Jump to content

New Job - Work Computer Infected with Tazinga - Perhaps More

stephani
 Share

Recommended Posts

stephani

stephani

Posted
Posted

Hello, and TIA for any and all help!

I've just started a new job and the computer I'm working on is infected with the Tazinga hijacker "whatever", but also possibly infected with other issues I've been unable to sniff out.

I'm only slightly familiar with removing things like this, so, please be patient with me and forgive my ignorance.

I've run Malwarebytes, the free version, which originally removed a total of 8 problems, but I'm still getting a redirect to "bang the bomb" which after a wee bit of research I learned is traced back to Tazinga... is this correct?

Anywho - I would love to have a nice, clean system, in good working order here on this new job; please help! :)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello stephani and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow our instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post the log files in your next reply.

Link to post
Share on other sites
stephani

stephani

Posted
  • Author
Posted

Hi Maniac, and thanks for your help.

I apologize in advance for being clueless, and I'm sure this is going to require you walking me through a lot of things that would be simple for other.

Anyway, the computer I'm using seems to have AVG installed as an anti-virus. I've tried to uninstall it as I simply wanted to start from scratch with a new anti-virus, but the uninstaller will not open.

I've tried uninstalling it through the control panel (Windows XP) and I've also tried uninstalling it with RevoUninstaller.

Furthermore, it will not open - full stop - so I can't access or disable any settings, and therefore DDS doesn't seem to be functioning properly.

It loads and runs but it takes much longer than three minutes and no log files are ever created for me to save and then post here in turn.

I'm unsure what to do at this point.

Thank you so much for your help, and I patiently await your reply.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Let's try this way:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites
stephani

stephani

Posted
  • Author
Posted

Thanks again, Maniac.

Here is the OTL.Txt -

OTL logfile created on: 7/19/2012 10:51:11 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\RATLIFF\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.01 Mb Total Physical Memory | 619.23 Mb Available Physical Memory | 62.55% Memory free

2.33 Gb Paging File | 1.93 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 127.94 Gb Free Space | 85.87% Space Free | Partition Type: NTFS

Computer Name: RATLIFF0-850783 | User Name: RATLIFF | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 09:43:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RATLIFF\Desktop\OTL.exe

PRC - [2012/07/18 10:51:15 | 000,046,080 | ---- | M] () -- C:\WINDOWS\system32\goempthnhvhggp.exe

PRC - [2012/07/17 01:15:21 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe

PRC - [2012/07/09 17:30:37 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/06/02 19:51:26 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/18 10:51:15 | 000,046,080 | ---- | M] () -- C:\WINDOWS\system32\goempthnhvhggp.exe

MOD - [2012/07/09 17:30:37 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/18 10:51:15 | 000,046,080 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\goempthnhvhggp.exe -- (AMService)

SRV - [2012/07/12 13:12:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/09 17:30:37 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)

SRV - [2012/07/07 16:03:09 | 000,069,120 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\nolmm.exe -- (nolmm)

SRV - [2012/07/06 12:31:51 | 000,069,120 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\gregev.exe -- (gregev)

SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2009/10/14 19:59:54 | 000,099,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)

SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)

DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)

DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)

DRV - [2008/08/18 11:24:40 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ICDUSB3.sys -- (ICDUSB3)

DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2006/09/05 23:13:42 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/05/16 21:03:24 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/03/17 04:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {5E93D346-AAA7-46FB-9D62-056DAFDF1E70}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{5E93D346-AAA7-46FB-9D62-056DAFDF1E70}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=393&systemid=1&q={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {5E93D346-AAA7-46FB-9D62-056DAFDF1E70}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {5E93D346-AAA7-46FB-9D62-056DAFDF1E70}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://interland6.donorperfect.net/prod/login.asp

IE - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\..\SearchScopes\{5E93D346-AAA7-46FB-9D62-056DAFDF1E70}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=

IE - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en

IE - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={17C7271A-E035-43F0-8084-1D41882A1E8C}&mid=4d4c425a5e5447d687d3d151cd9d43e5-261be5895a40f01a8e6ba40fcaf5155aacc3c593〈=en&ds=AVG&pr=fr&d=2012-04-30 21:43:17&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/07/12 11:57:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/12 11:56:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/12 11:57:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/12 11:56:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/02 19:51:57 | 000,000,000 | ---D | M]

[2012/01/26 18:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RATLIFF\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://myblogguest.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://myblogguest.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll

CHR - Extension: Bible = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf\2.2_0\

CHR - Extension: Craigslist Notification = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aenadocogjnkbmchfnkpipdinoleakbj\1.1.0.52_0\

CHR - Extension: Wikipedia = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahdklmkchmokhfhaelgdecgpbijflalk\9000.1_0\

CHR - Extension: craigslist pop. = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aikbdokcmcbbeaadpdbhlcdcgghdkhja\2.31_0\

CHR - Extension: Google Drive = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\

CHR - Extension: YouTube = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Strawberry Pal Menstrual Calendar = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmeafmbadejchdjffdbdjdkcgfmlhjmh\0.9.2_0\

CHR - Extension: Facebook = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\

CHR - Extension: AddThis - Share & Bookmark (new) = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\

CHR - Extension: Strict Pomodoro = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\1.5.0.5_0\

CHR - Extension: Google Search = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Timer = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd\1.7.6_0\

CHR - Extension: Google Calendar = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\

CHR - Extension: Silver Bird = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.12_0\

CHR - Extension: YoWindow Weather = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.33_1\

CHR - Extension: Full Screen Weather = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\

CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\

CHR - Extension: Checker Plus for Google Calendar\u2122 = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\9.1_0\

CHR - Extension: Eye Dropper = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.6_0\

CHR - Extension: Cloud Reader = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.0.0.0_0\

CHR - Extension: Cool Clock = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce\2.4_0\

CHR - Extension: The Weather Channel for Chrome = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\

CHR - Extension: Weather Window by WeatherBug = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\

CHR - Extension: Twitter Notifier = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn\4.1.1_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Klout (beta) = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak\1.5_0\

CHR - Extension: Craigslist Preview = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmcbgcbedienblgnfeecolmmcgocefnf\1.0.17_0\

CHR - Extension: Livemocha = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmkikcingejeblbcmenlnomdjnahebnp\1.2_0\

CHR - Extension: Google Voice (by Google) = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\

CHR - Extension: Stashmarks = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdcfbakjhnnjcjdcledhhcmhejepgnkf\0.0.14_0\

CHR - Extension: Totoro Rainy Day = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff\1.15_0\

CHR - Extension: Google Maps = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\

CHR - Extension: Session Manager = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.3_0\

CHR - Extension: QuickTasks for Google Tasks\u2122 = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oajcndmcnpneaginggljpobbbdngkkko\1.0_0\

CHR - Extension: Walmart.com = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oeolnjcppplpdhapfhojgneaffdkomdo\0.1_0\

CHR - Extension: Checker Plus for Gmail\u2122 = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\10.1_0\

CHR - Extension: Readability = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi\1.10_0\

CHR - Extension: Born for Twitter = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfpkfkhhigghmggnhfjdfjiihmeancof\2012.5.22.2_0\

CHR - Extension: Google Reader = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\

CHR - Extension: Gmail = C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/14 00:09:56 | 000,000,882 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 94.63.147.16 www.google.com

O1 - Hosts: 94.63.147.17 www.bing.com

O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKU\S-1-5-21-220523388-2025429265-1801674531-1003..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Driver performer.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-220523388-2025429265-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.155.216.122 207.59.153.242

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24BE3128-0BB7-420D-825F-50F4AD99943A}: DhcpNameServer = 66.155.216.122 207.59.153.242

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/04/16 11:53:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{87860aaf-03f4-11e1-a49d-00188b79aa16}\Shell - "" = AutoRun

O33 - MountPoints2\{87860aaf-03f4-11e1-a49d-00188b79aa16}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{87860aaf-03f4-11e1-a49d-00188b79aa16}\Shell\AutoRun\command - "" = E:\laucher.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 09:43:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RATLIFF\Desktop\OTL.exe

[2012/07/19 09:39:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012/07/18 19:55:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\RATLIFF\Desktop\dds.scr

[2012/07/18 11:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\VS Revo Group

[2012/07/18 11:25:38 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys

[2012/07/18 11:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro

[2012/07/18 11:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/07/16 15:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\My Documents\Downloads

[2012/07/16 10:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Start Menu\Programs\Google Chrome

[2012/07/16 10:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\Deployment

[2012/07/13 14:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Malwarebytes

[2012/07/13 14:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/13 14:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/07/13 14:51:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/07/13 14:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/07/13 13:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Desktop\Photos

[2012/07/12 11:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\AVG Secure Search

[2012/07/12 11:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2012/07/12 11:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG

[2012/07/12 11:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search

[2012/07/12 11:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\AVG Secure Search

[2012/07/12 11:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

[2012/07/12 11:56:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2012/07/12 11:56:49 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012/07/12 11:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\AVG2012

[2012/07/12 11:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2012/07/12 11:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Start Menu\Programs\NetAssistant

[2012/07/12 11:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com

[2012/07/12 11:56:00 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/07/11 14:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Ylip

[2012/07/05 09:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\php

[2012/07/03 10:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real

[2012/07/02 15:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Desktop\Development P&P

[2012/07/02 10:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Desktop\Sandi Knight Moore

[2012/07/01 15:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2012/07/01 15:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2012/06/30 20:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Tyze

[2012/06/30 20:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Teybk

[2012/06/30 20:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Axled

[2012/06/30 15:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Yqdu

[2012/06/30 15:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Vigok

[2012/06/30 15:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Ickydy

[2012/06/29 21:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Ulole

[2012/06/29 13:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Ukfu

[2012/06/29 13:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Qyyn

[2012/06/29 13:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Kiiwif

[2012/06/28 01:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Ydyzt

[2012/06/28 01:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Izyzep

[2012/06/28 01:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Epluy

[2012/06/27 00:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Ms_dir_

[2012/06/27 00:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Uxni

[2012/06/27 00:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Ofac

[2012/06/27 00:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Bianso

[2012/06/26 14:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Desktop\Coffee Shop

[2012/06/26 10:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Applications

[2012/06/25 15:39:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2012/06/25 15:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings

[2012/06/25 09:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Olne

[2012/06/25 09:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Boqufu

[2012/06/25 09:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RATLIFF\Application Data\Biovru

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/19 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At36.job

[2012/07/19 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2012/07/19 10:33:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/19 10:20:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-2025429265-1801674531-1003UA.job

[2012/07/19 10:12:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/07/19 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At35.job

[2012/07/19 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2012/07/19 09:43:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RATLIFF\Desktop\OTL.exe

[2012/07/19 09:39:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/07/19 09:38:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/19 09:38:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-2025429265-1801674531-1003.job

[2012/07/19 09:37:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/07/18 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At46.job

[2012/07/18 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2012/07/18 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At45.job

[2012/07/18 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2012/07/18 19:55:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\RATLIFF\Desktop\dds.scr

[2012/07/18 19:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At44.job

[2012/07/18 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2012/07/18 18:00:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At43.job

[2012/07/18 18:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2012/07/18 17:00:10 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At42.job

[2012/07/18 17:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2012/07/18 16:19:07 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Desktop\New Promo Vid.MSWMM

[2012/07/18 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At41.job

[2012/07/18 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2012/07/18 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At40.job

[2012/07/18 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2012/07/18 14:00:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At39.job

[2012/07/18 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2012/07/18 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At38.job

[2012/07/18 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2012/07/18 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At37.job

[2012/07/18 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2012/07/18 11:54:25 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/18 11:25:40 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/07/18 11:25:40 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2012/07/18 10:51:27 | 000,294,018 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll

[2012/07/18 10:51:15 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\goempthnhvhggp.exe

[2012/07/17 20:05:20 | 008,577,024 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Desktop\Lovelady Spring 2011.MSWMM

[2012/07/17 11:42:32 | 000,113,869 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Desktop\image001.jpg

[2012/07/17 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At34.job

[2012/07/17 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2012/07/17 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At33.job

[2012/07/17 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2012/07/17 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At32.job

[2012/07/17 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2012/07/17 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At31.job

[2012/07/17 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2012/07/17 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At30.job

[2012/07/17 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2012/07/17 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At29.job

[2012/07/17 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2012/07/17 03:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At28.job

[2012/07/17 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2012/07/17 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At27.job

[2012/07/17 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2012/07/17 01:20:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-2025429265-1801674531-1003Core.job

[2012/07/17 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At26.job

[2012/07/17 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2012/07/17 00:32:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At25.job

[2012/07/17 00:09:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2012/07/16 23:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At48.job

[2012/07/16 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2012/07/16 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At47.job

[2012/07/16 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2012/07/16 14:49:25 | 000,154,467 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Desktop\article pending.JPG

[2012/07/16 10:12:09 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Desktop\Google Chrome.lnk

[2012/07/16 10:12:09 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/07/13 17:50:12 | 000,436,388 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/07/13 17:50:12 | 000,068,966 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/07/13 14:51:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/13 03:18:03 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/13 03:01:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/07/12 12:47:40 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Desktop\Microsoft Word 2010.lnk

[2012/07/07 19:48:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-2025429265-1801674531-1003.job

[2012/07/07 16:03:09 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\nolmm.exe

[2012/07/07 15:52:04 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\uolmd.exe

[2012/07/07 15:50:47 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\vservf.exe

[2012/07/06 12:56:14 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\wregew.exe

[2012/07/06 12:53:34 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\cwinr.exe

[2012/07/06 12:45:43 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\zprotz.exe

[2012/07/06 12:44:38 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\ccodr.exe

[2012/07/06 12:41:27 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\yregex.exe

[2012/07/06 12:39:37 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\fservu.exe

[2012/07/06 12:35:29 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\rwinr.exe

[2012/07/06 12:35:21 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\xregex.exe

[2012/07/06 12:35:14 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\unixu.exe

[2012/07/06 12:31:51 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\gregev.exe

[2012/07/06 12:30:39 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\wservw.exe

[2012/07/06 12:29:41 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\lnixl.exe

[2012/07/06 12:28:10 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\tnixt.exe

[2012/07/06 12:28:06 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\iteryx.exe

[2012/07/06 12:27:56 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\swins.exe

[2012/07/06 12:27:52 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\yteryy.exe

[2012/07/06 12:27:08 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\zproty.exe

[2012/07/06 12:26:47 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\yteryx.exe

[2012/07/06 12:26:39 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\kwinz.exe

[2012/07/06 12:25:59 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\hteryx.exe

[2012/07/06 12:25:00 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\bprotq.exe

[2012/07/06 12:22:26 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\volmv.exe

[2012/07/06 12:20:22 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\jwinz.exe

[2012/07/06 12:18:53 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\molmm.exe

[2012/07/06 12:18:47 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\dnixs.exe

[2012/07/06 12:17:13 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\scods.exe

[2012/07/06 12:15:18 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\tcods.exe

[2012/07/06 12:14:22 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\qteryq.exe

[2012/07/06 12:11:16 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\hteryw.exe

[2012/07/06 11:54:55 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\gservv.exe

[2012/07/06 11:46:31 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\dolmd.exe

[2012/07/06 11:32:09 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\jproty.exe

[2012/07/06 11:30:12 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\enixt.exe

[2012/07/06 11:26:58 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\eserve.exe

[2012/07/06 11:15:38 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\cnixc.exe

[2012/07/06 11:10:28 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\iteryy.exe

[2012/07/06 11:09:50 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\rprotr.exe

[2012/07/06 11:09:41 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\uolmu.exe

[2012/07/06 11:02:16 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\qprotq.exe

[2012/07/06 10:56:20 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\pregeo.exe

[2012/07/06 10:55:46 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\oservn.exe

[2012/07/06 10:55:43 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\iprotx.exe

[2012/07/06 10:55:39 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\dcods.exe

[2012/07/06 10:55:20 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\folmu.exe

[2012/07/06 10:55:05 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\hregew.exe

[2012/07/06 10:54:54 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\unixt.exe

[2012/07/06 10:54:47 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\gregew.exe

[2012/07/06 10:54:32 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\ccods.exe

[2012/07/06 10:54:13 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\bwinr.exe

[2012/07/06 10:53:58 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\lcodk.exe

[2012/07/06 10:53:32 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\oregeo.exe

[2012/07/06 10:53:24 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\oregen.exe

[2012/07/06 10:53:21 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\jprotz.exe

[2012/07/06 10:53:13 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\mnixl.exe

[2012/07/06 10:53:06 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\swinr.exe

[2012/07/06 10:53:02 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\kcodj.exe

[2012/07/06 10:52:58 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\fservv.exe

[2012/07/06 09:48:02 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/07/06 09:25:07 | 090,898,944 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Desktop\Rulebook.pub

[2012/07/05 09:50:05 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\RATLIFF\uz.dat

[2012/07/04 19:24:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/07/03 17:22:29 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\khq

[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/06/30 11:29:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/06/24 09:30:02 | 000,033,758 | ---- | M] () -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\dt.dat

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 16:19:05 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Desktop\New Promo Vid.MSWMM

[2012/07/18 11:25:40 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/07/18 11:25:40 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2012/07/18 10:58:27 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\{eb2c9336-ff1e-2c1c-3e68-7fde44088ab0}\U\80000032.@

[2012/07/18 10:51:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\goempthnhvhggp.exe

[2012/07/17 11:42:38 | 000,113,869 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Desktop\image001.jpg

[2012/07/16 14:49:25 | 000,154,467 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Desktop\article pending.JPG

[2012/07/16 10:12:09 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Desktop\Google Chrome.lnk

[2012/07/16 10:12:09 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/07/16 10:10:48 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-2025429265-1801674531-1003UA.job

[2012/07/16 10:10:47 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-2025429265-1801674531-1003Core.job

[2012/07/13 14:51:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/07 16:03:09 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\nolmm.exe

[2012/07/07 15:52:04 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\uolmd.exe

[2012/07/07 15:50:47 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\vservf.exe

[2012/07/06 12:56:14 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\wregew.exe

[2012/07/06 12:53:34 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\cwinr.exe

[2012/07/06 12:45:43 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\zprotz.exe

[2012/07/06 12:44:38 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\ccodr.exe

[2012/07/06 12:41:27 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\yregex.exe

[2012/07/06 12:39:37 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\fservu.exe

[2012/07/06 12:35:29 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\rwinr.exe

[2012/07/06 12:35:21 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\xregex.exe

[2012/07/06 12:35:14 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\unixu.exe

[2012/07/06 12:31:51 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\gregev.exe

[2012/07/06 12:30:39 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\wservw.exe

[2012/07/06 12:29:41 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\lnixl.exe

[2012/07/06 12:28:10 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\tnixt.exe

[2012/07/06 12:28:06 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\iteryx.exe

[2012/07/06 12:27:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\swins.exe

[2012/07/06 12:27:52 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\yteryy.exe

[2012/07/06 12:27:08 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\zproty.exe

[2012/07/06 12:26:47 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\yteryx.exe

[2012/07/06 12:26:39 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\kwinz.exe

[2012/07/06 12:25:59 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\hteryx.exe

[2012/07/06 12:25:00 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\bprotq.exe

[2012/07/06 12:22:26 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\volmv.exe

[2012/07/06 12:20:22 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\jwinz.exe

[2012/07/06 12:18:53 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\molmm.exe

[2012/07/06 12:18:47 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\dnixs.exe

[2012/07/06 12:17:13 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\scods.exe

[2012/07/06 12:15:18 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\tcods.exe

[2012/07/06 12:14:22 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\qteryq.exe

[2012/07/06 12:11:16 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\hteryw.exe

[2012/07/06 11:54:55 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\gservv.exe

[2012/07/06 11:46:31 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\dolmd.exe

[2012/07/06 11:32:09 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\jproty.exe

[2012/07/06 11:30:12 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\enixt.exe

[2012/07/06 11:26:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\eserve.exe

[2012/07/06 11:15:38 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\cnixc.exe

[2012/07/06 11:10:28 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\iteryy.exe

[2012/07/06 11:09:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\rprotr.exe

[2012/07/06 11:09:41 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\uolmu.exe

[2012/07/06 11:02:16 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\qprotq.exe

[2012/07/06 10:56:20 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\pregeo.exe

[2012/07/06 10:55:46 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\oservn.exe

[2012/07/06 10:55:43 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\iprotx.exe

[2012/07/06 10:55:39 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\dcods.exe

[2012/07/06 10:55:20 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\folmu.exe

[2012/07/06 10:55:05 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\hregew.exe

[2012/07/06 10:54:54 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\unixt.exe

[2012/07/06 10:54:47 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\gregew.exe

[2012/07/06 10:54:32 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\ccods.exe

[2012/07/06 10:54:13 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\bwinr.exe

[2012/07/06 10:53:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\lcodk.exe

[2012/07/06 10:53:32 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\oregeo.exe

[2012/07/06 10:53:24 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\oregen.exe

[2012/07/06 10:53:21 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\jprotz.exe

[2012/07/06 10:53:13 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\mnixl.exe

[2012/07/06 10:53:06 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\swinr.exe

[2012/07/06 10:53:02 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\kcodj.exe

[2012/07/06 10:52:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\fservv.exe

[2012/07/06 09:48:02 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/07/05 09:50:05 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\RATLIFF\uz.dat

[2012/07/03 17:22:29 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\khq

[2012/07/03 12:00:30 | 090,898,944 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Desktop\Rulebook.pub

[2012/07/03 09:53:49 | 000,095,744 | ---- | C] () -- C:\WINDOWS\Installer\{eb2c9336-ff1e-2c1c-3e68-7fde44088ab0}\U\80000032.@

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At48.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At47.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At46.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At45.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At44.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At43.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At42.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At41.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At40.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At39.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At38.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At37.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At36.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At35.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At34.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At33.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At32.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At31.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At30.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At29.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At28.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At27.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At26.job

[2012/06/28 01:45:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At25.job

[2012/06/28 01:45:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2012/06/28 01:45:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2012/06/28 01:45:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2012/06/28 01:45:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2012/06/28 01:45:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2012/06/28 01:45:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2012/06/28 01:45:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2012/06/28 01:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2012/06/24 09:30:02 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\dt.dat

[2012/06/14 15:23:23 | 000,294,018 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll

[2012/05/29 16:31:17 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Application Data\C0339E.dat

[2012/05/20 23:22:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/05/20 23:05:14 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{eb2c9336-ff1e-2c1c-3e68-7fde44088ab0}\L\00000004.@

[2012/04/09 19:46:16 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-amEI72bzOAgP6Dr

[2012/04/09 19:46:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-amEI72bzOAgP6D

[2012/04/09 19:46:11 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amEI72bzOAgP6D

[2012/03/26 14:59:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll

[2012/03/26 14:56:46 | 000,124,264 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll

[2012/03/26 14:56:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll

[2012/03/26 14:56:46 | 000,010,600 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll

[2012/03/07 20:24:56 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~0nULkEqMfexc59

[2012/03/07 20:24:56 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~0nULkEqMfexc59r

[2012/03/07 20:24:50 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0nULkEqMfexc59

[2012/02/14 18:24:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/17 15:08:49 | 000,005,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qjaxlkio.dss

[2011/11/21 16:16:17 | 000,057,028 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/10/31 16:35:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI

[2011/10/31 13:30:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2011/05/17 12:01:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/05/14 13:46:57 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/16 12:00:42 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2011/04/16 11:56:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/04/16 11:50:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/13 18:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{eb2c9336-ff1e-2c1c-3e68-7fde44088ab0}\@

[2008/04/13 18:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\RATLIFF\Local Settings\Application Data\{eb2c9336-ff1e-2c1c-3e68-7fde44088ab0}\@

========== LOP Check ==========

[2012/07/12 11:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2011/07/11 10:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/07/13 18:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2012/07/12 11:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2011/04/16 12:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2012/01/18 14:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deskshare

[2012/07/18 19:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/11/02 14:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch

[2012/02/06 18:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/04/18 16:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2012/04/18 15:58:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2011/10/29 16:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/05/03 16:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software

[2012/04/21 16:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TuneUp Software

[2012/07/12 11:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Amazon

[2012/01/06 15:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\AnvSoft

[2012/06/07 06:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Aqonmi

[2012/07/12 11:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\AVG Secure Search

[2011/04/16 12:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\AVG10

[2012/07/12 11:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\AVG2012

[2012/06/30 20:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Axled

[2012/06/05 00:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Beydsy

[2012/06/27 00:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Bianso

[2012/06/25 09:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Biovru

[2012/06/25 09:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Boqufu

[2011/09/20 12:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Canon

[2012/06/04 15:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Entyid

[2012/06/28 01:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Epluy

[2012/06/05 15:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Epukzy

[2011/10/31 16:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Get from YouTube

[2012/06/30 15:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Ickydy

[2011/06/23 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\imeshbandmltbpi

[2011/11/01 11:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Import Audio from Video

[2012/06/05 19:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Itasli

[2012/06/04 15:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Izukp

[2012/06/28 01:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Izyzep

[2012/06/11 14:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Kemeoh

[2012/06/29 13:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Kiiwif

[2012/01/17 15:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\MOVAVI

[2012/06/27 08:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Ms_dir_

[2012/06/27 00:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Ofac

[2012/06/25 09:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Olne

[2012/06/05 19:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Oraxob

[2011/11/07 19:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Power Sound Editor Free

[2012/06/05 14:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Qeguf

[2012/06/29 13:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Qyyn

[2012/06/05 14:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Rupuan

[2012/06/04 15:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Teav

[2012/07/01 08:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Teybk

[2012/04/18 15:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\TuneUp Software

[2012/06/30 20:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Tyze

[2012/06/29 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Ukfu

[2012/06/30 12:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Ulole

[2012/06/27 08:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Uxni

[2012/06/30 15:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Vigok

[2012/01/03 15:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\WeatherBug

[2012/01/17 13:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Winff

[2011/07/05 11:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Xerox

[2012/06/08 08:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Xete

[2012/06/28 01:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Ydyzt

[2012/07/11 14:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Ylip

[2012/06/05 15:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Ypwy

[2012/07/01 08:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Yqdu

[2012/06/08 08:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Yroc

[2012/06/08 08:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RATLIFF\Application Data\Ywuqc

[2012/07/17 00:09:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2012/07/17 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2012/07/19 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2012/07/19 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2012/07/18 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2012/07/18 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2012/07/18 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2012/07/18 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2012/07/18 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2012/07/18 17:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2012/07/18 18:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2012/07/17 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2012/07/18 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2012/07/18 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2012/07/18 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2012/07/16 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2012/07/16 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2012/07/17 00:32:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job

[2012/07/17 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job

[2012/07/17 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job

[2012/07/17 03:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job

[2012/07/17 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job

[2012/07/17 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2012/07/17 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job

[2012/07/17 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job

[2012/07/17 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job

[2012/07/17 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job

[2012/07/17 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job

[2012/07/19 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job

[2012/07/19 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job

[2012/07/18 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job

[2012/07/18 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job

[2012/07/18 14:00:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job

[2012/07/17 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2012/07/18 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job

[2012/07/18 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job

[2012/07/18 17:00:10 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job

[2012/07/18 18:00:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job

[2012/07/18 19:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job

[2012/07/18 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job

[2012/07/18 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job

[2012/07/16 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job

[2012/07/16 23:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job

[2012/07/17 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2012/07/17 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2012/07/17 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2012/07/17 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2012/07/17 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

< End of report >

And here is the Extras.Txt -

OTL Extras logfile created on: 7/19/2012 10:51:11 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\RATLIFF\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.01 Mb Total Physical Memory | 619.23 Mb Available Physical Memory | 62.55% Memory free

2.33 Gb Paging File | 1.93 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 127.94 Gb Free Space | 85.87% Space Free | Partition Type: NTFS

Computer Name: RATLIFF0-850783 | User Name: RATLIFF | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-220523388-2025429265-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 24

"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E0C89A4-4040-47C7-AD0C-0E8226B6AFE2}" = AVG 2012

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8

"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3

"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12

"ATI Display Driver" = ATI Display Driver

"AVG" = AVG 2012

"CAL" = Canon Camera Access Library

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CSCLIB" = Canon Camera Support Core Library

"Digital Media Converter Pro [4.0]_is1" = Digital Media Converter Pro 4.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Office14.SingleImage" = Microsoft Office Professional 2010

"Original Data Security Tools" = Canon Utilities Original Data Security Tools

"PhotoStitch" = Canon Utilities PhotoStitch

"RealPlayer 15.0" = RealPlayer

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xerox_Support_Centre" = Xerox Support Centre

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-2025429265-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"NetAssistant 3.8.3" = Freeze.com NetAssistant

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/12/2012 12:12:54 PM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 7/12/2012 12:19:15 PM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 7/12/2012 12:24:48 PM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 7/12/2012 12:31:13 PM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 7/12/2012 12:42:03 PM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 7/12/2012 12:54:30 PM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 7/12/2012 1:00:27 PM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 7/12/2012 1:07:42 PM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 7/13/2012 4:18:29 AM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

Error - 7/18/2012 6:13:17 PM | Computer Name = RATLIFF0-850783 | Source = WinMgmt | ID = 28

Description = WinMgmt could not initialize the core parts. This could be due to

a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient

disk space or insufficient memory.

[ System Events ]

Error - 7/19/2012 10:39:35 AM | Computer Name = RATLIFF0-850783 | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 7/19/2012 10:39:35 AM | Computer Name = RATLIFF0-850783 | Source = Service Control Manager | ID = 7024

Description = The AVGIDSAgent service terminated with service-specific error 3758213659

(0xE001CA1B).

Error - 7/19/2012 10:39:44 AM | Computer Name = RATLIFF0-850783 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Avgldx86

Error - 7/19/2012 10:39:44 AM | Computer Name = RATLIFF0-850783 | Source = Service Control Manager | ID = 7034

Description = The Common Integration Service service terminated unexpectedly. It

has done this 1 time(s).

Error - 7/19/2012 10:39:44 AM | Computer Name = RATLIFF0-850783 | Source = Service Control Manager | ID = 7034

Description = The Windows Print Provider service terminated unexpectedly. It has

done this 1 time(s).

Error - 7/19/2012 11:00:00 AM | Computer Name = RATLIFF0-850783 | Source = Schedule | ID = 7901

Description = The At11.job command failed to start due to the following error: %%2147942402

Error - 7/19/2012 11:00:00 AM | Computer Name = RATLIFF0-850783 | Source = Schedule | ID = 7901

Description = The At35.job command failed to start due to the following error: %%2147942402

Error - 7/19/2012 11:08:20 AM | Computer Name = RATLIFF0-850783 | Source = Service Control Manager | ID = 7034

Description = The AMService service terminated unexpectedly. It has done this 1

time(s).

Error - 7/19/2012 12:00:00 PM | Computer Name = RATLIFF0-850783 | Source = Schedule | ID = 7901

Description = The At12.job command failed to start due to the following error: %%2147942402

Error - 7/19/2012 12:00:00 PM | Computer Name = RATLIFF0-850783 | Source = Schedule | ID = 7901

Description = The At36.job command failed to start due to the following error: %%2147942402

< End of report >

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
stephani

stephani

Posted
  • Author
Posted

Hi Maniac,

After explaining the severity of this issue to those in charge, here where I work, they've decided to retire the infected machine and have supplied me with a different one.

Thank you for your gracious time and assistance.

Best wishes to you!

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.