BleepingComputer.com: Infected with Cloud Protection virus

Found this site on the web.

I followed the instuctions to remove this but was unsuccessful and had various problems. I downloaded the TDSS Killer, renamed it, but it won't run. It says it isn't a valid system 32 application. I tried several times and renamed it different things--still didn't work.

rkill seemed to work fine.

I went ahead and tried to run Malwarebytes (I already had it installed), but after about 10 seconds it closed and now won't open. I followed the link to download it again. When trying to run the setup, I get the "not a valid system 32 app" message.

I was not able to backup my data. I get the "not a valid 32..." message when trying to install the software. The standard version that came with XP is hiding from me.

The windows firewall is enabled(and has been all along)

DDS seemed to work fine. see below

GMER downloaded fine. I started the scan and it ran for about 30 seconds (LOTS of things populated) then it just closed. Now it won't run at all. I re-downloaded it with the same result.

Thanks so much for taking a look!

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 17:12:29 on 2011-10-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1501 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\3203397148:3809022017.exe
C:\Program Files\Internet Explorer\010C\3A9.exe
C:\Program Files\59F61\lvvm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Application Data\CDC59\88A01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = https://lhchurch.onthecity.org/session/new
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = http=127.0.0.1:61455
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,c:\documents and settings\administrator\application data\cdc59\88A01.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - No File
BHO: Secure Online Account Numbers Helper: {435eaa86-d32b-484f-869c-53745fcb1642} - c:\program files\discover\soan\DiscoverSOANHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
TB: Secure Online Account Numbers: {a8c7c2ca-6dfd-4e16-8458-592361564d38} - c:\program files\discover\soan\DiscoverSOANToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HostManager] c:\program files\common files\aol\1198957229\ee\AOLSoftware.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Secure Online Account Numbers] c:\progra~1\discover\soan\DISCOV~1.EXE /dontopenmycards
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ERCmYTJhduBEH.exe] c:\documents and settings\all users\application data\ERCmYTJhduBEH.exe
mRun: [TK8gRZ9hYwUe8234A] c:\windows\system32\oxA0uvS2oFpGsJ.exe
mRun: [rzPNyxA1uDoFpHs] c:\windows\system32\svhostu.exe
mRun: [3A9.exe] c:\program files\internet explorer\010c\3A9.exe
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: ez-data.com
Trusted Zone: ezdata.com
Trusted Zone: glic.com
Trusted Zone: glic.com\www6
Trusted Zone: gliconline.com
Trusted Zone: guardianinvestor.com
Trusted Zone: guardianlife.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: pasmystreetscape.com
Trusted Zone: smartofficeonline.com
Trusted Zone: streetscape.com
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} - hxxps://www5.glic.com/so/java/downloads/SOConfig6.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://www6.glic.com/srvlw3/iNotes6W.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198973371796
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} - hxxps://www5.glic.com/so/java/downloads/SmartOfficeLink6.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://guardianim.webex.com/client/T27LB/webex/ieatgpc.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2ED2ECEA-4FFA-4CB3-925E-74FAF454656A} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-7 135664]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-7 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-28 38224]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2011-10-15 21:56:17 -------- d-----w- c:\documents and settings\administrator\application data\YbF4pmH5sJ
2011-10-15 21:56:17 -------- d-----w- c:\documents and settings\administrator\application data\NdEL8gRZqYwUrOt
2011-10-15 18:55:47 104448 ----a-w- c:\program files\internet explorer\010c\1.tmp
2011-10-15 15:41:12 -------- d-----w- C:\backup
2011-10-15 13:33:48 104448 ----a-w- c:\program files\internet explorer\010c\9.tmp
2011-10-15 13:33:25 -------- d-----w- c:\documents and settings\administrator\application data\OekBzNx1v2b4m5Q
2011-10-15 13:33:25 -------- d-----w- c:\documents and settings\administrator\application data\bHs7fL9gTqY
2011-10-15 12:54:48 104448 ----a-w- c:\program files\internet explorer\010c\8.tmp
2011-10-15 12:54:26 -------- d-----w- c:\documents and settings\administrator\application data\K9TwjUVelBPyA
2011-10-15 12:54:25 -------- d-----w- c:\documents and settings\administrator\application data\SwkIVrltAuipaJd
2011-10-15 12:52:14 -------- d-----w- c:\documents and settings\administrator\application data\qF4pmH5sQ7E8RqY
2011-10-15 12:52:13 -------- d-----w- c:\documents and settings\administrator\application data\ZKfLgXjCkBzNxuD
2011-10-14 08:55:35 -------- d-----w- c:\windows\system32\mCwkIVrlOtAu2b3
2011-10-14 08:55:35 -------- d-----w- C:\DonF4pmH5W7E8Tq
2011-10-14 08:55:30 103936 ----a-w- c:\windows\system32\svhostu.exe
2011-10-14 08:55:30 -------- d-----w- c:\windows\system32\U6sWK7fRLgXjCkB
2011-10-14 08:55:29 1702400 ----a-w- c:\windows\system32\oxA0uvS2oFpGsJ.exe
2011-10-14 08:55:29 -------- d-----w- C:\S7fEL9gTZjCkVzN
2011-10-14 08:35:13 470528 ---ha-w- c:\documents and settings\all users\application data\ERCmYTJhduBEH.exe
2011-10-12 01:01:20 277504 ----a-w- c:\program files\internet explorer\010c\3A9.exe
2011-10-11 23:49:20 -------- d--h--w- c:\program files\59F61
2011-10-11 00:22:59 -------- d--h--w- c:\documents and settings\administrator\application data\CDC59
2011-09-26 16:41:20 220160 ---h--w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 16:41:14 20480 ---h--w- c:\windows\system32\dllcache\oleaccrc.dll
.
==================== Find3M ====================
.
2011-09-26 16:41:20 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ---ha-w- c:\windows\system32\win32k.sys
2011-09-05 14:43:15 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48:55 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ---ha-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ---ha-w- c:\windows\system32\drivers\afd.sys
2007-05-11 22:03:52 11384 ---ha-w- c:\program files\SymantecRootInstallerRes.dll
.
============= FINISH: 17:13:16.57 ===============

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:61455 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Your logs indicate that a ZeroAccess infection is present on your computer:

Please download DummyCreator.zip and unzip it.

• Run the tool.
  
• Copy and paste the following into the edit box:
  
  C:\WINDOWS\3203397148
  
  
• Press Create button and post the content of the Result.txt.
  
  Important: Restart the computer.

===

• Please download AntiZeroAccess by Webroot to your Desktop
  
• Double-click antizeroaccess.exe to run the program.
  • NOTE: If running Vista or Windows 7, make sure to Right-click on it and select Run as an Administrator.
  
  
  
  
• At the black window, type y and then press Enter.
  
• Once AntiZeroAccess has finished scanning, a report AntiZeroAccess_Log.txt will be created in the same location as the program.
  
• Please post the contents of the report in your next reply, and let me know how your system is running now. :thumbup:

<<<>>>

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  
  
• Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Please post the logs and let me know what problem persists.

Thanks for helping me out with this!

DummyCreator by Farbar
Ran by Administrator (administrator) on 22-10-2011 at 09:09:06
**************************************************************

C:\WINDOWS\3203397148 [22-10-2011 09:09:06]

== End of log ==

Can you now run the other 2 tools and post the results?

I ran the antizeroaccess. See attachment.

I re-booted into regular mode and the virus started running again. I re-booted into safe mode, reset the LAN settings as before and downloaded combofix. I couldn't launch the AVG software to disable it, so I started combofix. when I got the two error messages, I stopped the program and ended up removing AVG altogether. I'm about to run combofix again. I'll reply in a few.

Even though I removed AVG and rebooted (still in safe mode), combofix says it has detected a real time scanner to be active and it lists AVG antivirus free edition 2011. This time I haven't clicked through the error.

Something is going on---I can hear the harddrive and it has beeped a couple of times.

What do you suggest?

Quote

I do not see this attachment.

Send it in your next reply with the follow log.

• Download OTL to your Desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Under the Custom Scan box paste this in
  
  %SYSTEMDRIVE%\*.exe
  %systemroot%\system32\drivers\*.sys /90
  %systemroot%\*. /mp /s
  c:\$recycle.bin\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  explorer.exe
  svchost.exe
  userinit.exe
  qmgr.dll
  proquota.exe
  kernel32.dll
  ndis.sys
  autochk.exe
  spoolsv.exe
  xmlprov.dll
  ntmssvc.dll
  mswsock.dll
  Beep.SYS
  ntfs.sys
  termsrv.dll
  sfcfiles.dll
  st3shark.sys
  ahcix86.sys
  srsvc.dll
  /md5stop
  
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Here's the antizero log.

OTL logfile created on: 10/22/2011 3:24:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 84.85% Memory free
3.84 Gb Paging File | 3.74 Gb Available in Paging File | 97.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.51 Gb Total Space | 16.65 Gb Free Space | 25.04% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 6.35 Gb Free Space | 79.27% Space Free | Partition Type: NTFS

Computer Name: HP52192360163 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LP\010C\3A9.exe ()
PRC - C:\Program Files\59F61\lvvm.exe ()
PRC - C:\Documents and Settings\Administrator\Application Data\CDC59\88A01.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\LP\010C\3A9.exe ()
MOD - C:\Program Files\59F61\lvvm.exe ()
MOD - C:\Documents and Settings\Administrator\Application Data\CDC59\88A01.exe ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Symantec RemoteAssist) -- File not found
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = AOL search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://lhchurch.onthecity.org/session/new
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61111

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discoversoan@orbiscom: C:\Program Files\Discover\SOAN [2010/12/09 19:51:24 | 000,000,000 | ---D | M]

[2010/09/21 15:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/21 15:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\guardianfr2008@touchwoodcreative.com

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/10/22 01:51:45 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.240.133 www.google.com
O1 - Hosts: 94.63.240.134 www.bing.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - No CLSID value found.
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [3A9.exe] C:\Program Files\LP\010C\3A9.exe ()
O4 - HKLM..\Run: [ERCmYTJhduBEH.exe] C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1198957229\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [rzPNyxA1uDoFpHs] C:\WINDOWS\system32\svhostu.exe ()
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [TK8gRZ9hYwUe8234A] C:\WINDOWS\system32\oxA0uvS2oFpGsJ.exe ()
O4 - HKLM..\Run: [volmgr] %APPDATA%\volmgr.exe File not found
O4 - HKCU..\Run: [0W1V5D3W3AWB1WXDCFNXHDYNFEXA] C:\Skype\3D7E786034B.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: ezdata.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: glic.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: glic.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: glic.com ([www6] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gliconline.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: guardianinvestor.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: guardianlife.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pasmystreetscape.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: smartofficeonline.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: streetscape.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} https://www5.glic.com/so/java/downloads/SOConfig6.cab (SOConfig6 Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://www6.glic.com/srvlw3/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198973371796 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} https://www5.glic.com/so/java/downloads/SmartOfficeLink6.cab (SmartBridge6 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://guardianim.webex.com/client/T27LB/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ED2ECEA-4FFA-4CB3-925E-74FAF454656A}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\CDC59\88A01.exe) -C:\Documents and Settings\Administrator\Application Data\CDC59\88A01.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{41e5e641-bfe0-11dc-93fb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{41e5e641-bfe0-11dc-93fb-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41e5e641-bfe0-11dc-93fb-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/22 15:22:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/22 10:27:40 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/22 09:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\tD2nF4amHsJfLgZ
[2011/10/22 09:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\W2ibD3pnG
[2011/10/22 09:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/22 09:24:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/22 09:23:58 | 004,269,227 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/10/22 09:19:04 | 000,187,464 | ---- | C] (Webroot) -- C:\Documents and Settings\Administrator\Desktop\antizeroaccess.exe
[2011/10/22 09:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QZqjYCwkIrOtAuS
[2011/10/22 09:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\oA1ivD2on4m5W7E
[2011/10/22 09:09:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\3203397148
[2011/10/22 09:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DummyCreator
[2011/10/22 09:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/10/15 17:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2011/10/15 17:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LvS2ibF3pGaJdK
[2011/10/15 17:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\c8gTZqjYCkVzNx0
[2011/10/15 17:12:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/15 17:12:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/10/15 16:56:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/15 16:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\YbF4pmH5sJ
[2011/10/15 16:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NdEL8gRZqYwUrOt
[2011/10/15 10:41:12 | 000,000,000 | ---D | C] -- C:\backup
[2011/10/15 08:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OekBzNx1v2b4m5Q
[2011/10/15 08:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\bHs7fL9gTqY
[2011/10/15 07:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\K9TwjUVelBPyA
[2011/10/15 07:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SwkIVrltAuipaJd
[2011/10/15 07:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Cloud Protection
[2011/10/15 07:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\qF4pmH5sQ7E8RqY
[2011/10/15 07:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ZKfLgXjCkBzNxuD
[2011/10/14 03:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mCwkIVrlOtAu2b3
[2011/10/14 03:55:35 | 000,000,000 | ---D | C] -- C:\DonF4pmH5W7E8Tq
[2011/10/14 03:55:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\U6sWK7fRLgXjCkB
[2011/10/14 03:55:29 | 000,000,000 | ---D | C] -- C:\S7fEL9gTZjCkVzN
[2011/10/14 03:35:13 | 000,470,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe
[2011/10/14 03:04:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/11 18:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\59F61
[2011/10/10 23:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/10/10 23:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/10/10 19:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CDC59
[2011/10/10 08:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/10 08:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/09 19:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/10/09 09:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/09 09:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/09 09:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/09 09:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/26 11:41:20 | 000,220,160 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/22 16:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Pops
[2010/02/20 10:11:07 | 000,011,384 | ---- | C] (Symantec Corporation) -- C:\Program Files\SymantecRootInstallerRes.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/22 15:22:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/22 15:20:06 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/22 15:19:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/22 10:40:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/22 09:26:32 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cloud Protection.lnk
[2011/10/22 09:26:11 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/22 09:23:58 | 004,269,227 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/10/22 09:19:05 | 000,187,464 | ---- | M] (Webroot) -- C:\Documents and Settings\Administrator\Desktop\antizeroaccess.exe
[2011/10/22 09:08:07 | 000,455,503 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DummyCreator.zip
[2011/10/15 17:37:13 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2011/10/15 17:12:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/10/15 17:10:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/10/15 17:09:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2011/10/15 17:00:01 | 000,037,276 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cbSetup.exe
[2011/10/15 16:56:26 | 000,001,213 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\ldr.ini
[2011/10/14 03:55:30 | 000,103,936 | ---- | M] () -- C:\WINDOWS\System32\svhostu.exe
[2011/10/14 03:55:29 | 001,702,400 | ---- | M] () -- C:\WINDOWS\System32\oxA0uvS2oFpGsJ.exe
[2011/10/14 03:34:37 | 000,470,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe
[2011/10/14 03:22:11 | 000,160,344 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 03:05:36 | 000,444,794 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 03:05:36 | 000,072,544 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 03:02:56 | 048,324,552 | -H-- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/10/14 02:22:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/11 18:48:59 | 000,005,375 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\9F61.DC5
[2011/10/10 20:38:58 | 000,000,130 | -H-- | M] () -- C:\WINDOWS\wininit.ini
[2011/10/08 15:16:41 | 003,646,384 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Courageous_FullPageFlyer.pdf
[2011/10/03 19:01:25 | 000,037,782 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\COM15-3755964-4145106-3029239-09302011.pdf
[2011/10/03 03:35:11 | 005,971,456 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/28 19:04:42 | 000,172,777 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\STD-3029239-09272011.pdf
[2011/09/26 11:41:20 | 000,611,328 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/25 09:55:16 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/24 09:51:54 | 000,071,015 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DAD2011.jpg
[2011/09/23 14:32:08 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2011/09/22 16:36:08 | 000,189,231 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\COM01-3735360-4145106-3029239-09222011.pdf
[2011/09/22 16:33:24 | 000,580,125 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Pops.zip
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/22 09:07:57 | 000,455,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DummyCreator.zip
[2011/10/15 17:17:46 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2011/10/15 17:14:22 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cloud Protection.lnk
[2011/10/15 17:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/10/15 17:09:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2011/10/15 16:59:58 | 000,037,276 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cbSetup.exe
[2011/10/15 07:52:14 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ldr.ini
[2011/10/14 03:55:30 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\svhostu.exe
[2011/10/14 03:55:29 | 001,702,400 | ---- | C] () -- C:\WINDOWS\System32\oxA0uvS2oFpGsJ.exe
[2011/10/10 20:38:58 | 000,000,130 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2011/10/09 09:10:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/08 15:30:48 | 000,005,375 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\9F61.DC5
[2011/10/08 13:38:40 | 003,646,384 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Courageous_FullPageFlyer.pdf
[2011/10/03 19:01:25 | 000,037,782 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\COM15-3755964-4145106-3029239-09302011.pdf
[2011/09/28 19:04:39 | 000,172,777 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\STD-3029239-09272011.pdf
[2011/09/24 09:51:53 | 000,071,015 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DAD2011.jpg
[2011/09/22 16:36:06 | 000,189,231 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\COM01-3735360-4145106-3029239-09222011.pdf
[2011/09/22 16:31:13 | 000,580,125 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Pops.zip
[2011/06/19 17:30:13 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2011/03/27 17:21:21 | 000,029,252 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/06 13:32:05 | 000,038,484 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.ADR
[2010/11/06 13:31:54 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/14 03:06:45 | 000,000,127 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/30 12:59:12 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/02/20 11:44:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2010/02/20 10:11:07 | 000,000,518 | ---- | C] () -- C:\Program Files\symantec_kb.html
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/01 19:40:47 | 000,081,110 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/16 21:58:54 | 000,025,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/03/09 15:21:41 | 000,000,478 | -H-- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/12/29 20:40:00 | 048,324,552 | -H-- | C] () -- C:\WINDOWS\System32\MRT.exe
[2007/12/29 14:09:55 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/12/29 12:57:00 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/16 11:58:10 | 000,197,408 | -H-- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 11:58:00 | 000,193,312 | -H-- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/05/11 18:05:23 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/11 17:58:41 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/11 17:58:41 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/11 17:58:41 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/11 17:58:41 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/11 17:58:41 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/11 17:58:41 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/11 17:58:09 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/05/11 17:46:46 | 000,650,608 | -H-- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/11 17:46:46 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/04/25 13:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 12:43:54 | 000,444,794 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 12:43:54 | 000,072,544 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 12:39:48 | 000,160,344 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 12:31:56 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 12:27:12 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 21:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/27 21:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/27 21:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/27 21:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/27 21:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/27 21:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/27 21:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/27 21:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 02:55:42 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 02:54:40 | 000,004,605 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 05:12:22 | 000,000,781 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2011/10/15 08:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\bHs7fL9gTqY
[2010/10/16 13:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
[2011/10/15 17:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\c8gTZqjYCkVzNx0
[2011/10/22 09:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CDC59
[2010/09/21 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Guardian
[2008/01/01 20:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2011/10/15 07:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\K9TwjUVelBPyA
[2009/05/01 19:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011/10/15 17:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LvS2ibF3pGaJdK
[2011/10/15 16:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NdEL8gRZqYwUrOt
[2011/10/22 09:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\oA1ivD2on4m5W7E
[2011/10/15 08:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OekBzNx1v2b4m5Q
[2008/03/01 17:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2011/10/15 07:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\qF4pmH5sQ7E8RqY
[2011/10/22 09:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QZqjYCwkIrOtAuS
[2010/08/12 07:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2007/05/11 18:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/10/15 07:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SwkIVrltAuipaJd
[2011/10/22 09:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\tD2nF4amHsJfLgZ
[2010/02/20 20:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2008/09/22 17:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2011/10/22 09:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\W2ibD3pnG
[2011/10/15 16:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YbF4pmH5sJ
[2011/10/15 07:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZKfLgXjCkBzNxuD
[2011/10/22 10:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/21 07:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/21 07:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/22 10:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/08/11 13:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/12/29 14:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/27 14:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Custom Scans ==========

I keep getting a connection error. even when trying to send small pieces of the report

OTL Extras logfile created on: 10/22/2011 3:24:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 84.85% Memory free
3.84 Gb Paging File | 3.74 Gb Available in Paging File | 97.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.51 Gb Total Space | 16.65 Gb Free Space | 25.04% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 6.35 Gb Free Space | 79.27% Space Free | Partition Type: NTFS

Computer Name: HP52192360163 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1198957229\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1198957229\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\WINDOWS\LMI460.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI460.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zS1.tmp\SymNRT.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7zS1.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\SymNRT.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\WINDOWS\LMI1.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI1.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zS2.tmp\SymNRT.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7zS2.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zSDB.tmp\SymNRT.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7zSDB.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.5a\waol.exe" = C:\Program Files\AOL 9.5a\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.5b\waol.exe" = C:\Program Files\AOL 9.5b\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.5c\waol.exe" = C:\Program Files\AOL 9.5c\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{215C3C3E-D5D5-4B78-A5B5-5E42EDA59468}_is1" = 3GP Player 2008
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CD1ADA0-EAA2-012B-AEBD-000000000000}" = TurboTax 2009 wtniper
"{3E7F5E50-6956-4446-87BF-F422A8736B7F}" = Secure Online Account Numbers
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65980EBF-C4B5-4555-823A-94DB7F709E53}" = Secure Online Account Numbers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{79770F05-E3B8-4DAA-BEDB-9EBF29EAF527}" = Keyboard Layout Management Application
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{96165A0E-F058-4303-B701-A91C219E3967}" = TurboTax 2010 wtniper
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 3.0
"{E5EF9D22-8EE4-47AC-877A-84670E73E996}" = SHRM Learning System 2010
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FE31A29F-B6E3-4678-8A6F-19F1819A7F52}" = Series 6 Drill and Practice
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Software Setup" = Software Setup
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"STANDARDR" = Microsoft Office Standard 2007
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Basic 2007" = TurboTax Basic 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\42164.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\42164.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\12646292.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\12646292.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of c:\WINDOWS\Installer\5119e34.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of c:\WINDOWS\Installer\5119e34.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\495d5530.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\495d5530.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\12645bfa.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 10/22/2011 4:20:32 PM | Computer Name = HP52192360163 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\12645bfa.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

[ OSession Events ]
Error - 12/3/2010 3:47:02 PM | Computer Name = HP52192360163 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 107761
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 12/6/2010 10:26:19 AM | Computer Name = HP52192360163 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58013
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/8/2010 9:33:42 AM | Computer Name = HP52192360163 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 871
seconds with 480 seconds of active time. This session ended with a crash.

Error - 12/9/2010 11:02:49 AM | Computer Name = HP52192360163 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51456
seconds with 360 seconds of active time. This session ended with a crash.

Error - 12/13/2010 9:40:27 AM | Computer Name = HP52192360163 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 340648
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 2/5/2011 1:45:05 PM | Computer Name = HP52192360163 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1175
seconds with 180 seconds of active time. This session ended with a crash.

Error - 8/27/2011 12:58:20 PM | Computer Name = HP52192360163 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 278835
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/22/2011 11:23:01 AM | Computer Name = HP52192360163 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 10/22/2011 11:23:14 AM | Computer Name = HP52192360163 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/22/2011 11:24:34 AM | Computer Name = HP52192360163 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 10/22/2011 11:24:34 AM | Computer Name = HP52192360163 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 10/22/2011 11:28:11 AM | Computer Name = HP52192360163 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/22/2011 11:43:07 AM | Computer Name = HP52192360163 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 10/22/2011 11:43:43 AM | Computer Name = HP52192360163 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/22/2011 4:20:01 PM | Computer Name = HP52192360163 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 10/22/2011 4:20:10 PM | Computer Name = HP52192360163 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/22/2011 4:21:28 PM | Computer Name = HP52192360163 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm


< End of report >

strange. That was the "extras" and it posted fine. I still haven't sent the complete OTL text. I'm not sure why it won't work. I'll keep trying.

let's see if I can attach this.

OK that attachment is the last of the otl file. Sorry about all the pieces!

Let me know my next steps.

Thanks!