Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Security Guard 2012

Started by AcerCook , Oct 05 2011 08:56 PM

This topic is locked

#1
AcerCook

Posted 05 October 2011 - 08:56 PM

Member

Member
42 posts

Early this morning I somehow contracted the Security Guard 2012 virus. I am able to download programs such as, MBAM it runs for a few minutes and then closes itself. I can then no longer run this program or open it. The desktop icon now looks like a broken icon. I was able to delete the Security Guard 2012 program that was on the computer and I stopped one of the processes in task manager so that it does not appear on my computer. I know it is not completely removed and need some help getting rid of it. If I restart my computer everything that I deleted comes back for Security Guard 2012. Thank you for your time and help.

#2
maliprog

Posted 06 October 2011 - 07:02 AM

Trusted Helper

Malware Removal
6,172 posts

Hello AcerCook and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Please don't forget to include these items in your reply:

OTL log
OTL Extras log

It would be helpful if you could post each log in separate post

#3
maliprog

Posted 10 October 2011 - 11:57 PM

Trusted Helper

Malware Removal
6,172 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#4
maliprog

Posted 11 October 2011 - 11:56 PM

Trusted Helper

Malware Removal
6,172 posts

User returned

Hi AcerCook,

Please post logs here for me.

#5
AcerCook

Posted 12 October 2011 - 12:01 AM

Member

Topic Starter
Member
42 posts

Thanks Maliprog...my computer now has a blue screen and I cannot open IE. I am able to run in Safe Mode with Networking right now. Should I download OTL in Safe Mode?

#6
maliprog

Posted 12 October 2011 - 12:06 AM

Trusted Helper

Malware Removal
6,172 posts

Yes please. You can download and run OTL in safe mode. Post log after the scan.

#7
AcerCook

Posted 12 October 2011 - 12:24 AM

Member

Topic Starter
Member
42 posts

OTL logfile created on: 10/12/2011 2:11:48 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Carrie Dearden\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.66% Memory free
6.18 Gb Paging File | 5.74 Gb Available in Paging File | 92.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.79 Gb Total Space | 218.50 Gb Free Space | 60.06% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 1.00 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 5.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CARRIEDEARDE-PC | User Name: Carrie Dearden | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\2621673295:2960178275.exe
PRC - [2011/10/12 02:11:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Carrie Dearden\Desktop\OTL.scr
PRC - [2011/10/11 17:57:36 | 000,180,224 | ---- | M] () -- C:\Program Files\AE900\lvvm.exe
PRC - [2011/10/11 17:57:16 | 000,175,616 | ---- | M] () -- C:\Users\Carrie Dearden\AppData\Roaming\AA1AE\EFF25.exe
PRC - [2011/10/11 09:28:05 | 000,173,568 | ---- | M] () -- C:\Program Files\Internet Explorer\25AA\576.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/11 17:57:36 | 000,180,224 | ---- | M] () -- C:\Program Files\AE900\lvvm.exe
MOD - [2011/10/11 17:57:16 | 000,175,616 | ---- | M] () -- C:\Users\Carrie Dearden\AppData\Roaming\AA1AE\EFF25.exe
MOD - [2011/10/11 09:28:05 | 000,173,568 | ---- | M] () -- C:\Program Files\Internet Explorer\25AA\576.exe
MOD - [2006/11/02 05:46:10 | 000,227,328 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/17 00:39:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/12 13:50:44 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/11 19:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 19:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 18:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 18:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 13:32:28 | 000,208,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 02:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 12:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)

========== Driver Services (SafeList) ==========

DRV - [2011/09/13 00:25:59 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/11 12:02:34 | 000,263,888 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/05/05 17:17:33 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/03/10 09:08:22 | 000,233,976 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2010/07/17 00:38:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/02/22 03:44:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/08/26 06:33:00 | 000,026,368 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optovcm.sys -- (optovcm)
DRV - [2009/08/26 06:33:00 | 000,018,432 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optousb.sys -- (optousb)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/11/07 05:29:22 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/13 09:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51434

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Carrie Dearden\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Carrie Dearden\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Carrie Dearden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

[2011/10/05 09:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/10/07 13:51:44 | 000,000,882 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 95.64.61.143 www.google.com
O1 - Hosts: 95.64.61.144 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (adfabonppr Object) - {26D02F99-AE5B-4533-AD67-E23B4B20D60D} - C:\Windows\$BLSTUN$\qgnnv.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (brumabonpgrm Object) - {795F4311-02C9-4B7B-A9BB-78D4FE68A98D} - C:\Windows\$BLSTUN$\lmatn.dll ()
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No CLSID value found.
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll File not found
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {50EC13F9-D1F6-4012-A076-F73088D8241C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [576.exe] C:\Program Files\Internet Explorer\25AA\576.exe ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [COONNtxPPuc8234A] C:\Windows\System32\I999gTTZqjYCkIr.exe ()
O4 - HKLM..\Run: [EXXqqjYYCe8234A] C:\Windows\System32\B5aaQQH6dWK7RLg.exe ()
O4 - HKLM..\Run: [fHH66sWWK7EL9Tq8234A] C:\Windows\System32\QbbbD3pnG4a.exe ()
O4 - HKLM..\Run: [hbbbF33pnG5aH6W8234A] C:\Windows\system32\xkkIBrrzONyx0uS.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [JLL99gTTXqjCkIr8234A] C:\Windows\System32\FaQQHH6dWK7f.exe ()
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [pLLL9ggTZqjYwkV8234A] C:\Windows\System32\T33ppnGG4aH6sK7.exe ()
O4 - HKLM..\Run: [qUUCCelIIrzPxuS8234A] C:\Windows\System32\m555sQQ6dEKfZTw.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WNycA1uvDoFp8234A] C:\Windows\system32\uEK8gRZ9hXjVlBz.exe File not found
O4 - HKLM..\Run: [zaQQQH6dWK7fR8234A] C:\Windows\System32\GxxAA0uuvS2bFpG.exe ()
O4 - HKLM..\Run: [zqqhhYXXwkVel8234A] C:\Windows\System32\tmmmHH5sWJ7dL8R.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [eL31400JjPaG31400] C:\ProgramData\eL31400JjPaG31400\eL31400JjPaG31400.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\Road Runner Music\DMDownload.htm File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Carrie Dearden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B8A9460-51EA-4547-B11D-E22D69E1C85D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Carrie Dearden\AppData\Roaming\AA1AE\EFF25.exe) -C:\Users\Carrie Dearden\AppData\Roaming\AA1AE\EFF25.exe ()
O24 - Desktop WallPaper: C:\Users\Carrie Dearden\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Carrie Dearden\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/12 14:11:51 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/01/10 02:04:54 | 000,000,085 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{45a683b8-dd97-11dc-aa5c-001bfc7f6598}\Shell\AutoRun\command - "" = J:\JDSecure\Windows\JDSecure31.exe
O33 - MountPoints2\{8531bb9c-ad8c-11e0-b9db-001bfc7f6598}\Shell - "" = AutoRun
O33 - MountPoints2\{8531bb9c-ad8c-11e0-b9db-001bfc7f6598}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.exe
O33 - MountPoints2\{8531bbaa-ad8c-11e0-b9db-001bfc7f6598}\Shell - "" = AutoRun
O33 - MountPoints2\{8531bbaa-ad8c-11e0-b9db-001bfc7f6598}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.exe
O33 - MountPoints2\{ae64167a-42c9-11e0-85dd-001bfc7f6598}\Shell - "" = AutoRun
O33 - MountPoints2\{ae64167a-42c9-11e0-85dd-001bfc7f6598}\Shell\AutoRun\command - "" = J:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{f003d105-23be-11dc-ac82-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f003d105-23be-11dc-ac82-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunGame.exe -- [2003/08/27 04:47:08 | 000,147,456 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 02:10:58 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Carrie Dearden\Desktop\OTL.scr
[2011/10/11 18:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\eL31400JjPaG31400
[2011/10/11 18:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/11 17:57:42 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\sCCCwwkIVrlOtx0
[2011/10/11 17:57:42 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\fGGG4aamH6sW7fL
[2011/10/11 17:57:39 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\UEEEK88gRZ9hXw
[2011/10/11 17:57:39 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\iUVlBttz0c
[2011/10/11 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\DlltPySiDoGaHW7
[2011/10/11 17:57:34 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\fdKgZhXjeItPy
[2011/10/11 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\AE900
[2011/10/11 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\VhYYXXwkUVelBtP
[2011/10/11 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\jffRRZ99hTXjU
[2011/10/11 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\FjUUCCelIBrzNyA
[2011/10/11 17:56:51 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\AA1AE
[2011/10/08 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\p777fEEL9gTq
[2011/10/08 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\IfffELL8g
[2011/10/08 18:25:11 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\IRRLL9gTTXjYCkI
[2011/10/08 18:25:11 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\FrzzOONyx0vSib3
[2011/10/08 18:25:10 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\vm5Q6E8XUeIzNx2
[2011/10/08 18:25:09 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\Xn4m5W7E8RqYwUe
[2011/10/08 18:24:27 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\QBBrrzPPNyx
[2011/10/08 18:24:21 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\TyyyxAA1uvS2bFp
[2011/10/08 18:24:20 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\VppmmH5sQJ7dE8R
[2011/10/07 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/07 20:46:11 | 000,000,000 | ---D | C] -- C:\Windows\$BLSTUN$
[2011/10/07 20:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2011/10/06 00:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/06 00:43:46 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/06 00:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/05 22:30:02 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\DirectxBackupUpdate.dll
[2011/10/05 22:11:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/05 22:11:27 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\Malwarebytes
[2011/10/05 22:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/05 21:59:17 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\OllOONttxP0cSib
[2011/10/05 21:59:17 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\foonnG4aam
[2011/10/05 04:33:34 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\lqqqjjUCekIBzOy
[2011/10/05 04:33:34 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\cvSS22obF3pm5aJ
[2011/10/05 04:09:50 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/10/05 04:09:50 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/10/05 04:09:48 | 000,253,096 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/10/05 04:09:48 | 000,107,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/10/05 04:09:41 | 000,263,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/10/05 04:09:41 | 000,160,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/10/05 04:09:38 | 000,233,976 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2011/10/05 04:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/10/05 04:09:36 | 000,070,664 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/10/05 04:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/10/05 04:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/10/05 04:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/10/05 03:47:55 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\j6dWK8fRLhXjClB
[2011/10/05 03:47:55 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\BobF3pmG5Q
[2011/10/05 03:34:03 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\yRL9hTXqjCkBzNx
[2011/10/05 03:34:03 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\Q0uvS2ibFpGaHdK
[2011/10/05 03:33:56 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\PycA1ivD2n4m5Q7
[2011/10/04 20:41:21 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build-a-lot - On Vacation
[2011/10/04 20:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build-a-lot - On Vacation
[2011/10/04 20:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Build-a-lot - On Vacation
[2011/09/28 03:00:26 | 000,000,000 | ---D | C] -- C:\2aad1226e5c155bfc8d114
[2011/09/14 03:03:13 | 000,000,000 | ---D | C] -- C:\56d16c9367e186bb50125037f697f5
[2008/01/26 04:07:12 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/12 02:11:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Carrie Dearden\Desktop\OTL.scr
[2011/10/12 01:45:41 | 000,000,150 | ---- | M] () -- C:\Users\Carrie Dearden\Desktop\rk-proxy.reg
[2011/10/12 01:45:33 | 000,889,864 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/12 01:45:33 | 000,195,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/12 01:41:10 | 000,000,000 | ---- | M] () -- C:\Windows\2621673295
[2011/10/12 01:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 01:36:01 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6E25402C-C311-427D-83F0-9DE5D4B02233}.job
[2011/10/12 01:29:47 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 01:29:47 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 19:07:37 | 286,807,291 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/07 21:44:36 | 003,032,064 | ---- | M] () -- C:\Windows\System32\I999gTTZqjYCkIr.exe
[2011/10/07 21:44:24 | 003,032,064 | ---- | M] () -- C:\Windows\System32\GxxAA0uuvS2bFpG.exe
[2011/10/07 21:44:11 | 003,032,064 | ---- | M] () -- C:\Windows\System32\QbbbD3pnG4a.exe
[2011/10/07 21:42:17 | 003,032,064 | ---- | M] () -- C:\Windows\System32\m555sQQ6dEKfZTw.exe
[2011/10/07 20:50:28 | 003,032,064 | ---- | M] () -- C:\Windows\System32\tmmmHH5sWJ7dL8R.exe
[2011/10/07 20:48:53 | 003,032,064 | ---- | M] () -- C:\Windows\System32\B5aaQQH6dWK7RLg.exe
[2011/10/07 20:48:49 | 003,032,064 | ---- | M] () -- C:\Windows\System32\T33ppnGG4aH6sK7.exe
[2011/10/07 20:46:13 | 003,032,064 | ---- | M] () -- C:\Windows\System32\FaQQHH6dWK7f.exe
[2011/10/07 13:51:44 | 000,000,882 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/06 00:44:00 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/06 00:43:49 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/06 00:39:00 | 001,008,092 | ---- | M] () -- C:\Users\Carrie Dearden\Desktop\rkill.com
[2011/10/05 04:10:20 | 001,869,232 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/10/05 04:09:39 | 000,001,748 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/10/05 04:08:22 | 000,512,992 | ---- | M] () -- C:\Users\Carrie Dearden\Desktop\sdsetup_aff[1].exe
[2011/10/05 03:34:07 | 000,001,213 | ---- | M] () -- C:\Users\Carrie Dearden\AppData\Roaming\ldr.ini
[2011/10/04 20:41:40 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Play Build-a-lot - On Vacation.lnk
[2011/10/04 20:41:40 | 000,001,574 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/10/04 20:18:30 | 087,011,417 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/09/13 00:25:59 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/12 01:45:41 | 000,000,150 | ---- | C] () -- C:\Users\Carrie Dearden\Desktop\rk-proxy.reg
[2011/10/07 21:44:36 | 003,032,064 | ---- | C] () -- C:\Windows\System32\I999gTTZqjYCkIr.exe
[2011/10/07 21:44:24 | 003,032,064 | ---- | C] () -- C:\Windows\System32\GxxAA0uuvS2bFpG.exe
[2011/10/07 21:44:11 | 003,032,064 | ---- | C] () -- C:\Windows\System32\QbbbD3pnG4a.exe
[2011/10/07 21:42:17 | 003,032,064 | ---- | C] () -- C:\Windows\System32\m555sQQ6dEKfZTw.exe
[2011/10/07 21:29:25 | 286,807,291 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/07 20:50:27 | 003,032,064 | ---- | C] () -- C:\Windows\System32\tmmmHH5sWJ7dL8R.exe
[2011/10/07 20:48:53 | 003,032,064 | ---- | C] () -- C:\Windows\System32\B5aaQQH6dWK7RLg.exe
[2011/10/07 20:48:49 | 003,032,064 | ---- | C] () -- C:\Windows\System32\T33ppnGG4aH6sK7.exe
[2011/10/07 20:46:13 | 003,032,064 | ---- | C] () -- C:\Windows\System32\FaQQHH6dWK7f.exe
[2011/10/06 00:43:49 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/06 00:39:00 | 001,008,092 | ---- | C] () -- C:\Users\Carrie Dearden\Desktop\rkill.com
[2011/10/05 04:09:53 | 001,869,232 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/10/05 04:09:39 | 000,001,748 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/10/05 04:08:22 | 000,512,992 | ---- | C] () -- C:\Users\Carrie Dearden\Desktop\sdsetup_aff[1].exe
[2011/10/05 03:34:04 | 000,001,213 | ---- | C] () -- C:\Users\Carrie Dearden\AppData\Roaming\ldr.ini
[2011/10/05 03:30:57 | 000,000,000 | ---- | C] () -- C:\Windows\2621673295
[2011/10/04 20:41:40 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Play Build-a-lot - On Vacation.lnk
[2011/10/04 20:41:40 | 000,001,574 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/08/08 23:22:16 | 000,010,089 | ---- | C] () -- C:\Users\Carrie Dearden\AppData\Roaming\E900.A1A
[2010/12/29 05:40:45 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/09/12 00:33:05 | 000,161,603 | ---- | C] () -- C:\Windows\hpoins16.dat
[2010/09/12 00:33:05 | 000,004,602 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2010/01/26 05:37:05 | 000,225,280 | ---- | C] () -- C:\Windows\System32\net_rim_plazmic_flint_dialog.dll
[2010/01/09 01:31:06 | 000,007,577 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/12/07 00:03:09 | 000,012,484 | ---- | C] () -- C:\Users\Carrie Dearden\AppData\Roaming\settings.dat
[2009/12/06 23:58:11 | 000,620,870 | ---- | C] () -- C:\Users\Carrie Dearden\AppData\Roaming\farm.bmp
[2009/10/22 21:44:51 | 000,157,512 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/02 04:56:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/02/05 18:17:13 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2008/10/02 03:43:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008/04/03 03:23:04 | 000,000,038 | ---- | C] () -- C:\Windows\System32\w3url.dll
[2008/03/25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/03/25 16:42:46 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/03/25 16:42:46 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/03/25 16:42:46 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/17 18:26:42 | 000,041,984 | ---- | C] () -- C:\Users\Carrie Dearden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/05 04:11:52 | 000,000,110 | ---- | C] () -- C:\Users\Carrie Dearden\AppData\Roaming\wklnhst.dat
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/24 20:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 20:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/06/12 14:02:43 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/06/12 13:52:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007/06/12 13:45:52 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/06/12 13:43:01 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/06/12 13:43:01 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 04:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 10:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 10:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,716,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,889,864 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,195,756 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/06/23 13:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2011/10/11 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\AA1AE
[2011/06/04 21:21:28 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Alawar
[2011/05/17 23:41:21 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Big Fish Games
[2010/02/04 00:23:33 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\BlamGames
[2011/05/17 17:55:09 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\blg
[2008/01/13 04:06:57 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\BloodTies
[2011/10/05 03:47:55 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\BobF3pmG5Q
[2009/03/15 04:52:56 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Boolat Games
[2010/06/07 01:47:40 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Boomzap
[2008/07/21 04:24:35 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Canon
[2008/03/09 03:24:02 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\cerasus.media
[2011/10/05 04:33:34 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\cvSS22obF3pm5aJ
[2010/01/27 00:10:14 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\DivoGames
[2011/10/11 17:57:38 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\DlltPySiDoGaHW7
[2010/03/27 22:28:01 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Facebook
[2011/10/11 17:57:34 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\fdKgZhXjeItPy
[2011/10/11 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\fGGG4aamH6sW7fL
[2011/01/03 22:59:20 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\FinalTorrent
[2011/10/11 17:57:05 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\FjUUCCelIBrzNyA
[2010/01/11 01:48:52 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Flood Light Games
[2011/10/05 21:59:17 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\foonnG4aam
[2008/08/30 02:49:07 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\ForgottenRiddles2
[2011/07/19 15:28:17 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Friday's games
[2011/10/08 18:25:11 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\FrzzOONyx0vSib3
[2010/12/08 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\funkitron
[2008/12/08 17:53:14 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\GameInvest
[2008/11/17 00:55:20 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Gamelab
[2011/05/18 18:24:27 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\GamesCafe
[2011/03/17 15:26:45 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\GARMIN
[2008/10/03 03:57:48 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010/01/15 18:35:03 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Gold Casual Games
[2007/12/26 18:59:45 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Home Sweet Home
[2010/03/27 22:50:47 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Home Sweet Home 2
[2009/12/18 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Home Sweet Home Christmas
[2011/07/19 23:13:03 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Hotdog Hotshot
[2011/10/08 18:25:12 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\IfffELL8g
[2011/10/08 18:25:11 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\IRRLL9gTTXjYCkI
[2011/10/11 17:57:39 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\iUVlBttz0c
[2011/10/05 03:47:55 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\j6dWK8fRLhXjClB
[2008/01/27 22:35:59 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Jane s Hotel
[2011/10/11 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\jffRRZ99hTXjU
[2011/10/05 04:33:34 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\lqqqjjUCekIBzOy
[2010/12/15 18:32:11 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Ludia
[2007/10/28 23:33:02 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Mysteryville2
[2008/02/19 02:40:40 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\New Tier
[2008/09/23 04:03:43 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Oberon Games
[2011/10/05 21:59:17 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\OllOONttxP0cSib
[2011/10/08 18:25:12 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\p777fEEL9gTq
[2011/05/06 21:39:23 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Ph03nixNewMedia
[2011/05/25 02:59:12 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\PlayFirst
[2011/05/16 18:41:14 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\playmink
[2010/01/06 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Playrix Entertainment
[2010/12/27 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Pogo Games
[2011/10/05 03:33:56 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\PycA1ivD2n4m5Q7
[2011/10/05 03:34:03 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Q0uvS2ibFpGaHdK
[2010/03/17 17:58:04 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\QB9
[2011/10/08 18:24:27 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\QBBrrzPPNyx
[2010/01/26 05:37:05 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Research In Motion
[2008/04/03 03:23:33 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Road Runner Music
[2008/04/11 04:24:57 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Sandlot Games
[2011/10/11 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\sCCCwwkIVrlOtx0
[2008/10/30 15:48:53 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\SecretIslandEng
[2007/09/22 19:45:39 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Snapfish
[2010/12/29 06:44:58 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/06/07 22:32:22 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Stand O'Food 3
[2011/05/06 20:12:44 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\SulusGames
[2011/05/26 19:30:48 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Supermarket Mania 2
[2011/05/31 23:09:17 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\SupportSoft
[2007/12/05 04:11:53 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Template
[2010/01/11 17:20:47 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\TheFixerUpper
[2011/10/08 18:24:25 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\TyyyxAA1uvS2bFp
[2009/04/16 22:23:47 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Ubisoft
[2009/05/09 00:19:56 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\UClick
[2011/10/11 17:57:39 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\UEEEK88gRZ9hXw
[2011/08/09 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Valusoft
[2011/10/11 17:57:05 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\VhYYXXwkUVelBtP
[2009/02/24 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\ViquaSoft
[2011/10/08 18:25:10 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\vm5Q6E8XUeIzNx2
[2011/10/08 18:24:20 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\VppmmH5sQJ7dE8R
[2010/12/29 05:44:58 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\WeatherBug
[2008/02/11 02:07:24 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\WinBatch
[2011/03/17 19:19:15 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\World-LooM
[2011/10/08 18:25:09 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\Xn4m5W7E8RqYwUe
[2011/04/23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\YoudaGames
[2011/10/05 03:34:03 | 000,000,000 | ---D | M] -- C:\Users\Carrie Dearden\AppData\Roaming\yRL9hTXqjCkBzNx
[2011/10/09 21:22:20 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/12 01:36:01 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6E25402C-C311-427D-83F0-9DE5D4B02233}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX8\procs\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 02:31:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX8\h\explorer.exe
[2007/11/15 02:31:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX3\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Carrie Dearden\AppData\Local\Temp\RarSFX3\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 12:56:18 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 12:56:18 | 000,634,648 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62444$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:15752405
@Alternate Data Stream - 784 bytes -> C:\Windows\2621673295:2960178275.exe
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:0DE96CF5
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:E9900C74
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:5C4A588B
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:DE9AC04F
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:9D6EAEC3
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:91FFEC32
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:063969F8
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:3B07E6F4
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:04BB186B
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:DB77E2C4
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:073139EC
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:A00BCDEF
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:5AE33054
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:A41FEAA2
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:27790C06
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:957E9765
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:4E6B8D68
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:08801FDB
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:E4FCDFD9
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:11EFE63D
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:DFC3B090
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:708BB0FA
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:09708CB7
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:E5F8E280
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:961B4D58
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:8F4E260C
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:33DB8278
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:12EA4DC9
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:7920E530
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:059167AF
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:409A775B
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:6F55EB66
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:69FD6BF0
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:178093AE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F53B274A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:908A1B53
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:16ADBA30
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3A0561F3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:BCDC6E07
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3571475C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0968E571
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FEECF2C8
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C6D0ABC3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3815BC84
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:53DF4438
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:067F588D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D576A536
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E5DE9C8F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8B51CAAE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4DCAC4BC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CDB75348
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:538B96B5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4C49306C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AC0ED43
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B1FBA7E1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C35B4B19
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B6FD7157
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5433DBEF
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6C9F5E5E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:9EF92A1A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:90B52091
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:83ACAC73
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:393F7B1E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1A5CC80A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0DACB2B7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0D52F295
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:DD629819
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98F6F85C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:61F0C8FB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D46ECFD5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:29B37860
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F43B7E8F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:38D2EA83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DE9F4320
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:13AA281B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D708EEF9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:CE6885F1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C86B29EB
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1A5207FA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3790BACD
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B3B7A337
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:6B50A605
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:067BF339
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:269C0B5C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:13DF9DD1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:10D98D98
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D8134D8F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:FECEF728
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:969C0C96
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8999FD56

< End of report >

#8
AcerCook

Posted 12 October 2011 - 12:24 AM

Member

Topic Starter
Member
42 posts

OTL Extras logfile created on: 10/12/2011 2:11:48 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Carrie Dearden\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.66% Memory free
6.18 Gb Paging File | 5.74 Gb Available in Paging File | 92.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.79 Gb Total Space | 218.50 Gb Free Space | 60.06% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 1.00 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 5.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CARRIEDEARDE-PC | User Name: Carrie Dearden | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F30331-D1D5-43F2-8A91-0C5031F7E7D8}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{06F923F8-2103-4360-AC90-4BEF00CCEB51}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{0ABE23EA-1823-4050-8797-7A639159099A}" = rport=137 | protocol=17 | dir=out | app=system |
"{0ADE7EDD-D302-4A64-BBE6-432C49BDB038}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1B94FBFC-869F-46E4-906F-24757EDFA4E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{27233DC1-024C-4392-A0CA-66315A2526D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{2D8B5439-C7FC-4563-B5D0-25DDF1869AE8}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{2FCBC015-4B92-440A-BE40-5B9473E02D38}" = lport=138 | protocol=17 | dir=in | app=system |
"{37005FDE-620E-492E-8567-18D98990789B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C517238-2F7A-4381-AD5E-C90541D47FEB}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{505AE701-8545-4BCE-9B1C-AAC57532584E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{77E619D7-B151-4F36-A97C-2A708972C262}" = rport=445 | protocol=6 | dir=out | app=system |
"{8874686E-33AE-4A8E-97AD-71BB62F70A11}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{8D7834DF-74FA-457D-BB60-DE59AC55A157}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{93BBF64C-8CFB-45EA-BE31-015ADA105005}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{988FDEB4-277C-4806-AA22-DA261E35A255}" = lport=139 | protocol=6 | dir=in | app=system |
"{B1D4BD5D-6B09-417E-B563-DFFB5C5C0A67}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB9F87D7-4CB9-40DB-BD0D-759F06A383F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{BE47719B-3776-434F-A92B-40DAE018451C}" = rport=138 | protocol=17 | dir=out | app=system |
"{E296B15F-CD1F-4A73-8423-3BDC6F86C97E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FD88FC36-6AEB-4053-AC09-21B48AE0A291}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D3E135-B7B9-4C57-8B70-DA21C4F35AA8}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{035450A3-6A07-45E2-8765-F4AD6D989757}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{04BD6950-42E7-4CB9-A3A0-CD70CF302836}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{04E48A78-3A9A-40DC-B252-C90C5CBE5A57}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{0DF69462-91DB-467C-85C7-8983513C4766}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{0E6CBD5F-AA1C-4DF8-ABC6-8AC2BB095D0B}" = dir=in | app=c:\program files\finaltorrent\finaltorrent.exe |
"{14AD9F75-5E92-47FC-AE45-7A58EC39E9D7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{26CB0335-EBCB-4323-92A3-526A81E90CE8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{28D228BC-868A-4031-BF40-7BF60B623976}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{2C162543-7D0D-4EE9-9C48-CE6A373017C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3088717D-D77D-4FDD-AA3D-5BFC7EC0145B}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{3C2BD314-1A86-48C2-9B64-92EFD718C990}" = protocol=1 | dir=out | [email protected],-28544 |
"{40B4E520-FED3-42FE-8D54-3E864D140FFD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{49D4ACA3-E627-4B5E-BDC0-072142CB1252}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4EF280AB-4B73-442C-98DA-13379FDD4DA3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{5809F549-A046-450D-8BB6-BC597DF3A997}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58AF8F55-5719-4B61-A029-9EFFB028FAAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{61E9D53A-58CD-4817-BF4E-7246CD7BF8A7}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{63E3287A-7CAA-44DB-9810-166F291966E0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{641F367E-0AE7-44CC-88AB-2196D4E5F7CA}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{6734AD9C-6802-4C23-8FE6-92B1168552FA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{6E51B8D4-40C3-4645-94F1-C352DB9023B8}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{7325A36A-042C-424A-8CB9-76EEED735FA6}" = protocol=1 | dir=in | [email protected],-28543 |
"{73489C85-872C-47AC-AC18-94CF9D5A1DB1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{789AD0E3-B80D-456D-9F75-519288AA02DA}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"{8161C37E-5534-4C7A-81ED-F29EBA5EDEB6}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{82B866BB-7BFB-4E9C-9A28-2087F51C7EBC}" = protocol=58 | dir=in | [email protected],-28545 |
"{89D144B6-C772-401C-8E9F-29FF8F5D32B0}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9423FB88-FFDF-4D4C-9D61-85D5FC82556B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{991DF7E0-341B-45DF-8EE7-F18D370ED749}" = protocol=58 | dir=out | [email protected],-28546 |
"{A00DFF39-0FF8-4CA5-A36E-AEE9E17AAC7E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A3CE499A-599E-454B-9DC0-2407E550983A}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{A5C5580B-08B8-4032-B2D5-91EFAB9E02B9}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"{A9F1657A-3957-4DB0-A231-DCE05661E906}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{B366FB76-6437-44F4-BC30-6EBC5B5EB056}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6D24D8D-377B-42C8-B986-E38C7B99B6D4}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{E7253C1C-F1F3-4E1E-BD48-0A9D6D49AAF0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E9FCE3BE-573C-4327-B18A-2A1061CE1905}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{EEAA626A-208C-41C5-9619-1173882142FF}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{F1BD54FA-0D16-4291-A33F-50B63F07E219}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F6CBA409-A576-418A-B640-3C2E3614F6A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{01EF1E8D-8A54-4FA3-87ED-49F1750A886C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{0D3BCBF9-75DF-4871-8795-24E01F7CFFE0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{733BF0F0-2089-459A-86A3-1F100A7B1C8D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CCAB5269-6F7F-4EA8-B3C5-69F20A934B26}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{9CCED007-ECD8-4221-B7AB-EDA25346F568}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{A5E0E1DC-A682-4D74-84BF-9C4D1E526D4A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B6F9CA3A-D692-4DE8-90B4-6CB6A517C132}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{F0A54807-9E8B-4554-96E4-0190FFAC17B3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$BLSTUN$" = Talul-Ads Browser Enhancer
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03ACC7CA-52CB-44d7-B87D-9F0D3B6930FD}" = HP Photosmart Printer Driver Software 10.0.02
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8896270-5B9A-4fd0-8752-AD8C7EBC9BE2}" = D7200
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF1778C9-CC16-4aad-AF43-9A57429E7114}" = PS_SF_02_Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C6941FEB-0595-4ff5-8F31-B6F4B31C031F}" = D7200_Help
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23E6E13-653C-415e-937A-598E1CEFACB1}" = PS_SF_02_Software_Min
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB52D14B-505F-4e32-89FF-1234233301D2}" = PS_SF_02_ProductContext
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"BFG-Bistro Boulevard" = Bistro Boulevard
"BFG-Build-a-lot - On Vacation" = Build-a-lot: On Vacation
"BFG-Build-a-Lot - The Elizabethan Era" = Build-a-Lot: The Elizabethan Era
"BFG-Build-a-lot 2 - Town of the Year" = Build-a-lot 2: Town of the Year
"BFG-Build-a-lot 3 - Passport to Europe" = Build-a-lot 3: Passport to Europe
"BFG-Build-a-Lot 4 - Power Source" = Build-a-Lot 4: Power Source
"BFGC" = Big Fish Games: Game Manager
"BFG-Cooking Academy 2 - World Cuisine" = Cooking Academy 2: World Cuisine
"BFG-Dolphins Dice Slots" = Dolphins Dice Slots
"BFG-Farm Frenzy 3 - American Pie" = Farm Frenzy 3: American Pie
"BFG-Fix-it-up - Kates Adventure" = Fix-it-up: Kate`s Adventure
"BFG-Fix-It-Up - World Tour" = Fix-It-Up: World Tour
"BFG-Garden Dash" = Garden Dash
"BFG-Gardenscapes" = Gardenscapes
"BFG-Gourmania 2 - Great Expectations" = Gourmania 2: Great Expectations
"BFG-Gourmania 3 - Zoo Zoom" = Gourmania 3: Zoo Zoom
"BFG-Home Sweet Home" = Home Sweet Home (remove only)
"BFG-Home Sweet Home - Christmas Edition" = Home Sweet Home: Christmas Edition
"BFG-Home Sweet Home 2 - Kitchens and Baths" = Home Sweet Home 2: Kitchens and Baths
"BFG-Hot Dish 2 - Cross Country Cook Off" = Hot Dish 2: Cross Country Cook Off
"BFG-Hotdog Hotshot" = Hotdog Hotshot
"BFG-Jigs@w Puzzle 2" = Jigs@w Puzzle 2
"BFG-Mystery Case Files - 13th Skull Collector's Edition" = Mystery Case Files ®: 13th Skull ™ Collector's Edition
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files®: Dire Grove™
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate (remove only)
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Slingo Supreme" = Slingo Supreme
"BFG-Turbo Subs" = Turbo Subs (remove only)
"BFG-Yard Sale Hidden Treasures - Lucky Junction" = Yard Sale Hidden Treasures: Lucky Junction
"BFG-Yard Sale Hidden Treasures - Sunnyville" = Yard Sale Hidden Treasures: Sunnyville
"BFG-Youda Camper" = Youda Camper
"BFG-Youda Farmer" = Youda Farmer
"BFG-Youda Legend - The Golden Bird of Paradise" = Youda Legend: The Golden Bird of Paradise
"BFG-Youda Marina" = Youda Marina
"BFG-Youda Sushi Chef" = Youda Sushi Chef
"Bodog Casino" = Bodog Casino
"Bodog Poker_is1" = Bodog Poker
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"FinalTorrent_is1" = FinalTorrent 2010
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.56
"Gamevance" = Gamevance
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Intel® Configuration Center" = Intel® Viiv™ Software
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Opticon USB Installer" = Opticon USB Drivers Installer
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"Road Runner Music" = Road Runner Music
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 8.0
"STANDARDR" = Microsoft Office Standard 2007 Trial
"SystemRequirementsLab" = System Requirements Lab
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WTA-2bdb3191-8d67-49df-8cbb-2250f68e7230" = Slingo Deluxe
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2009 11:03:38 AM | Computer Name = CarrieDearde-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/16/2009 11:21:17 AM | Computer Name = CarrieDearde-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16809 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ef4 Start Time: 01c9bea4015f90c0 Termination Time: 47

Error - 4/17/2009 2:22:00 PM | Computer Name = CarrieDearde-PC | Source = Application Error | ID = 1000
Description = Faulting application HPWUCli.exe, version 4.0.10.1, time stamp 0x47d01e54,
faulting module HPWUCli.exe, version 4.0.10.1, time stamp 0x47d01e54, exception
code 0x40000015, fault offset 0x000433a2, process id 0x16a0, application start time
0x01c9bf89242f3027.

Error - 4/17/2009 2:22:13 PM | Computer Name = CarrieDearde-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/18/2009 3:18:21 PM | Computer Name = CarrieDearde-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/19/2009 10:56:12 PM | Computer Name = CarrieDearde-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/20/2009 2:10:22 PM | Computer Name = CarrieDearde-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/20/2009 8:31:08 PM | Computer Name = CarrieDearde-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/21/2009 1:57:08 PM | Computer Name = CarrieDearde-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/24/2009 12:32:38 AM | Computer Name = CarrieDearde-PC | Source = WerSvc | ID = 5007
Description =

[ Media Center Events ]
Error - 11/28/2007 4:52:00 AM | Computer Name = CarrieDearde-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/14/2007 2:52:39 AM | Computer Name = CarrieDearde-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/14/2007 2:52:54 PM | Computer Name = CarrieDearde-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/17/2007 2:50:57 AM | Computer Name = CarrieDearde-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/17/2008 9:06:16 PM | Computer Name = CarrieDearde-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/11/2008 3:27:42 AM | Computer Name = CarrieDearde-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/26/2008 9:11:41 PM | Computer Name = CarrieDearde-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 8:43:01 PM | Computer Name = CarrieDearde-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/7/2008 3:37:52 AM | Computer Name = CarrieDearde-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/11/2009 6:22:52 PM | Computer Name = CarrieDearde-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/12/2011 1:24:06 AM | Computer Name = CarrieDearde-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10/12/2011 1:24:06 AM | Computer Name = CarrieDearde-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:25:55 AM | Computer Name = CarrieDearde-PC | Source = DCOM | ID = 10010
Description =

Error - 10/12/2011 1:29:43 AM | Computer Name = CarrieDearde-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:27:37 AM on 10/12/2011 was unexpected.

Error - 10/12/2011 1:31:34 AM | Computer Name = CarrieDearde-PC | Source = DCOM | ID = 10010
Description =

Error - 10/12/2011 1:41:08 AM | Computer Name = CarrieDearde-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:37:36 AM on 10/12/2011 was unexpected.

Error - 10/12/2011 1:43:08 AM | Computer Name = CarrieDearde-PC | Source = DCOM | ID = 10005
Description =

Error - 10/12/2011 1:43:18 AM | Computer Name = CarrieDearde-PC | Source = DCOM | ID = 10005
Description =

Error - 10/12/2011 1:43:21 AM | Computer Name = CarrieDearde-PC | Source = DCOM | ID = 10005
Description =

Error - 10/12/2011 1:43:26 AM | Computer Name = CarrieDearde-PC | Source = DCOM | ID = 10005
Description =

< End of report >

#9
maliprog

Posted 12 October 2011 - 12:34 AM

Trusted Helper

Malware Removal
6,172 posts

We have work do to. You can run all program in safe mode for now. Please read my instructions carefully.

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

After this please continue with steps below.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

Combofix log

It would be helpful if you could post each log in separate post

#10
AcerCook

Posted 12 October 2011 - 12:55 AM

Member

Topic Starter
Member
42 posts

I was able to download ComboFix and it started to run and as it was finishing IE closed and ComboFix closed.

Thanks again for the help.

#11
maliprog

Posted 12 October 2011 - 12:57 AM

Trusted Helper

Malware Removal
6,172 posts

Can you post log for me?

#12
AcerCook

Posted 12 October 2011 - 12:58 AM

Member

Topic Starter
Member
42 posts

Sorry about the previous post...I think ComboFix is running. It just said something about a rootkit virus and said allow ComboFix to reboot your computer...do not manually reboot. I'm posting this from my laptop while my infected computer is running.

#13
maliprog

Posted 12 October 2011 - 12:59 AM

Trusted Helper

Malware Removal
6,172 posts

Please let it finish. It will tell you when his done and where to find log. Post it here for me.

#14
AcerCook

Posted 12 October 2011 - 01:51 AM

Member

Topic Starter
Member
42 posts

ComboFix 11-10-11.05 - Carrie Dearden 10/12/2011 3:04.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3062.2038 [GMT -4:00]
Running from: c:\users\Carrie Dearden\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Gamevance
c:\program files\Gamevance\ars.cfg
c:\program files\Gamevance\gvun.exe
c:\program files\Gamevance\icon.ico
c:\program files\Internet Explorer\2BD0.tmp
c:\program files\Internet Explorer\4440.tmp
c:\programdata\9BC2.tmp
c:\programdata\B921.tmp
c:\programdata\DirectxBackupUpdate.dll
c:\programdata\eL31400JjPaG31400
c:\programdata\eL31400JjPaG31400\eL31400JjPaG31400
c:\programdata\eL31400JjPaG31400\eL31400JjPaG31400.exe
C:\Recycle.Bin
c:\recycle.bin\5962789EE7D2F85
c:\users\Carrie Dearden\AppData\Roaming\foonnG4aamSecurity Guard 2012.ico
c:\users\Carrie Dearden\AppData\Roaming\j6dWK8fRLhXjClBSecurity Guard 2012.ico
c:\users\Carrie Dearden\AppData\Roaming\ldr.ini
c:\users\Carrie Dearden\AppData\Roaming\lqqqjjUCekIBzOySecurity Guard 2012.ico
c:\users\Carrie Dearden\AppData\Roaming\Q0uvS2ibFpGaHdKSecurity Guard 2012.ico
c:\windows\$BLSTUN$
c:\windows\$BLSTUN$\apUninstall.exe
c:\windows\$BLSTUN$\lmATn.dll
c:\windows\$BLSTUN$\qgnnv.dll
c:\windows\$NtUninstallKB62444$
c:\windows\$NtUninstallKB62444$\1334789020\@
c:\windows\$NtUninstallKB62444$\1334789020\bckfg.tmp
c:\windows\$NtUninstallKB62444$\1334789020\cfg.ini
c:\windows\$NtUninstallKB62444$\1334789020\Desktop.ini
c:\windows\$NtUninstallKB62444$\1334789020\keywords
c:\windows\$NtUninstallKB62444$\1334789020\kwrd.dll
c:\windows\$NtUninstallKB62444$\1334789020\L\qnbwvoto
c:\windows\$NtUninstallKB62444$\1334789020\lsflt7.ver
c:\windows\$NtUninstallKB62444$\1334789020\U\00000001.@
c:\windows\$NtUninstallKB62444$\1334789020\U\00000002.@
c:\windows\$NtUninstallKB62444$\1334789020\U\80000000.@
c:\windows\$NtUninstallKB62444$\1334789020\U\80000032.@
c:\windows\$NtUninstallKB62444$\2140075006
c:\windows\system32\B5aaQQH6dWK7RLg.exe
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll
c:\windows\system32\FaQQHH6dWK7f.exe
c:\windows\system32\GxxAA0uuvS2bFpG.exe
c:\windows\system32\I999gTTZqjYCkIr.exe
c:\windows\system32\m555sQQ6dEKfZTw.exe
c:\windows\system32\QbbbD3pnG4a.exe
c:\windows\system32\T33ppnGG4aH6sK7.exe
c:\windows\TEMP\MPENGINE.DLL
c:\windows\TEMP\offreg.dll
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_4f8f439c
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 07:26 . 2011-10-12 07:26 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{870AF99B-3E9F-4233-A149-3FC429929FB5}\offreg.dll
2011-10-12 07:16 . 2011-10-12 07:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-12 07:16 . 2011-10-12 07:16 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-10-12 06:56 . 2006-11-02 08:57 184320 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-11 23:17 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{870AF99B-3E9F-4233-A149-3FC429929FB5}\mpengine.dll
2011-10-11 22:04 . 2011-10-11 22:04 -------- d-----w- c:\programdata\MFAData
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\sCCCwwkIVrlOtx0
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\fGGG4aamH6sW7fL
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\UEEEK88gRZ9hXw
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\iUVlBttz0c
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\DlltPySiDoGaHW7
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\fdKgZhXjeItPy
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\program files\AE900
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\jffRRZ99hTXjU
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\VhYYXXwkUVelBtP
2011-10-11 21:57 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\FjUUCCelIBrzNyA
2011-10-11 21:56 . 2011-10-11 21:57 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\AA1AE
2011-10-11 08:48 . 2011-10-11 13:28 173568 ----a-w- c:\program files\Internet Explorer\25AA\576.exe
2011-10-08 22:25 . 2011-10-08 22:25 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\p777fEEL9gTq
2011-10-08 22:25 . 2011-10-08 22:25 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\IfffELL8g
2011-10-08 22:25 . 2011-10-08 22:25 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\IRRLL9gTTXjYCkI
2011-10-08 22:25 . 2011-10-08 22:25 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\FrzzOONyx0vSib3
2011-10-08 22:25 . 2011-10-08 22:25 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\vm5Q6E8XUeIzNx2
2011-10-08 22:25 . 2011-10-08 22:25 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\Xn4m5W7E8RqYwUe
2011-10-08 22:24 . 2011-10-08 22:24 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\QBBrrzPPNyx
2011-10-08 22:24 . 2011-10-08 22:24 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\TyyyxAA1uvS2bFp
2011-10-08 22:24 . 2011-10-08 22:24 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\VppmmH5sQJ7dE8R
2011-10-08 00:50 . 2011-10-08 00:50 3032064 ----a-w- c:\windows\system32\tmmmHH5sWJ7dL8R.exe
2011-10-08 00:46 . 2011-10-08 00:46 -------- d-----w- c:\programdata\WSTB
2011-10-06 04:43 . 2011-10-06 04:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-06 04:43 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 02:11 . 2011-10-06 04:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-06 02:11 . 2011-10-06 02:11 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\Malwarebytes
2011-10-06 02:11 . 2011-10-06 02:11 -------- d-----w- c:\programdata\Malwarebytes
2011-10-06 01:59 . 2011-10-06 01:59 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\OllOONttxP0cSib
2011-10-06 01:59 . 2011-10-06 01:59 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\foonnG4aam
2011-10-05 08:33 . 2011-10-05 08:33 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\lqqqjjUCekIBzOy
2011-10-05 08:33 . 2011-10-05 08:33 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\cvSS22obF3pm5aJ
2011-10-05 08:09 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-10-05 08:09 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-10-05 08:09 . 2011-07-11 13:05 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-10-05 08:09 . 2011-07-11 13:05 107352 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-10-05 08:09 . 2011-07-11 16:06 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-10-05 08:09 . 2011-07-11 16:02 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-10-05 08:09 . 2011-03-10 13:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-10-05 08:09 . 2011-07-11 13:07 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-10-05 08:09 . 2011-10-05 08:12 -------- d-----w- c:\program files\PC Tools Security
2011-10-05 08:09 . 2011-10-05 08:12 -------- d-----w- c:\program files\Common Files\PC Tools
2011-10-05 08:08 . 2011-10-05 08:09 -------- d-----w- c:\programdata\PC Tools
2011-10-05 07:47 . 2011-10-05 07:47 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\j6dWK8fRLhXjClB
2011-10-05 07:47 . 2011-10-05 07:47 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\BobF3pmG5Q
2011-10-05 07:34 . 2011-10-05 07:34 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\yRL9hTXqjCkBzNx
2011-10-05 07:34 . 2011-10-05 07:34 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\Q0uvS2ibFpGaHdK
2011-10-05 07:33 . 2011-10-05 07:33 -------- d-----w- c:\users\Carrie Dearden\AppData\Roaming\PycA1ivD2n4m5Q7
2011-10-05 00:41 . 2011-10-05 00:41 -------- d-----w- c:\program files\Build-a-lot - On Vacation
2011-09-28 07:00 . 2011-09-28 07:15 -------- d-----w- C:\2aad1226e5c155bfc8d114
2011-09-14 07:03 . 2011-09-14 07:18 -------- d-----w- C:\56d16c9367e186bb50125037f697f5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 04:25 . 2010-01-09 05:43 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2008-01-26 08:07 . 2008-01-26 08:07 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2011-02-22 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-02-22 04:05 2735200 ----a-w- c:\program files\Zynga\tbZyn1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2011-02-22 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2011-02-22 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-13 1773568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-11-27 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-27 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 150552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-13 2076512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"zqqhhYXXwkVel8234A"="c:\windows\system32\tmmmHH5sWJ7dL8R.exe" [2011-10-08 3032064]
"576.exe"="c:\program files\Internet Explorer\25AA\576.exe" [2011-10-11 173568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\users\Carrie Dearden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Snapfish Media Detector.lnk - c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-3-2 1441792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2009-08-26 18432]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2009-08-26 26368]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-07-11 263888]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-05 243152]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\User_Feed_Synchronization-{6E25402C-C311-427D-83F0-9DE5D4B02233}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:51434
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\Road Runner Music\DMDownload.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Carrie Dearden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
WebBrowser-{50EC13F9-D1F6-4012-A076-F73088D8241C} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-WNycA1uvDoFp8234A - c:\windows\system32\uEK8gRZ9hXjVlBz.exe
HKLM-Run-JLL99gTTXqjCkIr8234A - c:\windows\system32\FaQQHH6dWK7f.exe
HKLM-Run-pLLL9ggTZqjYwkV8234A - c:\windows\system32\T33ppnGG4aH6sK7.exe
HKLM-Run-EXXqqjYYCe8234A - c:\windows\system32\B5aaQQH6dWK7RLg.exe
HKLM-Run-qUUCCelIIrzPxuS8234A - c:\windows\system32\m555sQQ6dEKfZTw.exe
HKLM-Run-fHH66sWWK7EL9Tq8234A - c:\windows\system32\QbbbD3pnG4a.exe
HKLM-Run-zaQQQH6dWK7fR8234A - c:\windows\system32\GxxAA0uuvS2bFpG.exe
HKLM-Run-COONNtxPPuc8234A - c:\windows\system32\I999gTTZqjYCkIr.exe
HKLM-Run-hbbbF33pnG5aH6W8234A - c:\windows\system32\xkkIBrrzONyx0uS.exe
HKU-Default-Run-DirectxBackupUpdate - c:\programdata\DirectxBackupUpdate.dll
AddRemove-$BLSTUN$ - c:\windows\$BLSTUN$\apUninstall.exe
AddRemove-Gamevance - c:\program files\Gamevance\gvun.exe
AddRemove-UnityWebPlayer - c:\users\Carrie Dearden\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3674113485-784568633-2034103639-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,73,71,fe,ad,d8,27,22,f2,59,f5,2a,50,d3,1a,a1,07,fd,1d,38,e3,54,4a,
67,80,c1,dc,c9,dd,ec,04,7f,d7,25,d0,8f,42,b5,01,32,4f,06,25,be,78,85,ea,4b,\
"??"=hex:12,f1,f1,87,b8,3a,a4,07,aa,51,d7,42,bc,08,2a,24
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5972)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\windows\RtHDVCpl.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-10-12 03:40:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 07:40
.
Pre-Run: 234,023,919,616 bytes free
Post-Run: 233,763,377,152 bytes free
.
- - End Of File - - A1DD51A3196E0530F4A085B6649A72FC

#15
maliprog

Posted 12 October 2011 - 02:51 AM

Trusted Helper

Malware Removal
6,172 posts

Combofix did good job. We still have work to do.

Step 1

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2011/10/11 17:57:36 | 000,180,224 | ---- | M] () -- C:\Program Files\AE900\lvvm.exe
MOD - [2011/10/11 17:57:16 | 000,175,616 | ---- | M] () -- C:\Users\Carrie Dearden\AppData\Roaming\AA1AE\EFF25.exe
MOD - [2011/10/11 09:28:05 | 000,173,568 | ---- | M] () -- C:\Program Files\Internet Explorer\25AA\576.exe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51434
O2 - BHO: (brumabonpgrm Object) - {795F4311-02C9-4B7B-A9BB-78D4FE68A98D} - C:\Windows\$BLSTUN$\lmatn.dll ()
O2 - BHO: (no name) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No CLSID value found.
O4 - HKLM..\Run: [576.exe] C:\Program Files\Internet Explorer\25AA\576.exe ()
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [COONNtxPPuc8234A] C:\Windows\System32\I999gTTZqjYCkIr.exe ()
O4 - HKLM..\Run: [EXXqqjYYCe8234A] C:\Windows\System32\B5aaQQH6dWK7RLg.exe ()
O4 - HKLM..\Run: [fHH66sWWK7EL9Tq8234A] C:\Windows\System32\QbbbD3pnG4a.exe ()
O4 - HKLM..\Run: [hbbbF33pnG5aH6W8234A] C:\Windows\system32\xkkIBrrzONyx0uS.exe File not found
O4 - HKLM..\Run: [JLL99gTTXqjCkIr8234A] C:\Windows\System32\FaQQHH6dWK7f.exe ()
O4 - HKLM..\Run: [pLLL9ggTZqjYwkV8234A] C:\Windows\System32\T33ppnGG4aH6sK7.exe ()
O4 - HKLM..\Run: [qUUCCelIIrzPxuS8234A] C:\Windows\System32\m555sQQ6dEKfZTw.exe ()
O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found
O4 - HKLM..\Run: [WNycA1uvDoFp8234A] C:\Windows\system32\uEK8gRZ9hXjVlBz.exe File not found
O4 - HKLM..\Run: [zaQQQH6dWK7fR8234A] C:\Windows\System32\GxxAA0uuvS2bFpG.exe ()
O4 - HKLM..\Run: [zqqhhYXXwkVel8234A] C:\Windows\System32\tmmmHH5sWJ7dL8R.exe ()
O4 - HKCU..\RunOnce: [eL31400JjPaG31400] C:\ProgramData\eL31400JjPaG31400\eL31400JjPaG31400.exe ()
O20 - HKCU Winlogon: Shell - (C:\Users\Carrie Dearden\AppData\Roaming\AA1AE\EFF25.exe) -C:\Users\Carrie Dearden\AppData\Roaming\AA1AE\EFF25.exe ()
O33 - MountPoints2\{45a683b8-dd97-11dc-aa5c-001bfc7f6598}\Shell\AutoRun\command - "" = J:\JDSecure\Windows\JDSecure31.exe
O33 - MountPoints2\{8531bb9c-ad8c-11e0-b9db-001bfc7f6598}\Shell - "" = AutoRun
O33 - MountPoints2\{8531bb9c-ad8c-11e0-b9db-001bfc7f6598}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.exe
O33 - MountPoints2\{8531bbaa-ad8c-11e0-b9db-001bfc7f6598}\Shell - "" = AutoRun
O33 - MountPoints2\{8531bbaa-ad8c-11e0-b9db-001bfc7f6598}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.exe
O33 - MountPoints2\{ae64167a-42c9-11e0-85dd-001bfc7f6598}\Shell - "" = AutoRun
O33 - MountPoints2\{ae64167a-42c9-11e0-85dd-001bfc7f6598}\Shell\AutoRun\command - "" = J:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{f003d105-23be-11dc-ac82-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f003d105-23be-11dc-ac82-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunGame.exe -- [2003/08/27 04:47:08 | 000,147,456 | R--- | M] ()
[2011/10/11 18:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\eL31400JjPaG31400
[2011/10/11 17:57:42 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\sCCCwwkIVrlOtx0
[2011/10/11 17:57:42 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\fGGG4aamH6sW7fL
[2011/10/11 17:57:39 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\UEEEK88gRZ9hXw
[2011/10/11 17:57:39 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\iUVlBttz0c
[2011/10/11 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\DlltPySiDoGaHW7
[2011/10/11 17:57:34 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\fdKgZhXjeItPy
[2011/10/11 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\AE900
[2011/10/11 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\VhYYXXwkUVelBtP
[2011/10/11 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\jffRRZ99hTXjU
[2011/10/11 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\FjUUCCelIBrzNyA
[2011/10/11 17:56:51 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\AA1AE
[2011/10/08 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\p777fEEL9gTq
[2011/10/08 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\IfffELL8g
[2011/10/08 18:25:11 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\IRRLL9gTTXjYCkI
[2011/10/08 18:25:11 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\FrzzOONyx0vSib3
[2011/10/08 18:25:10 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\vm5Q6E8XUeIzNx2
[2011/10/08 18:25:09 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\Xn4m5W7E8RqYwUe
[2011/10/08 18:24:27 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\QBBrrzPPNyx
[2011/10/08 18:24:21 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\TyyyxAA1uvS2bFp
[2011/10/08 18:24:20 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\VppmmH5sQJ7dE8R
[2011/10/05 21:59:17 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\OllOONttxP0cSib
[2011/10/05 21:59:17 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\foonnG4aam
[2011/10/05 04:33:34 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\lqqqjjUCekIBzOy
[2011/10/05 04:33:34 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\cvSS22obF3pm5aJ
[2011/10/05 03:47:55 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\j6dWK8fRLhXjClB
[2011/10/05 03:47:55 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\BobF3pmG5Q
[2011/10/05 03:34:03 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\yRL9hTXqjCkBzNx
[2011/10/05 03:34:03 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\Q0uvS2ibFpGaHdK
[2011/10/05 03:33:56 | 000,000,000 | ---D | C] -- C:\Users\Carrie Dearden\AppData\Roaming\PycA1ivD2n4m5Q7
[2011/09/28 03:00:26 | 000,000,000 | ---D | C] -- C:\2aad1226e5c155bfc8d114
[2011/09/14 03:03:13 | 000,000,000 | ---D | C] -- C:\56d16c9367e186bb50125037f697f5
[2011/10/12 01:41:10 | 000,000,000 | ---- | M] () -- C:\Windows\2621673295
[2011/10/07 21:44:36 | 003,032,064 | ---- | M] () -- C:\Windows\System32\I999gTTZqjYCkIr.exe
[2011/10/07 21:44:24 | 003,032,064 | ---- | M] () -- C:\Windows\System32\GxxAA0uuvS2bFpG.exe
[2011/10/07 21:44:11 | 003,032,064 | ---- | M] () -- C:\Windows\System32\QbbbD3pnG4a.exe
[2011/10/07 21:42:17 | 003,032,064 | ---- | M] () -- C:\Windows\System32\m555sQQ6dEKfZTw.exe
[2011/10/07 20:50:28 | 003,032,064 | ---- | M] () -- C:\Windows\System32\tmmmHH5sWJ7dL8R.exe
[2011/10/07 20:48:53 | 003,032,064 | ---- | M] () -- C:\Windows\System32\B5aaQQH6dWK7RLg.exe
[2011/10/07 20:48:49 | 003,032,064 | ---- | M] () -- C:\Windows\System32\T33ppnGG4aH6sK7.exe
[2011/10/07 20:46:13 | 003,032,064 | ---- | M] () -- C:\Windows\System32\FaQQHH6dWK7f.exe
[2011/10/07 21:44:36 | 003,032,064 | ---- | C] () -- C:\Windows\System32\I999gTTZqjYCkIr.exe
[2011/10/07 21:44:24 | 003,032,064 | ---- | C] () -- C:\Windows\System32\GxxAA0uuvS2bFpG.exe
[2011/10/07 21:44:11 | 003,032,064 | ---- | C] () -- C:\Windows\System32\QbbbD3pnG4a.exe
[2011/10/07 21:42:17 | 003,032,064 | ---- | C] () -- C:\Windows\System32\m555sQQ6dEKfZTw.exe
[2011/10/07 20:50:27 | 003,032,064 | ---- | C] () -- C:\Windows\System32\tmmmHH5sWJ7dL8R.exe
[2011/10/07 20:48:53 | 003,032,064 | ---- | C] () -- C:\Windows\System32\B5aaQQH6dWK7RLg.exe
[2011/10/07 20:48:49 | 003,032,064 | ---- | C] () -- C:\Windows\System32\T33ppnGG4aH6sK7.exe
[2011/10/07 20:46:13 | 003,032,064 | ---- | C] () -- C:\Windows\System32\FaQQHH6dWK7f.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Run OTL.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.