 | ---- | C] () -- C:\Users\Laura\AppData\Local\d3d9caps64.dat
[2010/06/29 15:51:30 | 000,134,229 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0006.jpg
[2010/06/29 15:51:29 | 000,140,024 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0005.jpg
[2010/06/24 03:01:48 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/24 03:01:48 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/24 03:01:33 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/24 03:01:33 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/24 03:01:33 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/24 03:00:54 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 03:00:54 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 03:00:54 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 03:00:54 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 03:00:54 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 12:17:49 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/23 12:17:48 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/19 22:31:45 | 000,024,064 | ---- | C] () -- C:\Users\Laura\Desktop\Measurements.doc
[2010/06/15 20:41:36 | 000,024,576 | ---- | C] () -- C:\Users\Laura\Desktop\Dinner Schedule.doc
[2010/06/14 21:44:37 | 000,030,720 | ---- | C] () -- C:\Users\Laura\Documents\soup.doc
[2010/06/14 15:53:22 | 000,024,576 | ---- | C] () -- C:\Users\Laura\Documents\return info.doc
[2010/06/14 13:02:44 | 000,149,753 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0003.jpg
[2010/06/14 13:02:44 | 000,142,775 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0004.jpg
[2010/06/09 04:20:37 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/09 04:20:37 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/09 04:20:29 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/09 04:20:28 | 012,468,736 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/09 04:20:25 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/09 04:20:24 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/09 04:20:24 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/09 04:20:24 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/09 04:20:23 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/09 04:20:23 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/09 04:20:23 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/09 04:20:21 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/09 04:20:21 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/09 04:20:20 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/09 04:20:20 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/06/09 04:20:20 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/09 04:20:20 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/09 04:20:20 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/09 04:20:20 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/09 04:20:20 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/09 04:20:20 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/09 04:20:20 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/09 04:20:19 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/09 04:20:02 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/09 04:19:56 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/09 04:19:53 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/01 15:10:59 | 000,134,413 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0001.jpg
[2010/06/01 15:10:59 | 000,134,315 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0002.jpg
[2010/06/01 15:10:59 | 000,133,493 | ---- | C] () -- C:\Users\Laura\Desktop\Maple0000.jpg
[2010/05/31 19:07:50 | 000,002,108 | ---- | C] () -- C:\Users\Laura\Desktop\Kindle For PC.lnk
[2010/05/31 16:53:03 | 000,038,912 | ---- | C] () -- C:\Users\Laura\Desktop\Grocery List.doc
[2010/05/31 13:32:34 | 000,024,064 | ---- | C] () -- C:\Users\Laura\Documents\Blue twin 2.doc
[2010/05/27 17:12:46 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Play Mystic Inn.lnk
[2010/05/27 17:11:59 | 000,001,778 | ---- | C] () -- C:\Users\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/05/27 17:11:59 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/05/27 17:11:59 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/05/26 00:49:09 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/18 08:37:00 | 517,428,604 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/15 19:32:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
[2010/05/15 19:01:15 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/05/11 21:33:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/04/29 02:14:04 | 000,270,208 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/04/13 23:00:08 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/04/13 23:00:07 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/04/13 23:00:07 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/04/13 23:00:03 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/04/13 23:00:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/04/13 23:00:03 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/04/13 23:00:00 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/13 22:59:57 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/04/13 22:59:52 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/13 13:29:14 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/04/13 13:29:03 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2009/02/17 22:33:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/14 12:29:21 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/02/14 12:29:20 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/02/14 12:29:20 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/01/10 22:40:12 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Amazon
[2009/05/07 04:08:27 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\blg
[2009/03/25 14:49:07 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Gamelab
[2009/02/17 22:24:41 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\GetRightToGo
[2009/08/13 15:41:24 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Meridian93
[2009/08/12 07:01:40 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\My Games
[2009/02/15 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Nexon
[2009/07/22 21:56:18 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\PlayFirst
[2009/04/26 08:05:06 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Template
[2009/07/02 14:40:44 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\UClick
[2009/02/13 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\WildTangent
[2010/07/12 11:41:26 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/12 13:15:16 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{74E18BAD-E91E-4B89-944B-83BA4F8CC532}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:F67AAFC5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2B99FE60
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:55FBB3E8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:8247A199
< End of report >



MBAM Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4306

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

7/12/2010 1:26:18 PM
mbam-log-2010-07-12 (13-26-18).txt

Scan type: Quick scan
Objects scanned: 142619
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.


This log popped up after the restart with the first step, not sure if its needed or important but might as well post just in case.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Erogokowucaf not found.
File C:\Users\Laura\AppData\Local\wbda018.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hsef87ehf3jishfs87fhuishfsgggfdgs4g not found.
File C:\Users\Laura\AppData\Local\Temp\dog53.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hsehf98u34i9tjioaugy987iuegdsg not found.
File C:\Users\Laura\AppData\Local\Temp\avp32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mcexecwin not found.
File C:\Users\Laura\AppData\Local\Temp\k7vdwv.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDBPL not found.
File C:\Users\Laura\AppData\Roaming\SystemProc\lsass.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sdr8gdrgdrgke49orkgsjkjfjhsd not found.
File C:\Users\Laura\AppData\Local\Temp\drweb.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vmshuvmc not found.
File C:\Users\Laura\AppData\Local\yqrwyvjwq\gjqndcbtssd.exe not found.
Folder C:\Users\Laura\AppData\Roaming\SystemProc\ not found.
Folder C:\Users\Laura\AppData\Local\yqrwyvjwq\ not found.
File C:\Users\Laura\AppData\Local\eruhaqitejig.dll not found.
File C:\Users\Laura\AppData\Local\iyijadan.dll not found.
File C:\Users\Laura\AppData\Local\aguyesic.dll not found.
File C:\Users\Laura\AppData\Local\unurohil.dll not found.
File C:\Users\Laura\AppData\Local\eruhaqitejig.dll not found.
File C:\Users\Laura\AppData\Local\iyijadan.dll not found.
File C:\Users\Laura\AppData\Local\aguyesic.dll not found.
File C:\Users\Laura\AppData\Local\unurohil.dll not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Laura
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 229814859 bytes
->Java cache emptied: 43045927 bytes
->FireFox cache emptied: 96334829 bytes
->Google Chrome cache emptied: 439781610 bytes
->Flash cache emptied: 2424693 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23400502 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 56918524 bytes

Total Files Cleaned = 850.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Laura
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07122010_130617

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
Essexboy
Posted 12 July 2010 - 04:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks much better :) What problems do you have now ?
  • 0

#12
alraina
Posted 12 July 2010 - 04:29 PM

alraina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I don't have any more problems from what I can tell, everything is working great. Thank you so much! I was so afraid that I was going to have to wipe my drive and start all over, but you saved the day! Thank you again! I hope you have a great day.
  • 0

#13
Essexboy
Posted 12 July 2010 - 04:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586-p.exe and select "Run as an Administrator.")


SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#14
alraina
Posted 12 July 2010 - 05:50 PM

alraina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thank you for all your help! All thats left is to run the defrag! Do you have any suggestions for anti spyware for Google Chrome? I noticed that Spyware blaster only protects firefox and I.E.
  • 0

#15
Essexboy
Posted 13 July 2010 - 11:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As far as I am aware there are no addons of that type for Chrome yet
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP