Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed with Trojan/Malware problem


  • This topic is locked This topic is locked
8 replies to this topic

#1 emilyc

emilyc

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 12 December 2009 - 09:14 AM

Hi there
I am new to this website and wonder if anyone might be able to help me. I seem to have a Trojan/Malware or something on my computer and obviously need to get rid of it but don’t have a clue what to do. I keep getting this web page popping up in internet explorer http://media2.tmlatn.com/images/defaults41/approved/404.html, even thought I use firefox.
I have run the dds download and got the following report:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Kendal&Emily at 14:02:43.93 on 12/12/2009
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1545 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\jusched.exe
C:\Windows\System32\atwtusb.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\system32\ezNTSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcdcoms.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\jucheck.exe
C:\Program Files\bfgclient\bfgclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kendal&Emily\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\ezShellStart.exe
BHO: {1872a3e1-0341-47e7-bafc-512428d9305e} - c:\windows\system32\dmvdsitf32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.0.840\ssd.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Steam] "l:\games\call of dty modern warfare 2\Steam.exe" -silent
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SW73DF~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center

PC 5.0; Tablet PC 2.0; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; InfoPath.2; .NET CLR 3.0.30729)" -"http://www.miniclip.com/games/air-show/en/"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [<NO NAME>]
mRun: [LXCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCDtime.dll,_RunDLLEntry@16
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel PhotoDownloader.exe" -startup
mRun: [atwtusb] atwtusb.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
StartupFolder: c:\users\kendal~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - c:\programs\partygaming\partygammon\RunBackGammon.exe
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\partygaming\partycasino\RunApp.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: hp.com\pavilion.buttonredirect
Trusted Zone: hp.com\presario.buttonredirect
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {127E0308-CF06-446D-88B8-2971DB94C179} - hxxp://www.miniclip.com/games/superstar-racing/en/ChatRepublicPlayer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} - hxxp://www.miniclip.com/superstar_racing/ChatRepublicPlayer.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} - hxxp://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
AppInit_DLLs: c:\windows\system32\dmime32.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\kendal~1\appdata\roaming\mozilla\firefox\profiles\deq1111p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\kendal&emily\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-9 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-9 482432]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-10-12 12800]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091111.001\IDSvix86.sys [2009-11-12 343088]
R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezntsvc.exe [2008-4-24 33792]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-9 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1007020.00b\symndisv.sys [2009-9-9 48688]
S2 gupdate1c98b68911361e0;Google Update Service (gupdate1c98b68911361e0);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-3 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-10 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 ldiskl;ldiskl;c:\users\kendal~1\appdata\local\temp\ldiskl.sys [2008-10-14 29696]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-9-19 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-9-19 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-9-19 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-9-19 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-9-19 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-9-19 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-9-19 110120]

============== File Associations ===============

regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-12-12 13:54:50 0 d-----w- c:\program files\Mystery Case Files - Dire Grove
2009-12-12 13:33:19 0 d-----w- c:\program files\Tropical Farm
2009-12-10 10:03:56 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 10:03:54 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 10:03:53 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 13:50:29 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 13:38:57 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 11:48:57 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-06 11:48:57 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-02 21:09:20 0 d-----w- c:\users\kendal~1\appdata\roaming\Dekovir
2009-11-30 21:17:58 0 d-----w- c:\programdata\Kristanix Games
2009-11-30 18:32:34 0 d-----w- c:\program files\Fantastic Farm
2009-11-28 21:09:49 0 d-----w- c:\users\kendal~1\appdata\roaming\Lazy Turtle Games
2009-11-28 18:41:57 0 d-----w- c:\users\kendal~1\appdata\roaming\URSE Games
2009-11-27 18:27:35 0 d-----w- c:\programdata\Islands
2009-11-26 09:34:53 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 10:35:27 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 10:35:26 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 10:35:20 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-22 20:48:42 0 d-----w- c:\program files\Hotel Dash - Suite Success
2009-11-22 19:56:22 0 d-----w- c:\users\kendal~1\appdata\roaming\blg
2009-11-22 19:56:22 0 d-----w- c:\programdata\blg
2009-11-20 17:56:13 57344 ----a-w- c:\temp\clipstreamsa.dll
2009-11-18 18:34:53 0 d-----w- c:\program files\Windows Portable Devices
2009-11-18 18:34:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 18:33:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-18 17:48:53 0 d-----w- c:\users\kendal&emily\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-11-18 10:09:04 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 10:09:03 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 10:09:03 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 10:07:22 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-18 10:05:11 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-18 10:05:10 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 10:05:10 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-16 11:16:44 0 d-----w- c:\program files\common files\Steam

==================== Find3M ====================

2009-12-09 19:32:13 25380 ----a-w- c:\users\kendal~1\appdata\roaming\wklnhst.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 18:34:48 86016 ----a-w- c:\windows\inf\infpub.dat
2009-11-18 18:34:48 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 18:34:48 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-18 18:34:48 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-11 11:18:57 192512 ----a-w- c:\windows\system32\dmvdsitf32.dll
2009-11-11 11:18:55 125952 ----a-w- c:\windows\system32\dmime32.dll
2009-10-26 15:16:42 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-26 15:16:35 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-17 14:05:01 124928 ----a-w- c:\windows\system32\authui32.dll
2009-10-09 14:40:54 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-09 14:31:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-07-23 12:57:42 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-28 20:29:55 1368 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-12-11 18:42:44 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:05:53.16 ===============

Thank you in advance for any help.

Emily

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:01 AM

Posted 12 December 2009 - 10:04 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 emilyc

emilyc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 16 December 2009 - 03:33 PM

Hi,

Thank you for your quick response, I am really grateful. I have done what you said and here are the reports. The MBAM report :

Malwarebytes' Anti-Malware 1.42
Database version: 3375
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

16/12/2009 20:11:40
mbam-log-2009-12-16 (20-11-40).txt

Scan type: Quick Scan
Objects scanned: 106907
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 23
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 5
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\dmime32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmvdsitf32.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1872a3e1-0341-47e7-bafc-512428d9305e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1872a3e1-0341-47e7-bafc-512428d9305e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1872a3e1-0341-47e7-bafc-512428d9305e} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmime32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmime32.dll -> Delete on reboot.

Folders Infected:
C:\Users\Kendal&Emily\AppData\Roaming\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Roaming\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Roaming\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\dmvdsitf32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Windows\System32\dmime32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\authui32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Local\Temp\BD37.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Local\Temp\88C0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Local\Temp\8A2B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Local\Temp\94EF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Local\Temp\nPXRAp0I.exe.part (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Local\Temp\DA97.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Local\Temp\406A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Local\Temp\514B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Local\Temp\5B80.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Roaming\RegistrySmart\Log\2008 May 14 - 02_34_44 PM_404.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Users\Kendal&Emily\AppData\Roaming\RegistrySmart\Registry Backups\2008-05-14_14-35-58.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Windows\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully.


And the OTL reports, OTL:

OTL logfile created on: 16/12/2009 20:20:46 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Kendal&Emily\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 83.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.46 Gb Total Space | 203.79 Gb Free Space | 44.74% Space Free | Partition Type: NTFS
Drive D: | 10.30 Gb Total Space | 1.41 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANCE
Current User Name: Kendal&Emily
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/16 20:20:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kendal&Emily\Downloads\OTL.exe
PRC - [2009/12/03 16:14:00 | 01,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/11/03 03:28:04 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/03 21:17:14 | 03,342,336 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2009/08/22 07:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 15:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/25 11:21:56 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/02/25 11:14:40 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/02/06 21:54:57 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/01/29 22:09:14 | 00,578,920 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/07/24 22:32:51 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/07/02 16:16:20 | 00,393,216 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2008/06/10 19:56:29 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/06/10 19:56:27 | 00,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2008/06/02 17:50:34 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 17:50:32 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/15 12:09:13 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/24 18:11:58 | 00,033,792 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezntsvc.exe
PRC - [2008/01/19 07:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 07:33:27 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/19 07:33:12 | 00,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008/01/15 10:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/27 17:13:44 | 00,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/10/30 19:52:34 | 00,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/10/04 02:02:02 | 01,783,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/09/20 01:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/29 15:40:48 | 00,360,096 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2007/05/16 16:56:44 | 00,067,128 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2007/04/18 15:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/15 17:54:04 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcdcoms.exe
PRC - [2007/04/07 10:56:47 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jusched.exe
PRC - [2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2004/06/09 13:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2009/12/16 20:20:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kendal&Emily\Downloads\OTL.exe
MOD - [2009/04/11 06:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/06 19:53:22 | 00,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/01 19:41:40 | 00,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/25 01:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 07:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/24 22:01:23 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/25 11:21:56 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/02/10 10:15:50 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98b68911361e0) Google Update Service (gupdate1c98b68911361e0)
SRV - [2009/02/06 21:54:57 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/01/29 22:09:14 | 00,578,920 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -- (MrHealthyService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/02 17:50:34 | 00,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/24 18:11:58 | 00,033,792 | ---- | M] (EasyBits Software Corp.) [Auto | Running] -- C:\Windows\System32\ezntsvc.exe -- (ezntsvc)
SRV - [2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 01:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/08/22 17:22:00 | 00,147,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007/07/23 23:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/04/15 17:54:04 | 00,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcdcoms.exe -- (lxcd_device)
SRV - [2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 A3 72 18 41 03 E7 47 BA FC 51 24 28 D9 30 5E [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 A3 72 18 41 03 E7 47 BA FC 51 24 28 D9 30 5E [binary data]

IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 A3 72 18 41 03 E7 47 BA FC 51 24 28 D9 30 5E [binary data]
IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\S-1-5-21-1037998891-2387599947-1757878551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\S-1-5-21-1037998891-2387599947-1757878551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/05 19:35:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 17:11:48 | 00,000,000 | ---D | M]

[2009/12/05 19:36:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Extensions
[2009/03/05 17:41:08 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/16 18:19:00 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Firefox\Profiles\deq1111p.default\extensions
[2009/12/05 20:11:05 | 00,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Firefox\Profiles\deq1111p.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/12/16 18:18:51 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Firefox\Profiles\deq1111p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/08 07:37:07 | 00,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Firefox\Profiles\deq1111p.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/12/16 20:15:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/03 01:42:02 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/03 01:42:02 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/03 01:42:02 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/03 01:42:02 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (1108 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\atwtusb.exe ()
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LXCDCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [Steam] L:\Games\Call of Dty Modern Warfare 2\Steam.exe File not found
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kendal&Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O7 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..Trusted Domains: hp.com ([pavilion.buttonredirect] http in Trusted sites)
O15 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..Trusted Domains: hp.com ([presario.buttonredirect] http in Trusted sites)
O15 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {127E0308-CF06-446D-88B8-2971DB94C179} http://www.miniclip.com/games/superstar-ra...ublicPlayer.cab (ChatRepublicPlayer ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantaction.com/download/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} http://www.miniclip.com/superstar_racing/C...ublicPlayer.cab (ChatRepublicPlayer ActiveX)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} http://www.superstarracing.net/miniclip/Ch...ublicPlayer.cab (ChatRepublicPlayer ActiveX)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/11 19:22:23 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{051c2708-d4d0-11dd-880a-001e8c5c5fdc}\Shell - "" = AutoRun
O33 - MountPoints2\{051c2708-d4d0-11dd-880a-001e8c5c5fdc}\Shell\AutoRun\command - "" = K:\DPFMate.exe -- File not found
O33 - MountPoints2\{28f4700d-f107-11dd-9230-001e8c5c5fdc}\Shell - "" = AutoRun
O33 - MountPoints2\{28f4700d-f107-11dd-9230-001e8c5c5fdc}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{28f47024-f107-11dd-9230-001e8c5c5fdc}\Shell - "" = AutoRun
O33 - MountPoints2\{28f47024-f107-11dd-9230-001e8c5c5fdc}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{2cf02305-a796-11dc-80d5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf02305-a796-11dc-80d5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{ab45a348-10a8-11dd-98d6-001e8c5c5fdc}\Shell - "" = AutoRun
O33 - MountPoints2\{ab45a348-10a8-11dd-98d6-001e8c5c5fdc}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{ab45a41e-10a8-11dd-98d6-001e8c5c5fdc}\Shell\AutoRun\command - "" = L:\setupSNK.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setupSNK.exe -- File not found
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\setupSNK.exe -- File not found
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/23 12:51:01 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/16 19:30:11 | 00,000,000 | ---D | C] -- C:\Users\Kendal&Emily\AppData\Roaming\Malwarebytes
[2009/12/16 19:30:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/16 19:30:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/16 19:30:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/16 19:30:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/15 21:01:28 | 00,000,000 | ---D | C] -- C:\Program Files\Find Your Own Way Home
[2009/12/15 19:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\James Patterson's Women's Murder Club - Twice in a Blue Moon
[2009/12/14 09:43:30 | 00,000,000 | ---D | C] -- C:\Users\Kendal&Emily\AppData\Local\Artist Colony
[2009/12/14 09:43:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Artist Colony
[2009/12/13 11:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Artist Colony
[2009/12/12 14:53:13 | 00,000,000 | ---D | C] -- C:\AMERICAN_PIE_BOOK_OF_LOVE
[2009/12/12 13:54:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mystery Case Files - Dire Grove
[2009/12/12 13:33:19 | 00,000,000 | ---D | C] -- C:\Program Files\Tropical Farm
[2009/12/06 11:48:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/12/06 11:48:57 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/05 19:35:43 | 00,000,000 | ---D | C] -- C:\Users\Kendal&Emily\AppData\Local\Mozilla
[2009/12/05 19:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/12/02 21:09:20 | 00,000,000 | ---D | C] -- C:\Users\Kendal&Emily\AppData\Roaming\Dekovir
[2008/04/29 20:55:14 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcdusb1.dll
[2008/04/29 20:55:14 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcdinpa.dll
[2008/04/29 20:55:14 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcdiesc.dll
[2008/04/29 20:55:14 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcdhcp.dll
[2008/04/29 20:55:13 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcdserv.dll
[2008/04/29 20:55:13 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcdpmui.dll
[2008/04/29 20:55:13 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcdlmpm.dll
[2008/04/29 20:55:13 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcdprox.dll
[2008/04/29 20:55:13 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcdpplc.dll
[2008/04/29 20:55:12 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcdhbn3.dll
[2008/04/29 20:55:11 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcdcomc.dll
[2008/04/29 20:55:11 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcdcomm.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kendal&Emily\*.tmp files -> C:\Users\Kendal&Emily\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/16 20:21:01 | 04,718,592 | ---- | M] () -- C:\Users\Kendal&Emily\NTUSER.DAT
[2009/12/16 20:17:40 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/12/16 20:15:02 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/16 20:15:02 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/16 20:15:02 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/16 20:14:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/16 20:14:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/16 20:14:45 | 00,524,288 | -HS- | M] () -- C:\Users\Kendal&Emily\NTUSER.DAT{4853b254-ea0a-11dd-8dc2-001e8c5c5fdc}.TMContainer00000000000000000001.regtrans-ms
[2009/12/16 20:14:45 | 00,065,536 | -HS- | M] () -- C:\Users\Kendal&Emily\NTUSER.DAT{4853b254-ea0a-11dd-8dc2-001e8c5c5fdc}.TM.blf
[2009/12/16 20:14:23 | 32,204,80000 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 20:12:42 | 03,087,948 | -H-- | M] () -- C:\Users\Kendal&Emily\AppData\Local\IconCache.db
[2009/12/16 20:12:37 | 00,002,057 | -HS- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697P.manifest
[2009/12/16 19:41:10 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/16 19:30:08 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/16 18:00:01 | 00,000,422 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Kendal&Emily.job
[2009/12/16 17:31:34 | 00,005,609 | -HS- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697C.manifest
[2009/12/16 13:31:10 | 00,000,800 | -HS- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697O.manifest
[2009/12/16 13:31:10 | 00,000,011 | -HS- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697S.manifest
[2009/12/15 21:03:37 | 00,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Play Find Your Own Way Home.lnk
[2009/12/15 21:03:37 | 00,001,210 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/12/15 19:45:13 | 00,002,142 | ---- | M] () -- C:\Users\Public\Desktop\Play James Patterson's Women's Murder Club - Twice in a Blue Moon.lnk
[2009/12/14 20:00:00 | 00,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kendal&Emily.job
[2009/12/13 11:16:02 | 00,001,743 | ---- | M] () -- C:\Users\Public\Desktop\Play Artist Colony.lnk
[2009/12/12 14:18:17 | 00,010,715 | ---- | M] () -- C:\Users\Kendal&Emily\Desktop\bleeping computer message.docx
[2009/12/12 14:02:36 | 00,524,288 | ---- | M] () -- C:\Users\Kendal&Emily\Desktop\dds.pif
[2009/12/12 13:55:12 | 00,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Play Mystery Case Files - Dire Grove.lnk
[2009/12/12 13:33:27 | 00,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Play Tropical Farm.lnk
[2009/12/09 19:32:13 | 00,025,380 | ---- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\wklnhst.dat
[2009/12/06 12:37:06 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/06 12:37:06 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/06 12:37:06 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/06 11:49:18 | 00,001,057 | ---- | M] () -- C:\Users\Kendal&Emily\Desktop\Spybot - Search & Destroy.lnk
[2009/12/05 19:35:35 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kendal&Emily\*.tmp files -> C:\Users\Kendal&Emily\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/16 19:30:08 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/15 21:03:37 | 00,001,210 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/12/15 21:03:32 | 00,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Play Find Your Own Way Home.lnk
[2009/12/15 19:45:13 | 00,002,142 | ---- | C] () -- C:\Users\Public\Desktop\Play James Patterson's Women's Murder Club - Twice in a Blue Moon.lnk
[2009/12/13 11:16:02 | 00,001,743 | ---- | C] () -- C:\Users\Public\Desktop\Play Artist Colony.lnk
[2009/12/12 14:04:09 | 00,010,715 | ---- | C] () -- C:\Users\Kendal&Emily\Desktop\bleeping computer message.docx
[2009/12/12 14:02:28 | 00,524,288 | ---- | C] () -- C:\Users\Kendal&Emily\Desktop\dds.pif
[2009/12/12 13:55:12 | 00,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Play Mystery Case Files - Dire Grove.lnk
[2009/12/12 13:33:27 | 00,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Play Tropical Farm.lnk
[2009/12/06 11:49:18 | 00,001,057 | ---- | C] () -- C:\Users\Kendal&Emily\Desktop\Spybot - Search & Destroy.lnk
[2009/12/05 19:35:35 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/29 20:05:55 | 00,001,442 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Local\seed.log
[2009/11/11 11:18:56 | 00,005,609 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697C.manifest
[2009/11/11 11:18:56 | 00,002,057 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697P.manifest
[2009/11/11 11:18:56 | 00,000,800 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697O.manifest
[2009/11/11 11:18:56 | 00,000,011 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697S.manifest
[2009/10/17 14:05:04 | 00,005,609 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2689C.manifest
[2009/10/17 14:05:04 | 00,002,060 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2689P.manifest
[2009/10/17 14:05:04 | 00,000,717 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2689O.manifest
[2009/10/17 14:05:04 | 00,000,011 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2689S.manifest
[2009/09/24 07:47:53 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/07 11:53:58 | 00,018,790 | ---- | C] () -- C:\Windows\System32\ddmon.dll
[2009/03/20 13:58:31 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/18 18:23:47 | 00,017,870 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Local\slot1.mm1
[2009/03/15 15:58:13 | 00,000,264 | ---- | C] () -- C:\ProgramData\ayg_save.log
[2008/10/23 10:47:33 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/10/12 20:22:12 | 00,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2008/08/15 19:06:30 | 00,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2008/08/15 19:06:29 | 00,014,545 | ---- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2008/08/15 19:06:29 | 00,006,382 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/08/15 19:06:29 | 00,005,940 | ---- | C] () -- C:\Windows\System32\XP_2000.ini
[2008/07/31 11:17:30 | 00,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/07/31 11:17:30 | 00,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/07/31 11:17:30 | 00,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/07/31 11:17:30 | 00,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/07/31 11:17:30 | 00,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/07/31 11:17:30 | 00,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/07/31 11:12:40 | 00,001,368 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/06/30 17:23:51 | 00,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/30 17:23:48 | 00,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/06/30 16:42:13 | 00,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2008/04/29 20:55:14 | 00,274,432 | ---- | C] () -- C:\Windows\System32\lxcdinst.dll
[2008/04/27 20:40:13 | 00,025,380 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\wklnhst.dat
[2008/04/25 11:12:27 | 00,024,576 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/22 21:15:56 | 00,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/04/22 21:15:56 | 00,022,328 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\PnkBstrK.sys
[2008/04/22 21:15:21 | 00,000,283 | ---- | C] () -- C:\Windows\game.ini
[2008/01/14 16:47:06 | 00,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/12/11 19:15:44 | 00,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/12/11 18:59:39 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/11 18:59:39 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/22 17:32:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxcdcoin.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/18 05:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxcdvs.dll
[2005/05/17 17:17:54 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxcdcnv4.dll

========== LOP Check ==========

[2009/06/27 18:15:10 | 00,000,000 | -HSD | M] -- C:\Users\Kendal&Emily\AppData\Roaming\.#
[2009/07/02 19:58:15 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Aisle 5 Games, Inc
[2009/05/01 17:55:19 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Alawar
[2008/08/01 18:47:37 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Amaranth Games
[2009/06/19 22:26:42 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Aveyond 3
[2009/10/21 14:22:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Awem
[2009/04/22 11:14:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Azuaz Games
[2009/04/04 15:36:45 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\BeachPartyCraze
[2009/10/25 10:13:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Big Fish Games
[2009/06/19 17:15:27 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\BlamGames
[2009/11/22 19:56:22 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\blg
[2009/03/12 14:00:50 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Boolat Games
[2009/01/21 18:53:18 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Boomzap
[2009/03/20 19:22:47 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\BrandX Games
[2009/06/09 18:03:37 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Camel101
[2009/10/23 18:37:59 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\casanova
[2009/08/18 21:12:39 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\CasualForge
[2009/08/08 20:14:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\cerasus.media
[2009/04/03 17:12:22 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Coyotes Tale
[2009/12/02 21:09:20 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Dekovir
[2009/07/07 12:09:17 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\deskUNPDF
[2009/06/28 17:27:35 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\DreamDale
[2009/02/20 19:23:48 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\eGames
[2009/11/20 22:32:56 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\EleFun Games
[2009/11/08 17:42:14 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ElementalsTheMagicKey
[2009/05/11 20:27:28 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Enchanted Katya
[2009/10/23 16:43:48 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Enki Games
[2009/07/01 07:19:41 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Enlightenus
[2009/10/03 17:37:43 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ERS G-Studio
[2009/06/27 11:14:08 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\EscapeFromParadise2
[2009/01/09 12:46:24 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Fabulous Finds
[2009/03/16 22:06:22 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Fever Frenzy
[2009/03/25 21:09:50 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Flood Light Games
[2009/01/22 13:18:33 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Friday's games
[2009/09/28 18:50:04 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\funkitron
[2008/08/08 17:23:46 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gaijin Ent
[2009/09/12 11:44:23 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GameInvest
[2009/02/04 20:48:11 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gamelab
[2009/07/31 15:53:57 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gamers Digital
[2009/07/26 20:24:46 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Games
[2009/06/23 18:28:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GAMESHASTRA
[2009/02/07 12:10:03 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GameTantra
[2009/04/07 14:27:53 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GetRightToGo
[2008/08/16 10:07:12 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2008/12/11 14:27:25 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gogii Games
[2009/03/25 12:17:45 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gold Casual Games
[2009/03/12 14:52:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GOL_byHasbro
[2009/08/11 21:45:13 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GraveyardShift
[2009/10/25 10:50:51 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GTM_Bodie
[2009/04/19 16:23:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\HiT-MM
[2008/11/05 17:55:51 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Home Sweet Home 2
[2008/05/14 16:36:55 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\HotSync
[2009/05/27 20:19:56 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\HuruBeachParty
[2009/04/11 21:12:31 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Intenium
[2008/10/12 20:31:37 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\iolo
[2009/05/24 09:31:58 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\IronCode
[2009/03/30 18:58:21 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\iWin
[2009/11/28 21:09:49 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Lazy Turtle Games
[2009/03/30 17:31:11 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Leadertech
[2009/11/19 16:17:44 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\LimeWire
[2009/03/15 14:52:06 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Lost in the City
[2008/07/08 18:48:30 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Ludia
[2008/05/17 16:17:05 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Magic Seeds
[2009/06/28 16:47:30 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\MagicBall4
[2009/06/09 17:26:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Mean Hamster
[2009/07/21 20:46:39 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2009/06/04 11:20:08 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Meridian93
[2009/11/27 19:00:42 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Merscom
[2009/10/21 09:48:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\MissTeriTale3
[2009/03/16 11:34:49 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\MysteryStudio
[2009/05/05 18:40:03 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Namco
[2008/09/12 19:38:04 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Oberon Games
[2009/03/04 22:18:45 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\panoramik
[2009/07/26 15:03:26 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Peace Craft
[2008/11/06 22:04:46 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\PetShowCraze
[2009/10/22 20:21:30 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Ph03nixNewMedia
[2009/11/28 21:17:11 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\PlayFirst
[2009/11/22 14:58:51 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Playrix Entertainment
[2009/08/19 09:11:20 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\PoBros
[2009/04/23 12:46:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Pogo Games
[2009/07/05 13:31:48 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Quirky Games
[2009/06/01 21:34:39 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive 3 Days Zoo Mystery
[2008/09/13 10:29:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive Arcade
[2008/12/27 17:45:17 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive Ashtons Family Resort
[2009/07/17 17:22:19 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive JanesZOO
[2009/01/16 11:00:04 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexivev1001
[2009/04/17 18:39:30 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexivev1002
[2008/08/25 13:17:12 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive_JanesRealty
[2009/05/12 19:52:17 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\RobinsonCrusoeREF
[2009/03/10 21:53:17 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ScreenSeven
[2008/09/12 16:37:52 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\SEGA
[2009/03/20 21:28:52 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\SerpentOfIsis
[2009/04/01 18:51:34 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Shape games
[2009/08/04 22:15:46 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\she_is_a_shadow
[2009/04/04 09:56:39 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ShinyTales
[2009/04/11 15:36:20 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Skunk Studios
[2009/05/21 18:59:15 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\SpinTop Games
[2008/05/09 09:26:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Sudden Games
[2009/10/02 18:43:11 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Sudden Games LLC
[2009/08/12 16:39:35 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\SulusGames
[2008/04/27 20:40:14 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Template
[2009/04/20 16:30:20 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\TikGames
[2009/09/22 19:27:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\TikisLab
[2009/11/02 23:29:50 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\TitanicMystery
[2009/05/02 17:48:33 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Twintale Entertainment
[2008/06/30 16:42:13 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ubi.com
[2009/03/28 16:24:37 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Ubisoft
[2009/04/18 09:58:14 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\UClick
[2008/08/01 09:01:08 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Ulead Systems
[2008/08/03 22:13:31 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\UNOUndercover
[2009/11/28 18:41:57 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\URSE Games
[2009/07/10 22:20:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\V-Games
[2009/01/16 23:12:35 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Valusoft
[2009/09/28 18:47:40 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\VampireSaga
[2009/02/05 12:21:57 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ViquaSoft
[2008/05/01 11:51:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\WinBatch
[2009/07/17 17:48:41 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\YoudaGames
[2009/02/22 19:05:13 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Zylom
[2009/12/16 20:12:47 | 00,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/04/23 17:18:49 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/04/23 17:18:49 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007/12/11 18:37:40 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\drivers\atapi.sys
[2007/12/11 18:37:40 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4db4e301\atapi.sys
[2007/12/11 18:37:40 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20693_none_db7d35eb3dc727cc\atapi.sys
[2008/04/23 17:18:49 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/04/23 17:18:49 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 06:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 16:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys
[2007/07/12 16:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007/07/12 16:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
[2008/06/02 17:49:48 | 00,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2008/06/02 17:49:48 | 00,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Windows\System32\drivers\iaStor.sys
[2008/06/02 17:49:48 | 00,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_27dcf4f5\iaStor.sys
[2008/06/02 17:50:10 | 00,382,488 | ---- | M] (Intel Corporation) MD5=3C4CD264B04D79A43A0F124C067BA08E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EE39C93C
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:BA05E0C4
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:B0193F8E
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:17C48B08
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:2AF478DB
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:D0D17155
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:385E2CFD
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:178093AE
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:AE2EA3C2
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:67BA17B9
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:059167AF
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:58D2A680
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:90574144
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:0AA21473
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:6E5C36BA
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:134A79D4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D091E13E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:123A86B5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:55C54F7C
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1B7E2022
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C73F3ACA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0E660858
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D8F9D810
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4AA3DAA3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:DAF232F8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A7B70C4E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5E413CD6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E65BB25A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CFFC9DD0
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:80DDCCC1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5FA4CB99
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:181EF3D9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ABD3B354
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:93D985FC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:93226FE3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7E082023
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6710EF08
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:086DE893
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C946DB94
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7920E530
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:386E239F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EB5BDBB0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0F38B460
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F986CC21
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:ADE67221
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:417B6FAC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2D0C22DC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2593961
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AE67195
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:52E1DB1D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:514E900B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:FDC41D2C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F2721624
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C611D6C8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A167A0BB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:00811B66
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F45F3031
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F2958F3A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:895C5142
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:69AF9D20
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5AE33054
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:45858237
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:96C9689F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CCDAB14
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:567D3254
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4CF76F21
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8B0F52E5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D994162E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9026FFAC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4220A65C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BF2E2F0E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:BBF60A29
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B741B2C2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0DAD93FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E962FBDB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6E86D926
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56C17A93
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5335CE76
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2E0B7D8A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0D52F295
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E7B49FBF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C7B98566
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B0EB578B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:50308CED
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3790BACD
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8F067037
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:47A24D4B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:405D842B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0F38F234
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:C3B5FCD5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9BC95BE9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1DEE6B65
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:10F6E97E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D2032EBB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A4BF246C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93877B62
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02C1CB6D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:663B62CA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F5B69884
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E3F37A7D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E3CEEC4C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D92485C9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AD727397
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4FE42FFC
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:02B823FE
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB52BE62
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:37994DBE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C3A4217C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:7AA6FC81
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:0DFE2AE1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:EEF1584F
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:55818279
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:31106FCB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2CDB9CA3
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0D3CE40A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D16E7091
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A96D3F23
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0D278FB5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:DE6EED8B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1AFC2166
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ECCE99EF
< End of report >

Extras:

OTL Extras logfile created on: 16/12/2009 20:20:46 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Kendal&Emily\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 83.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.46 Gb Total Space | 203.79 Gb Free Space | 44.74% Space Free | Partition Type: NTFS
Drive D: | 10.30 Gb Total Space | 1.41 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANCE
Current User Name: Kendal&Emily
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2BD31701-72DD-4EB6-AE08-ED92C23F8220}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{311F2B0F-7238-4A53-928B-07F14143E89B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D2F7FEE7-9724-45B4-8134-102266D981F5}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A623CF-2F36-4561-B8A1-0B34FC5A76EE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{07CCFFB0-2DDA-4EE6-A7EE-7350D7ADB854}" = protocol=6 | dir=in | app=l:\games\call of dty modern warfare 2\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{0B9F9188-E9ED-4990-BFEB-4A8732E41B04}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0F4D5535-913C-440A-B1A9-077CDF8D1FFC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{17FC147E-1BE7-49E5-B87C-569F30DBC9EF}" = protocol=17 | dir=in | app=c:\windows\system32\lxcdcoms.exe |
"{1FBCB0F3-0936-4386-89B8-D95555F3FCD0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{20FF4AE6-AC2B-4FCC-90AD-06AB0B0313F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{308C09C9-D544-4CFD-AB05-A36563F9D3FB}" = protocol=6 | dir=in | app=c:\windows\system32\lxcdcoms.exe |
"{348CA43C-DBAD-40DA-ADA3-19A556172640}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F130D9C-3090-4DCE-970D-007E935B5D42}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5773F038-6EDF-4356-B122-304E9B29823C}" = protocol=17 | dir=in | app=l:\games\tc\binaries\r6vegas2_launcher.exe |
"{61B7C91F-DDDB-4214-8049-DB4DC2F03B97}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{6B25BF62-B0C2-4C05-8AB2-A642CA301814}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6DA27EF8-ECA4-4D71-843C-D4DFE3F07470}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{7238D18F-93BB-48B2-B9E6-0B3D28E291D9}" = protocol=6 | dir=in | app=l:\games\call of dty modern warfare 2\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{779244ED-7529-472B-B067-0C972C2CC3BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7AA92AC2-0627-401A-9921-967EF3B60BC9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7BC39715-3013-4464-B156-8A1518A2A76C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{82A23681-FD90-4BD7-97F6-B5F48E8ED53A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{83DCAFA7-A11E-431B-B1C9-E113C5707CD3}" = protocol=6 | dir=in | app=l:\games\cod 5 waw\codwaw.exe |
"{92AE059B-DD67-4A73-AD19-4BE4478C094E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{94D5BD2B-79D2-499C-92A4-1C84CFC3F7E6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcdpswx.exe |
"{950D04DF-5221-4409-8E73-4C7EF75A70A2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{99560922-2970-401A-B7EB-5607564BC9EF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9B80717E-2B12-45B7-80CB-C649D02EFC63}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A0107D35-E0B7-445E-8FB0-684CF8057975}" = protocol=17 | dir=in | app=l:\games\call of dty modern warfare 2\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{A7FE848E-2D85-4B91-8EC4-8D07FB6D13C9}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{B37D4477-0C3B-41CC-A725-1D8D5BB37547}" = protocol=17 | dir=in | app=c:0\games\call of duty 4\iw3mp.exe |
"{B4E53BC7-D5B6-40C4-B5D2-BD0F5A317EBF}" = protocol=6 | dir=in | app=l:\games\cod 5 waw\codwawmp.exe |
"{B9335AA3-E7E2-468D-859A-AE23205A9217}" = protocol=6 | dir=in | app=l:\games\tc\binaries\r6vegas2_launcher.exe |
"{B940231C-E785-4248-9E20-4D72E0DD9A7F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3CCA862-8083-42EB-A3ED-E08D39A13904}" = protocol=6 | dir=in | app=l:\games\frontlines fuel of war\binaries\ffow.exe |
"{C8F4555A-0EAA-4361-B518-290D41ABA6CD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CB13DE19-4799-448A-87BA-0F776ECE733E}" = protocol=17 | dir=in | app=l:\games\call of dty modern warfare 2\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{CC0107E0-F2F7-4931-BC38-9FBEBAFFD7AC}" = protocol=17 | dir=in | app=l:\games\cod 5 waw\codwawmp.exe |
"{CC69D025-8416-4ED9-A45B-F13F948728B9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcdpswx.exe |
"{DA6AE098-7C52-401E-B428-9E60EC067525}" = protocol=17 | dir=in | app=l:\games\tc\binaries\r6vegas2_game.exe |
"{DEA87702-4DFE-4C8E-B2C7-C9CA430F86EA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E9B5AF63-5D23-4F7D-A119-67C9C5E96145}" = protocol=6 | dir=in | app=c:0\games\call of duty 4\iw3mp.exe |
"{EB8B685F-985C-4A47-A29C-CB562F2B75BE}" = protocol=17 | dir=in | app=l:\games\frontlines fuel of war\binaries\ffow.exe |
"{EBB5A025-1CC1-4007-AD73-A1DD6F10043C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F6A18E7D-BCF4-4AE2-99C0-6CB58229C67D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F91D7C99-7750-4450-B164-AAC28960D94F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FB880191-48BB-4D6C-B204-F7D8D58A7627}" = protocol=17 | dir=in | app=l:\games\cod 5 waw\codwaw.exe |
"{FBDE0808-EDFF-4D64-B820-FFB7E93F4F8C}" = protocol=6 | dir=in | app=l:\games\tc\binaries\r6vegas2_game.exe |
"{FEE63BE4-5B12-4C89-BDBA-EFF90C8783A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{5596A06E-3919-416B-AEC8-53E86F595C63}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
"UDP Query User{E7343D54-8A2A-4AA5-87B7-B81FC4750AE6}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{067CE951-4917-4C90-9CE5-8D6D8492480F}" = palmOne
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{08EA2B0E-2CB4-42AC-B675-16FF8C44E38F}" = Internet From BT
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}" = CSI
"{3BB33584-3860-4772-AEE9-D8E61F552896}" = Tom Clancy's Rainbow Six: Lockdown
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{552C83B7-0013-42EA-B285-1997D129DD53}" = SA31xx Device Manager & Media Converter
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BA510D1-045B-4E1A-AF52-2282BBF69D5D}" = LightScribe System Software
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B418F434-15CD-4B68-A022-CFE0DB92A6F9}" = THE HOUSE OF THE DEAD 3
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus®
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E35A1183-F6D8-4DCA-A111-296AFFA00A5C}" = LightScribe Template Designs - Tattoo Pack 1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EF5A6DD8-4A03-4BDD-A7C3-5CA2FF02DCFA}" = Pippa Funnell
"{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}" = Trainz
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"4elements" = 4 Elements
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazing Adventures Special Edition Bundle_is1" = Amazing Adventures Special Edition Bundle
"Aveyond Lord of Twilight_is1" = Aveyond Lord of Twilight
"Beach Party Craze_is1" = Beach Party Craze
"BFG-Artist Colony" = Artist Colony
"BFG-Burger Shop 2" = Burger Shop 2
"BFGC" = Big Fish Games Client
"BFG-Cake Mania Main Street" = Cake Mania Main Street
"BFG-Elementals - The Magic Key" = Elementals: The Magic Key
"BFG-Farm Frenzy 3" = Farm Frenzy 3
"BFG-Find Your Own Way Home" = Find Your Own Way Home
"BFG-Hotel Dash - Suite Success" = Hotel Dash: Suite Success
"BFG-James Patterson's Women's Murder Club - Twice in a Blue Moon" = James Patterson's Women's Murder Club: Twice in a Blue Moon
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files&reg;: Dire Grove™
"BFG-Paradise Beach" = Paradise Beach
"BFG-Party Down" = Party Down
"BFG-Treasure Seekers - The Enchanted Canvases" = Treasure Seekers: The Enchanted Canvases
"BFG-Tropical Farm" = Tropical Farm
"BFG-Wendy's Wellness" = Wendy's Wellness
"BFG-Winemaker Extraordinaire" = Winemaker Extraordinaire
"BFG-Youda Farmer" = Youda Farmer
"bricksofegypt" = Bricks of Egypt
"Burger Shop_is1" = Burger Shop
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crazy Golf World Tour1.0" = Crazy Golf World Tour
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EADM" = EA Download Manager
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"First Class Flurry_is1" = First Class Flurry
"Free Realms Installer" = Free Realms Installer
"Go Go Gourmet Chef Of The Year_is1" = Go Go Gourmet Chef Of The Year
"Google Updater" = Google Updater
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"HMRC Employer CD-ROM 2009 " = HMRC Employer CD-ROM 2009
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Kuros_is1" = Kuros
"Lexmark 6300 Series" = Lexmark 6300 Series
"LimeWire" = LimeWire 5.1.1
"Magic Seeds_is1" = Magic Seeds
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mortimer Beckett And The Time Paradox_is1" = Mortimer Beckett And The Time Paradox
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"My Tribe_is1" = My Tribe
"NIS" = Norton Internet Security
"Norton PC Checkup" = Norton PC Checkup
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Operation Flashpoint" = Operation Flashpoint uninstall
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Party Down_is1" = Party Down
"PartyCasino" = PartyCasino
"PartyGammon" = PartyGammon
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Pet Shop Hop_is1" = Pet Shop Hop
"PunkBusterSvc" = PunkBuster Services
"Ranch Rush_is1" = Ranch Rush
"Real Crimes The Unicorn Killer_is1" = Real Crimes The Unicorn Killer
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Rmtablet" = Pen Pad Driver with Macro Key Manager
"Sallys Spa_is1" = Sallys Spa
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Shockwave" = Shockwave
"Sniper_is1" = Sniper: Art of Victory
"Stand O Food 2_is1" = Stand O Food 2
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 7890" = Men of War - Demo
"The Mystery Of The Crystal Portal_is1" = The Mystery Of The Crystal Portal
"Tropix 2 Quest For The Golden Banana_is1" = Tropix 2 Quest For The Golden Banana
"Virtual Families_is1" = Virtual Families
"Virtual Villagers The Secret City_is1" = Virtual Villagers The Secret City
"Web Games Player Plugin" = Web Games Player Plugin
"Wedding Dash 2_is1" = Wedding Dash 2
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"Ranch Rush Deluxe" = Ranch Rush Deluxe

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

I hope I did all that correctly.

Thank you

Emily

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:01 AM

Posted 16 December 2009 - 06:36 PM

Yep, that's perfect. :(


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EE39C93C
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:BA05E0C4
    @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:B0193F8E
    @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:17C48B08
    @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:2AF478DB
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:D0D17155
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:385E2CFD
    @Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:178093AE
    @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:AE2EA3C2
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:EA701346
    @Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:80E965A3
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:CB0FEE2B
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:4A1628E5
    @Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:67BA17B9
    @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:059167AF
    @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:58D2A680
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:90574144
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:0AA21473
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:6E5C36BA
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:134A79D4
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D091E13E
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:123A86B5
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:55C54F7C
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0E22C5DB
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1B7E2022
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C73F3ACA
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9E76E7F3
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:89C28CF6
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0E660858
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D8F9D810
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4AA3DAA3
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:DAF232F8
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EDC744FB
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:61B54B15
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:2495D97A
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A7B70C4E
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5E413CD6
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E65BB25A
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4C528C86
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CFFC9DD0
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7FCB9D0D
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FED25C29
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F1DEA771
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:80DDCCC1
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5FA4CB99
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:181EF3D9
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ABD3B354
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:93D985FC
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:93226FE3
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7E082023
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6710EF08
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:086DE893
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C946DB94
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7920E530
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:386E239F
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EB5BDBB0
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7CEDF9F3
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3D186293
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0F38B460
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F986CC21
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:ADE67221
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:417B6FAC
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2D0C22DC
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2593961
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C928F3BE
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AE67195
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:97C4F81F
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5FFC2819
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:52E1DB1D
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:514E900B
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:FDC41D2C
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F2721624
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EF5B3572
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C611D6C8
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A167A0BB
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:737160C1
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:00811B66
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F45F3031
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F2958F3A
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:895C5142
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:69AF9D20
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5AE33054
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:45858237
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A58B27C9
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:96C9689F
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CCDAB14
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:569CEE83
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:567D3254
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4CF76F21
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BDF08FAF
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A02025CE
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8B0F52E5
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D994162E
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D48500F8
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C72A744C
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9026FFAC
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7FD903D7
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6017A808
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5E9B629B
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4220A65C
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FD000392
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF61CE5A
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BF2E2F0E
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:523B97A0
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E80802C7
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:BBF60A29
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B741B2C2
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7A0EFE63
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5EF1AD34
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B1EA607
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0DAD93FF
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E962FBDB
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6E86D926
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56C17A93
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5335CE76
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:517B507A
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2E0B7D8A
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0E684AC9
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0D52F295
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:60A4BB64
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E7B49FBF
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C7B98566
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C10635F6
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B0EB578B
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:5345C8F6
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:50308CED
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3790BACD
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DF0BC727
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C07A6A6B
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8F067037
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:47A24D4B
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:405D842B
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0F38F234
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:C3B5FCD5
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9BC95BE9
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2F141B68
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1DEE6B65
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:10F6E97E
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D2032EBB
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:28CDD861
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A4BF246C
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93877B62
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02C1CB6D
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D0668210
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C22674B6
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:663B62CA
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F5B69884
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DF68137
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E3F37A7D
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E3CEEC4C
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D92485C9
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AD727397
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4FE42FFC
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:40D8F125
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:25249477
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:12D2EB9C
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:02B823FE
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB52BE62
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9F683177
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:37994DBE
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C3A4217C
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:7AA6FC81
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:0DFE2AE1
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:0860D6D6
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FF9C44FE
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FB97DB91
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:EEF1584F
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:55818279
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:31106FCB
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2CDB9CA3
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:177313FB
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0D3CE40A
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:EEB25EAE
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:61AF2B29
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D16E7091
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:551BED5F
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A18121AD
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:0C988F7D
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E51234A9
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A96D3F23
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3FD496E1
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0D278FB5
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:DE6EED8B
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1AFC2166
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ECCE99EF
    
    
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 emilyc

emilyc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 17 December 2009 - 06:48 AM

I just ran the OTL.exe and pasted in the text, but I'm not sure if it worked. As soon as I pressed 'Run Fix' all the icons on the desktop disappeared and also my toolbar, just leaving the desktop background in view. Then it seemed to run for a while and then came up with an error message saying 'Range check error'. After that it wasn't doing anything and the text that was left in the box at the bottom was:

[emptytemp]
[Reboot]

So I rebooted the computer and got the following log:


Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETDEC9.tmp not found!

Registry entries deleted on Reboot...


Is that all correct or did something go a bit wrong?

I ran a new OTL log as well:

OTL logfile created on: 17/12/2009 11:32:43 - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Kendal&Emily\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 83.16% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.46 Gb Total Space | 227.16 Gb Free Space | 49.87% Space Free | Partition Type: NTFS
Drive D: | 10.30 Gb Total Space | 1.41 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANCE
Current User Name: Kendal&Emily
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/16 20:20:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kendal&Emily\Downloads\OTL.exe
PRC - [2009/11/03 03:28:04 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/03 21:17:14 | 03,342,336 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2009/08/22 07:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 15:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/25 11:21:56 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/02/25 11:14:40 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/02/06 21:54:57 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/29 22:09:14 | 00,578,920 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/07/24 22:32:51 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/07/02 16:16:20 | 00,393,216 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2008/06/10 19:56:29 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/06/10 19:56:27 | 00,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2008/06/02 17:50:34 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 17:50:32 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/15 12:09:13 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/24 18:11:58 | 00,033,792 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezntsvc.exe
PRC - [2008/01/19 07:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 07:33:27 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/19 07:33:12 | 00,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008/01/15 10:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/27 17:13:44 | 00,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/10/30 19:52:34 | 00,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/10/04 02:02:02 | 01,783,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/09/20 01:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/29 15:40:48 | 00,360,096 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2007/05/16 16:56:44 | 00,067,128 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2007/04/18 15:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/15 17:54:04 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcdcoms.exe
PRC - [2007/04/07 10:56:47 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jusched.exe
PRC - [2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2004/06/09 13:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2009/12/16 20:20:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kendal&Emily\Downloads\OTL.exe
MOD - [2009/04/11 06:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/06 19:53:22 | 00,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/01 19:41:40 | 00,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/25 01:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 07:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/24 22:01:23 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/25 11:21:56 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/02/10 10:15:50 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98b68911361e0) Google Update Service (gupdate1c98b68911361e0)
SRV - [2009/02/06 21:54:57 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/01/29 22:09:14 | 00,578,920 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -- (MrHealthyService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/02 17:50:34 | 00,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/24 18:11:58 | 00,033,792 | ---- | M] (EasyBits Software Corp.) [Auto | Running] -- C:\Windows\System32\ezntsvc.exe -- (ezntsvc)
SRV - [2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 01:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/08/22 17:22:00 | 00,147,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007/07/23 23:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/04/15 17:54:04 | 00,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcdcoms.exe -- (lxcd_device)
SRV - [2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 A3 72 18 41 03 E7 47 BA FC 51 24 28 D9 30 5E [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 A3 72 18 41 03 E7 47 BA FC 51 24 28 D9 30 5E [binary data]

IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 A3 72 18 41 03 E7 47 BA FC 51 24 28 D9 30 5E [binary data]
IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\S-1-5-21-1037998891-2387599947-1757878551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\S-1-5-21-1037998891-2387599947-1757878551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/05 19:35:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 17:11:48 | 00,000,000 | ---D | M]

[2009/12/05 19:36:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Extensions
[2009/03/05 17:41:08 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/16 18:19:00 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Firefox\Profiles\deq1111p.default\extensions
[2009/12/05 20:11:05 | 00,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Firefox\Profiles\deq1111p.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/12/16 18:18:51 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Firefox\Profiles\deq1111p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/08 07:37:07 | 00,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Kendal&Emily\AppData\Roaming\Mozilla\Firefox\Profiles\deq1111p.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/12/17 11:18:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/03 01:42:02 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/03 01:42:02 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/03 01:42:02 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/03 01:42:02 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (1108 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\atwtusb.exe ()
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LXCDCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [Steam] L:\Games\Call of Dty Modern Warfare 2\Steam.exe File not found
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kendal&Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O7 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..Trusted Domains: hp.com ([pavilion.buttonredirect] http in Trusted sites)
O15 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..Trusted Domains: hp.com ([presario.buttonredirect] http in Trusted sites)
O15 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1037998891-2387599947-1757878551-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {127E0308-CF06-446D-88B8-2971DB94C179} http://www.miniclip.com/games/superstar-ra...ublicPlayer.cab (ChatRepublicPlayer ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantaction.com/download/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} http://www.miniclip.com/superstar_racing/C...ublicPlayer.cab (ChatRepublicPlayer ActiveX)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} http://www.superstarracing.net/miniclip/Ch...ublicPlayer.cab (ChatRepublicPlayer ActiveX)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/11 19:22:23 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{051c2708-d4d0-11dd-880a-001e8c5c5fdc}\Shell - "" = AutoRun
O33 - MountPoints2\{051c2708-d4d0-11dd-880a-001e8c5c5fdc}\Shell\AutoRun\command - "" = K:\DPFMate.exe -- File not found
O33 - MountPoints2\{28f4700d-f107-11dd-9230-001e8c5c5fdc}\Shell - "" = AutoRun
O33 - MountPoints2\{28f4700d-f107-11dd-9230-001e8c5c5fdc}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{28f47024-f107-11dd-9230-001e8c5c5fdc}\Shell - "" = AutoRun
O33 - MountPoints2\{28f47024-f107-11dd-9230-001e8c5c5fdc}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{2cf02305-a796-11dc-80d5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf02305-a796-11dc-80d5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{ab45a348-10a8-11dd-98d6-001e8c5c5fdc}\Shell - "" = AutoRun
O33 - MountPoints2\{ab45a348-10a8-11dd-98d6-001e8c5c5fdc}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{ab45a41e-10a8-11dd-98d6-001e8c5c5fdc}\Shell\AutoRun\command - "" = L:\setupSNK.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setupSNK.exe -- File not found
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\setupSNK.exe -- File not found
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/23 12:51:01 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/17 11:09:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/16 19:30:11 | 00,000,000 | ---D | C] -- C:\Users\Kendal&Emily\AppData\Roaming\Malwarebytes
[2009/12/16 19:30:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/16 19:30:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/16 19:30:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/16 19:30:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/15 21:01:28 | 00,000,000 | ---D | C] -- C:\Program Files\Find Your Own Way Home
[2009/12/15 19:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\James Patterson's Women's Murder Club - Twice in a Blue Moon
[2009/12/14 09:43:30 | 00,000,000 | ---D | C] -- C:\Users\Kendal&Emily\AppData\Local\Artist Colony
[2009/12/14 09:43:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Artist Colony
[2009/12/13 11:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Artist Colony
[2009/12/12 14:53:13 | 00,000,000 | ---D | C] -- C:\AMERICAN_PIE_BOOK_OF_LOVE
[2009/12/12 13:54:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mystery Case Files - Dire Grove
[2009/12/12 13:33:19 | 00,000,000 | ---D | C] -- C:\Program Files\Tropical Farm
[2009/12/06 11:48:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/12/06 11:48:57 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/05 19:35:43 | 00,000,000 | ---D | C] -- C:\Users\Kendal&Emily\AppData\Local\Mozilla
[2009/12/05 19:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/04/29 20:55:14 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcdusb1.dll
[2008/04/29 20:55:14 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcdinpa.dll
[2008/04/29 20:55:14 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcdiesc.dll
[2008/04/29 20:55:14 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcdhcp.dll
[2008/04/29 20:55:13 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcdserv.dll
[2008/04/29 20:55:13 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcdpmui.dll
[2008/04/29 20:55:13 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcdlmpm.dll
[2008/04/29 20:55:13 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcdprox.dll
[2008/04/29 20:55:13 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcdpplc.dll
[2008/04/29 20:55:12 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcdhbn3.dll
[2008/04/29 20:55:11 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcdcomc.dll
[2008/04/29 20:55:11 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcdcomm.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Kendal&Emily\*.tmp files -> C:\Users\Kendal&Emily\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/17 11:36:30 | 04,718,592 | ---- | M] () -- C:\Users\Kendal&Emily\NTUSER.DAT
[2009/12/17 11:20:46 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/12/17 11:17:54 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 11:17:53 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 11:17:51 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/17 11:17:49 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/17 11:17:46 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/17 11:17:25 | 32,204,80000 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/17 11:15:10 | 00,524,288 | -HS- | M] () -- C:\Users\Kendal&Emily\NTUSER.DAT{4853b254-ea0a-11dd-8dc2-001e8c5c5fdc}.TMContainer00000000000000000001.regtrans-ms
[2009/12/17 11:15:10 | 00,065,536 | -HS- | M] () -- C:\Users\Kendal&Emily\NTUSER.DAT{4853b254-ea0a-11dd-8dc2-001e8c5c5fdc}.TM.blf
[2009/12/17 00:04:08 | 03,146,846 | -H-- | M] () -- C:\Users\Kendal&Emily\AppData\Local\IconCache.db
[2009/12/16 23:41:04 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/16 20:12:37 | 00,002,057 | -HS- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697P.manifest
[2009/12/16 19:30:08 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/16 18:00:01 | 00,000,422 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Kendal&Emily.job
[2009/12/16 17:31:34 | 00,005,609 | -HS- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697C.manifest
[2009/12/16 13:31:10 | 00,000,800 | -HS- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697O.manifest
[2009/12/16 13:31:10 | 00,000,011 | -HS- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697S.manifest
[2009/12/15 21:03:37 | 00,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Play Find Your Own Way Home.lnk
[2009/12/15 21:03:37 | 00,001,210 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/12/15 19:45:13 | 00,002,142 | ---- | M] () -- C:\Users\Public\Desktop\Play James Patterson's Women's Murder Club - Twice in a Blue Moon.lnk
[2009/12/14 20:00:00 | 00,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kendal&Emily.job
[2009/12/13 11:16:02 | 00,001,743 | ---- | M] () -- C:\Users\Public\Desktop\Play Artist Colony.lnk
[2009/12/12 14:18:17 | 00,010,715 | ---- | M] () -- C:\Users\Kendal&Emily\Desktop\bleeping computer message.docx
[2009/12/12 14:02:36 | 00,524,288 | ---- | M] () -- C:\Users\Kendal&Emily\Desktop\dds.pif
[2009/12/12 13:55:12 | 00,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Play Mystery Case Files - Dire Grove.lnk
[2009/12/12 13:33:27 | 00,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Play Tropical Farm.lnk
[2009/12/09 19:32:13 | 00,025,380 | ---- | M] () -- C:\Users\Kendal&Emily\AppData\Roaming\wklnhst.dat
[2009/12/06 12:37:06 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/06 12:37:06 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/06 12:37:06 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/06 11:49:18 | 00,001,057 | ---- | M] () -- C:\Users\Kendal&Emily\Desktop\Spybot - Search & Destroy.lnk
[2009/12/05 19:35:35 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Kendal&Emily\*.tmp files -> C:\Users\Kendal&Emily\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/16 19:30:08 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/15 21:03:37 | 00,001,210 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/12/15 21:03:32 | 00,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Play Find Your Own Way Home.lnk
[2009/12/15 19:45:13 | 00,002,142 | ---- | C] () -- C:\Users\Public\Desktop\Play James Patterson's Women's Murder Club - Twice in a Blue Moon.lnk
[2009/12/13 11:16:02 | 00,001,743 | ---- | C] () -- C:\Users\Public\Desktop\Play Artist Colony.lnk
[2009/12/12 14:04:09 | 00,010,715 | ---- | C] () -- C:\Users\Kendal&Emily\Desktop\bleeping computer message.docx
[2009/12/12 14:02:28 | 00,524,288 | ---- | C] () -- C:\Users\Kendal&Emily\Desktop\dds.pif
[2009/12/12 13:55:12 | 00,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Play Mystery Case Files - Dire Grove.lnk
[2009/12/12 13:33:27 | 00,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Play Tropical Farm.lnk
[2009/12/06 11:49:18 | 00,001,057 | ---- | C] () -- C:\Users\Kendal&Emily\Desktop\Spybot - Search & Destroy.lnk
[2009/12/05 19:35:35 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/29 20:05:55 | 00,001,442 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Local\seed.log
[2009/11/11 11:18:56 | 00,005,609 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697C.manifest
[2009/11/11 11:18:56 | 00,002,057 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697P.manifest
[2009/11/11 11:18:56 | 00,000,800 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697O.manifest
[2009/11/11 11:18:56 | 00,000,011 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2697S.manifest
[2009/10/17 14:05:04 | 00,005,609 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2689C.manifest
[2009/10/17 14:05:04 | 00,002,060 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2689P.manifest
[2009/10/17 14:05:04 | 00,000,717 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2689O.manifest
[2009/10/17 14:05:04 | 00,000,011 | -HS- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\02000000281b1ea2689S.manifest
[2009/09/24 07:47:53 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/07 11:53:58 | 00,018,790 | ---- | C] () -- C:\Windows\System32\ddmon.dll
[2009/03/20 13:58:31 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/18 18:23:47 | 00,017,870 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Local\slot1.mm1
[2009/03/15 15:58:13 | 00,000,264 | ---- | C] () -- C:\ProgramData\ayg_save.log
[2008/10/23 10:47:33 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/10/12 20:22:12 | 00,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2008/08/15 19:06:30 | 00,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2008/08/15 19:06:29 | 00,014,545 | ---- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2008/08/15 19:06:29 | 00,006,382 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/08/15 19:06:29 | 00,005,940 | ---- | C] () -- C:\Windows\System32\XP_2000.ini
[2008/07/31 11:17:30 | 00,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/07/31 11:17:30 | 00,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/07/31 11:17:30 | 00,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/07/31 11:17:30 | 00,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/07/31 11:17:30 | 00,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/07/31 11:17:30 | 00,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/07/31 11:12:40 | 00,001,368 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/06/30 17:23:51 | 00,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/30 17:23:48 | 00,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/06/30 16:42:13 | 00,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2008/04/29 20:55:14 | 00,274,432 | ---- | C] () -- C:\Windows\System32\lxcdinst.dll
[2008/04/27 20:40:13 | 00,025,380 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\wklnhst.dat
[2008/04/25 11:12:27 | 00,024,576 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/22 21:15:56 | 00,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/04/22 21:15:56 | 00,022,328 | ---- | C] () -- C:\Users\Kendal&Emily\AppData\Roaming\PnkBstrK.sys
[2008/04/22 21:15:21 | 00,000,283 | ---- | C] () -- C:\Windows\game.ini
[2008/01/14 16:47:06 | 00,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/12/11 19:15:44 | 00,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/12/11 18:59:39 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/11 18:59:39 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/22 17:32:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxcdcoin.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/18 05:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxcdvs.dll
[2005/05/17 17:17:54 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxcdcnv4.dll

========== LOP Check ==========

[2009/06/27 18:15:10 | 00,000,000 | -HSD | M] -- C:\Users\Kendal&Emily\AppData\Roaming\.#
[2009/07/02 19:58:15 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Aisle 5 Games, Inc
[2009/05/01 17:55:19 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Alawar
[2008/08/01 18:47:37 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Amaranth Games
[2009/06/19 22:26:42 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Aveyond 3
[2009/10/21 14:22:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Awem
[2009/04/22 11:14:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Azuaz Games
[2009/04/04 15:36:45 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\BeachPartyCraze
[2009/10/25 10:13:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Big Fish Games
[2009/06/19 17:15:27 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\BlamGames
[2009/11/22 19:56:22 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\blg
[2009/03/12 14:00:50 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Boolat Games
[2009/01/21 18:53:18 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Boomzap
[2009/03/20 19:22:47 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\BrandX Games
[2009/06/09 18:03:37 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Camel101
[2009/10/23 18:37:59 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\casanova
[2009/08/18 21:12:39 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\CasualForge
[2009/08/08 20:14:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\cerasus.media
[2009/04/03 17:12:22 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Coyotes Tale
[2009/12/02 21:09:20 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Dekovir
[2009/07/07 12:09:17 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\deskUNPDF
[2009/06/28 17:27:35 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\DreamDale
[2009/02/20 19:23:48 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\eGames
[2009/11/20 22:32:56 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\EleFun Games
[2009/11/08 17:42:14 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ElementalsTheMagicKey
[2009/05/11 20:27:28 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Enchanted Katya
[2009/10/23 16:43:48 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Enki Games
[2009/07/01 07:19:41 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Enlightenus
[2009/10/03 17:37:43 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ERS G-Studio
[2009/06/27 11:14:08 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\EscapeFromParadise2
[2009/01/09 12:46:24 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Fabulous Finds
[2009/03/16 22:06:22 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Fever Frenzy
[2009/03/25 21:09:50 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Flood Light Games
[2009/01/22 13:18:33 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Friday's games
[2009/09/28 18:50:04 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\funkitron
[2008/08/08 17:23:46 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gaijin Ent
[2009/09/12 11:44:23 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GameInvest
[2009/02/04 20:48:11 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gamelab
[2009/07/31 15:53:57 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gamers Digital
[2009/07/26 20:24:46 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Games
[2009/06/23 18:28:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GAMESHASTRA
[2009/02/07 12:10:03 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GameTantra
[2009/04/07 14:27:53 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GetRightToGo
[2008/08/16 10:07:12 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2008/12/11 14:27:25 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gogii Games
[2009/03/25 12:17:45 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Gold Casual Games
[2009/03/12 14:52:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GOL_byHasbro
[2009/08/11 21:45:13 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GraveyardShift
[2009/10/25 10:50:51 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\GTM_Bodie
[2009/04/19 16:23:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\HiT-MM
[2008/11/05 17:55:51 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Home Sweet Home 2
[2008/05/14 16:36:55 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\HotSync
[2009/05/27 20:19:56 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\HuruBeachParty
[2009/04/11 21:12:31 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Intenium
[2008/10/12 20:31:37 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\iolo
[2009/05/24 09:31:58 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\IronCode
[2009/03/30 18:58:21 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\iWin
[2009/11/28 21:09:49 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Lazy Turtle Games
[2009/03/30 17:31:11 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Leadertech
[2009/11/19 16:17:44 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\LimeWire
[2009/03/15 14:52:06 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Lost in the City
[2008/07/08 18:48:30 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Ludia
[2008/05/17 16:17:05 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Magic Seeds
[2009/06/28 16:47:30 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\MagicBall4
[2009/06/09 17:26:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Mean Hamster
[2009/07/21 20:46:39 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2009/06/04 11:20:08 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Meridian93
[2009/11/27 19:00:42 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Merscom
[2009/10/21 09:48:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\MissTeriTale3
[2009/03/16 11:34:49 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\MysteryStudio
[2009/05/05 18:40:03 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Namco
[2008/09/12 19:38:04 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Oberon Games
[2009/03/04 22:18:45 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\panoramik
[2009/07/26 15:03:26 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Peace Craft
[2008/11/06 22:04:46 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\PetShowCraze
[2009/10/22 20:21:30 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Ph03nixNewMedia
[2009/11/28 21:17:11 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\PlayFirst
[2009/11/22 14:58:51 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Playrix Entertainment
[2009/08/19 09:11:20 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\PoBros
[2009/04/23 12:46:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Pogo Games
[2009/07/05 13:31:48 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Quirky Games
[2009/06/01 21:34:39 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive 3 Days Zoo Mystery
[2008/09/13 10:29:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive Arcade
[2008/12/27 17:45:17 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive Ashtons Family Resort
[2009/07/17 17:22:19 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive JanesZOO
[2009/01/16 11:00:04 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexivev1001
[2009/04/17 18:39:30 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexivev1002
[2008/08/25 13:17:12 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Reflexive_JanesRealty
[2009/05/12 19:52:17 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\RobinsonCrusoeREF
[2009/03/10 21:53:17 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ScreenSeven
[2008/09/12 16:37:52 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\SEGA
[2009/03/20 21:28:52 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\SerpentOfIsis
[2009/04/01 18:51:34 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Shape games
[2009/08/04 22:15:46 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\she_is_a_shadow
[2009/04/04 09:56:39 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ShinyTales
[2009/04/11 15:36:20 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Skunk Studios
[2009/05/21 18:59:15 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\SpinTop Games
[2008/05/09 09:26:07 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Sudden Games
[2009/10/02 18:43:11 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Sudden Games LLC
[2009/08/12 16:39:35 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\SulusGames
[2008/04/27 20:40:14 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Template
[2009/04/20 16:30:20 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\TikGames
[2009/09/22 19:27:36 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\TikisLab
[2009/11/02 23:29:50 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\TitanicMystery
[2009/05/02 17:48:33 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Twintale Entertainment
[2008/06/30 16:42:13 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ubi.com
[2009/03/28 16:24:37 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Ubisoft
[2009/04/18 09:58:14 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\UClick
[2008/08/01 09:01:08 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Ulead Systems
[2008/08/03 22:13:31 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\UNOUndercover
[2009/11/28 18:41:57 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\URSE Games
[2009/07/10 22:20:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\V-Games
[2009/01/16 23:12:35 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Valusoft
[2009/09/28 18:47:40 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\VampireSaga
[2009/02/05 12:21:57 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\ViquaSoft
[2008/05/01 11:51:10 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\WinBatch
[2009/07/17 17:48:41 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\YoudaGames
[2009/02/22 19:05:13 | 00,000,000 | ---D | M] -- C:\Users\Kendal&Emily\AppData\Roaming\Zylom
[2009/12/17 11:15:12 | 00,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/04/23 17:18:49 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/04/23 17:18:49 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007/12/11 18:37:40 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\drivers\atapi.sys
[2007/12/11 18:37:40 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4db4e301\atapi.sys
[2007/12/11 18:37:40 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20693_none_db7d35eb3dc727cc\atapi.sys
[2008/04/23 17:18:49 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/04/23 17:18:49 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 06:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 16:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys
[2007/07/12 16:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007/07/12 16:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
[2008/06/02 17:49:48 | 00,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2008/06/02 17:49:48 | 00,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Windows\System32\drivers\iaStor.sys
[2008/06/02 17:49:48 | 00,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_27dcf4f5\iaStor.sys
[2008/06/02 17:50:10 | 00,382,488 | ---- | M] (Intel Corporation) MD5=3C4CD264B04D79A43A0F124C067BA08E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


I am no longer getting the annoying pop ups any more which is great :-)

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:01 AM

Posted 17 December 2009 - 09:02 AM

You did fine. The shows it worked correctly.

Please update Malwarebytes and run another quick scan for me.
Post back with the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 emilyc

emilyc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 17 December 2009 - 09:11 AM

Ran MBAM again and this is the report:

Malwarebytes' Anti-Malware 1.42
Database version: 3379
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

17/12/2009 14:09:38
mbam-log-2009-12-17 (14-09-38).txt

Scan type: Quick Scan
Objects scanned: 102438
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Nothing malicious found.

Thank you so so much for all your help, I wouldn't have had a clue where to start! Hope you have a lovely Christmas.

Emily

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:01 AM

Posted 17 December 2009 - 09:14 AM

That's what I like to see! :(

Happy Holidays to you also!


Now we'll remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:01 AM

Posted 26 December 2009 - 08:16 PM

Now that your problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users