Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSNmgr.exe:Bad image


  • This topic is locked This topic is locked
13 replies to this topic

#1 redhot1n

redhot1n

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 14 January 2010 - 05:57 PM

Last week my computer contracted the antivirus pc 2009 virus. I restored my computer and ran Malware antibytes and it cleaned over 20 files off my computer. Then today I received the AntiVirus PC2009 virus again. I restored my computer again and I went to your virus page and followed the steps there to kill the virus and then ran the Malware antibytes again which showed 76 files and removed those. When my computer rebooted the following error appeared upon restarting:
The application or DLL C:\program files\windows live\messenger\msimg32.dll is not a valid windows image please check.

I then removed all my messenger programs and restarted and still received the same error.

So as I precaution I have come to you guys to see if you can help identify the current virus to help me remove it an stop the antivirus from recurring. I ran the dds, attach and ark reports the dds is below:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Connie at 15:31:56.59 on Thu 01/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.528 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Connie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm176YYUS&fl=0&ptb=ew34V0hIUSU8WwOsrejumg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\tbuc5\CouponsBar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [LoadMSvcmm] "c:\program files\blockbuster\blockbustermovielink\Movielink User.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
LSP: bmnet.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203646457031
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-11 54752]
S0 hdaj;hdaj;c:\windows\system32\drivers\vkgxsoxo.sys --> c:\windows\system32\drivers\vkgxsoxo.sys [?]
S2 gupdate1c9b54e4b8646dc;Google Update Service (gupdate1c9b54e4b8646dc);c:\program files\google\update\GoogleUpdate.exe [2009-4-4 133104]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2007-10-18 109080]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-26 29744]

=============== Created Last 30 ================

2010-02-26 23:38:06 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-26 23:38:06 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-14 22:18:27 0 d-----w- c:\docume~1\connie\applic~1\MSNInstaller
2010-01-14 19:50:08 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-03 15:43:56 49992 ---ha-w- c:\windows\system32\mlfcache.dat

==================== Find3M ====================

2010-01-07 23:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-06-11 00:30:41 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-02-22 19:51:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022220090223\index.dat

============= FINISH: 15:32:35.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 PM

Posted 20 January 2010 - 04:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 redhot1n

redhot1n
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 January 2010 - 04:55 PM

OTL logfile created on: 1/20/2010 2:51:13 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Connie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.91 Gb Total Space | 11.55 Gb Free Space | 10.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DB038KF1
Current User Name: Connie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 14:50:42 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe
PRC - [2009/11/02 07:44:23 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/25 04:23:22 | 00,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/29 12:46:06 | 01,787,224 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/03/27 08:12:54 | 00,455,112 | ---- | M] (Blockbuster) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
PRC - [2009/03/27 08:12:28 | 01,867,720 | ---- | M] (Blockbuster) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/05 13:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/01/04 22:47:40 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/06 09:00:52 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/03 18:06:00 | 01,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/12/11 12:22:36 | 02,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007/12/11 12:22:36 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/12/11 12:22:12 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2007/11/01 14:39:28 | 00,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/10/18 11:08:32 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2007/08/28 13:54:58 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/07/27 15:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/07/09 21:21:56 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/07/09 21:03:06 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/07/09 20:58:38 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/07/09 20:58:34 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/07/09 20:58:30 | 00,162,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/07/03 12:57:38 | 01,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/05 21:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 13:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/01/20 14:50:42 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/04 10:53:36 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9b54e4b8646dc) Google Update Service (gupdate1c9b54e4b8646dc)
SRV - [2009/03/27 16:29:44 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/27 08:12:28 | 01,867,720 | ---- | M] (Blockbuster) [Auto | Running] -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe -- (Movielink Core Service)
SRV - [2009/01/04 22:47:40 | 00,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/06 09:00:52 | 00,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2007/12/11 12:22:36 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/10/18 11:08:42 | 00,109,080 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2007/10/18 11:08:32 | 00,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Running] -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2007/04/05 21:35:40 | 01,543,614 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/11 12:22:24 | 01,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 17:26:28 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2007/12/02 17:26:22 | 00,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 17:26:20 | 00,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 17:26:20 | 00,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/18 11:08:48 | 00,025,736 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/10/18 11:08:32 | 00,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/10/18 11:08:30 | 00,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/08/28 13:55:06 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 13:54:56 | 00,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/28 13:54:50 | 00,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/07/10 14:07:56 | 00,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 13:22:22 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 13:22:20 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 13:22:18 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/09 21:21:54 | 00,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/09 21:03:04 | 01,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/07/09 20:58:42 | 05,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/06/27 14:05:52 | 00,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 14:04:14 | 00,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/05/31 13:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/08 19:22:58 | 00,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/05/04 16:54:08 | 00,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimSerPort)
DRV - [2006/11/02 11:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 04 70 5D DB B3 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/06/12 07:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\extensions
[2009/06/12 07:26:22 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2004/08/04 04:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\tbuC5\CouponsBar.dll (Coupons, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\tbuC5\CouponsBar.dll (Coupons, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LoadMSvcmm] C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0) File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1203646457031 (WUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\PROGRA~1\FUNWEB~1\SCREEN~1\Images\f3wallpp.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Directory 5 for V11DesktopWallpaper[1].zip\DesktopWallpaper\countrylane86wp.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bb795472-d799-11dc-ba2c-0016447161a2}\Shell - "" = AutoRun
O33 - MountPoints2\{bb795472-d799-11dc-ba2c-0016447161a2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb795472-d799-11dc-ba2c-0016447161a2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 16:38:06 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/01/20 14:50:38 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe
[2010/01/14 15:36:36 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Connie\Desktop\RootRepeal.exe
[2010/01/14 15:18:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Connie\Application Data\MSNInstaller
[2010/01/14 12:44:57 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/12 17:04:11 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/07/22 07:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/05 09:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/04 10:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/03/19 16:30:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/10 10:00:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/02 15:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/02 20:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2008/02/02 20:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2008/01/26 15:57:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2004/08/10 11:57:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Connie\My Documents\*.tmp files -> C:\Documents and Settings\Connie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 18:13:10 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\christmas list 2010.doc
[2010/02/19 00:00:07 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/14 13:03:01 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Food List.xls
[2010/02/14 07:41:27 | 00,000,351 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Christmas Dinner.rtf
[2010/02/14 07:38:58 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Christmas breakfast.rtf
[2010/02/14 07:30:56 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Christmas party.rtf
[2010/02/12 20:56:35 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\Connie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 15:30:55 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Chase Griffis Resume Seattle.doc
[2010/02/09 08:35:08 | 00,346,624 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Christmas Invitation.doc
[2010/01/20 14:50:42 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe
[2010/01/20 14:49:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/20 13:24:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/20 07:49:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/20 07:17:29 | 00,443,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/20 07:17:28 | 00,524,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/20 07:17:28 | 00,072,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/20 07:13:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 07:13:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 07:13:10 | 10,632,97024 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/20 01:33:21 | 06,115,328 | ---- | M] () -- C:\Documents and Settings\Connie\ntuser.dat
[2010/01/20 01:32:30 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Connie\ntuser.ini
[2010/01/19 17:01:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/18 15:57:47 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\For Doug.xls
[2010/01/18 12:59:02 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Grocery List.doc
[2010/01/17 23:22:38 | 00,000,636 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Groceries.rtf
[2010/01/17 17:31:22 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\donna.doc
[2010/01/15 07:54:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/14 17:26:03 | 00,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/01/14 15:36:40 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Connie\Desktop\RootRepeal.exe
[2010/01/14 15:31:00 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\dds.scr
[2010/01/14 13:22:50 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 13:10:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/13 10:52:00 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Connie\My Documents\~$R_CS_Questionnaire[1][1].doc
[2010/01/12 22:46:27 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\BSR_CS_Questionnaire[1][1].doc
[2010/01/10 23:24:28 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\QLT COS 5 Isosceles Proof Attachment[1].doc
[2010/01/10 17:25:14 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/07 22:28:59 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Assignment 1 Transformation2010.doc
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/04 00:49:50 | 00,000,532 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\spider.sav
[2010/01/04 00:40:06 | 00,062,464 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\A Plan for Surviving P3, P4 and Maintenance.doc
[2010/01/03 19:15:39 | 00,000,291 | ---- | M] () -- C:\Documents and Settings\Connie\Application Data\iPod Access v4 Prefs
[2010/01/03 16:56:55 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\CruiseInfo.xls
[2010/01/03 08:43:56 | 00,049,992 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/03 08:43:44 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Connie\My Documents\*.tmp files -> C:\Documents and Settings\Connie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 13:23:31 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\christmas list 2010.doc
[2010/02/19 00:00:07 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/14 07:41:27 | 00,000,351 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Christmas Dinner.rtf
[2010/02/14 07:38:58 | 00,000,568 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Christmas breakfast.rtf
[2010/02/14 07:30:56 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Christmas party.rtf
[2010/02/10 15:30:54 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Chase Griffis Resume Seattle.doc
[2010/01/18 15:57:46 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\For Doug.xls
[2010/01/17 23:22:38 | 00,000,636 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Groceries.rtf
[2010/01/17 16:27:58 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\donna.doc
[2010/01/14 15:30:56 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Connie\Desktop\dds.scr
[2010/01/14 13:10:31 | 10,632,97024 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/13 10:52:00 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Connie\My Documents\~$R_CS_Questionnaire[1][1].doc
[2010/01/12 22:46:27 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\BSR_CS_Questionnaire[1][1].doc
[2010/01/12 12:08:56 | 00,033,669 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Connie (2).jpg
[2010/01/10 23:24:28 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\QLT COS 5 Isosceles Proof Attachment[1].doc
[2010/01/07 19:10:26 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Assignment 1 Transformation2010.doc
[2010/01/07 12:42:15 | 06,115,328 | ---- | C] () -- C:\Documents and Settings\Connie\ntuser.dat
[2010/01/04 00:49:50 | 00,000,532 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\spider.sav
[2010/01/03 16:14:00 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\CruiseInfo.xls
[2010/01/03 08:43:56 | 00,049,992 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/07 19:17:38 | 00,000,276 | ---- | C] () -- C:\Documents and Settings\Connie\Application Data\wklnhst.dat
[2009/08/03 20:49:38 | 00,145,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/05 14:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/08/31 20:25:46 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2008/02/20 23:18:57 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2008/02/06 15:10:27 | 00,049,664 | ---- | C] () -- C:\Documents and Settings\Connie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/02/02 20:09:35 | 00,025,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/01/31 21:58:26 | 00,000,291 | ---- | C] () -- C:\Documents and Settings\Connie\Application Data\iPod Access v4 Prefs
[2008/01/31 21:58:19 | 00,000,053 | -H-- | C] () -- C:\Documents and Settings\Connie\Application Data\iPodAccessv4_OwnerName
[2008/01/31 21:56:01 | 00,000,010 | -H-- | C] () -- C:\Documents and Settings\Connie\Application Data\iPodAccess_Time
[2008/01/31 18:09:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/26 15:57:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/26 15:50:04 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/01/26 15:42:30 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/26 15:34:32 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/01/26 15:34:30 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/01/26 15:06:53 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/01/26 15:06:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/01/26 15:06:50 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/01/26 15:05:17 | 00,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
< End of report >
OTL Extras logfile created on: 1/20/2010 2:51:13 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Connie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.91 Gb Total Space | 11.55 Gb Free Space | 10.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DB038KF1
Current User Name: Connie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:websrvx
"53:TCP" = 53:TCP:*:Enabled:websrvx

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E1B4C93-ECA6-48A7-9AA0-6D8197B2958E}" = Recipe Box
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{12C8466B-9E6E-4C0C-BBA3-F05EDF5C8ECA}" = Polar WebLink 2.4.11
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B5B1BD4-1450-355C-92AF-2DA0C9DF1A7F}" = PicLens for Internet Explorer
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A81BFA08-5D4C-4D4C-ACEF-BF558C70D99D}" = AT&T Communication Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F996DEB7-4AD7-4F15-84AA-114B8BE45911}" = Polar UpLink Tool
"{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}" = Supercast
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"3DGroove" = 3D Groove Playback Engine
"A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Ask Toolbar_is1" = Ask Toolbar
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"avast!" = avast! Antivirus
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon MP240 series User Registration" = Canon MP240 series User Registration
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"CANONBJ_Deinstall_CNMCP69.DLL" = Canon PIXMA iP6000D
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = Supercast
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Cricut DesignStudio" = Cricut DesignStudio
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVDFab 6_is1" = DVDFab 6.0.1.0 (May 15, 2009)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iPod Access for Windows_is1" = iPod Access for Windows v4.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Movielink Manager" = BLOCKBUSTER Movielink
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"MyPublisher" = MyPublisher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photodex Presenter" = Photodex Presenter
"ProShow Gold" = ProShow Gold
"SearchAssist" = SearchAssist
"Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.30
"SynTPDeinstKey" = Dell Touchpad
"The Journal 4_is1" = The Journal 4
"TTB000001.TTB000001Toolbar" = CouponBar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/10/2009 3:23:43 PM | Computer Name = DB038KF1 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 6/10/2009 3:26:46 PM | Computer Name = DB038KF1 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 6/10/2009 3:27:00 PM | Computer Name = DB038KF1 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

[ Application Events ]
Error - 11/19/2009 1:02:18 PM | Computer Name = DB038KF1 | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Mail -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2762. The arguments are: , ,

Error - 11/19/2009 1:02:21 PM | Computer Name = DB038KF1 | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 11/19/2009 1:02:22 PM | Computer Name = DB038KF1 | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 11/24/2009 11:12:17 AM | Computer Name = DB038KF1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2009 10:17:45 AM | Computer Name = DB038KF1 | Source = Google Update | ID = 20
Description =

Error - 11/26/2009 8:03:59 AM | Computer Name = DB038KF1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2009 11:30:58 AM | Computer Name = DB038KF1 | Source = Google Update | ID = 20
Description =

Error - 2/6/2010 3:06:50 PM | Computer Name = DB038KF1 | Source = Google Update | ID = 20
Description =

Error - 2/6/2010 9:24:36 PM | Computer Name = DB038KF1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2010 9:24:43 PM | Computer Name = DB038KF1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 1/19/2010 11:31:17 PM | Computer Name = DB038KF1 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/20/2010 12:19:43 AM | Computer Name = DB038KF1 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/20/2010 1:26:46 AM | Computer Name = DB038KF1 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/20/2010 2:21:31 AM | Computer Name = DB038KF1 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/20/2010 10:18:30 AM | Computer Name = DB038KF1 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/20/2010 10:54:03 AM | Computer Name = DB038KF1 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/20/2010 2:26:09 PM | Computer Name = DB038KF1 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/20/2010 3:20:36 PM | Computer Name = DB038KF1 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/20/2010 5:43:18 PM | Computer Name = DB038KF1 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/20/2010 5:52:15 PM | Computer Name = DB038KF1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Office XP Service Pack 3.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 PM

Posted 20 January 2010 - 05:05 PM

Hi,

please also provide a log from gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 redhot1n

redhot1n
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 January 2010 - 09:21 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 19:17:47
Windows 5.1.2600 Service Pack 3
Running: wbu77stp.exe; Driver: C:\DOCUME~1\Connie\LOCALS~1\Temp\kftoapow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\Drivers\OEM02Afx.sys entry point in "init" section [0xAA61E310]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3324] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3324] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3324] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3432] kernel32.dll!FindResourceW 7C80BC6E 5 Bytes JMP 0042AD00 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3432] kernel32.dll!FindResourceA 7C80BF29 5 Bytes JMP 0042ACC0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3432] USER32.dll!LoadStringW 7E419E36 5 Bytes JMP 0042AEE0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3432] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0042ADB0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3432] USER32.dll!LoadStringA 7E42C908 5 Bytes JMP 0042AF90 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3432] USER32.dll!LoadMenuW 7E42EB48 5 Bytes JMP 0042AE80 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3432] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 0042AD40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3432] USER32.dll!LoadMenuA 7E44FA83 5 Bytes JMP 0042AE20 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

Device \FileSystem\Fastfat \Fat A86F7D20
Device \FileSystem\Fastfat \Fat A8707428

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 PM

Posted 20 January 2010 - 09:36 PM

Hi,

please run the following fix with OTL:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "80:TCP" =-
    "53:TCP" =-

    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Regarding your issue with Windows Live Messenger please try the following:

Go to Start, click on control panel and select Add/Remove programs. There uninstall both versions of Messenger(and any Messenger add-ons').

Browse to 'C:\Program Files\MSN Messenger and completely remove that directory and its contents.
Browse to 'C:\Program Files\Windows Live\Messenger and completely remove that directory and its contents.
Reboot.
Then re-download and install the latest version of 'Live Messenger'.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 redhot1n

redhot1n
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 January 2010 - 10:05 PM

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\80:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\53:TCP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 5044570 bytes
->Temporary Internet Files folder emptied: 1192665 bytes

User: Administrator.DB038KF1
->Temp folder emptied: 49466 bytes
->Temporary Internet Files folder emptied: 321058 bytes

User: All Users

User: Connie
->Temp folder emptied: 3909991790 bytes
->Temporary Internet Files folder emptied: 48595787 bytes
->Java cache emptied: 62573438 bytes
->Apple Safari cache emptied: 1337440 bytes

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9545562 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32344347 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3432977 bytes
%systemroot%\System32\dllcache .tmp files removed: 23552 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28453695 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10979708 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 914294 bytes
RecycleBin emptied: 453214256 bytes

Total Files Cleaned = 4,356.00 mb


OTL by OldTimer - Version 3.1.25.2 log created on 01202010_194715

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QRG1I3\526groupID%253D0%2526userID%253D330279939%2526authorID%253D0%2526messageID%253D0%2526commentID%253D0%2526commentAuthorID%253D0%2526MyToken%253D521ff5b1-972f-4c7b-bc4b-45d9150fc1ee not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QRG1I3\CAWT454J._callback1&request=layout%3D2%26page%3D3907%26emitStyle%3D2%26minResult%3D10%26promotypes%3D75031%26promoStyles%3D48%26results%3D32%26query%3Dcutco%20chef%20knife not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QRG1I3\click,XKUDABV.BgAnBhQAY.IFAAIAbkYAAP8AAAABFAIAAgKergEA4OQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP-eF0kAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150dajoil%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QRG1I3\S3;channel=S3;parent=bcat277;site=bhg;child1=cat740073;id=rcPhotoSponsorId171;gender=0;age=0000;income=00;genderage=0_0000;ageincome=0000_00;genderincome=0_00;user=0_0000_[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QRG1I3\S3;channel=S3;parent=bcat277;site=bhg;child1=cat740073;id=rcPhotoSponsorId43;gender=0;age=0000;income=00;genderage=0_0000;ageincome=0000_00;genderincome=0_00;user=0_0000_0[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QRG1I3\S3;channel=S3;parent=bcat277;site=bhg;child1=cat740073;id=rcTextSponsorId167;gender=0;age=0000;income=00;genderage=0_0000;ageincome=0000_00;genderincome=0_00;user=0_0000_0[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\SXEVSDYN\;site=bhg;id=cat50002;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;pos=13;tile=13;sz=1x1;ord[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\SXEVSDYN\S3;channel=S3;site=bhg;id=S3;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;!category=pop;tile[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\SXEVSDYN\S3;channel=S3;site=bhg;id=S3;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;pos=14;tile=14;sz=[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLYJ096F\click,XKUDABV.BgA7BhQATPkDAAIAOkYAAP8AAAACFAIAAgKergEACfcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABLtGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150nv86mr%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLYJ096F\click,XKUDABV.BgAqDxMApR0HAAIAqkYAAP8AAAACFAIAAgKergEA-WgKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHxGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D1504kkut0%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLYJ096F\click,XKUDABV.BgBtyRQA4ZwGAAIAEkYAAP8AAAABFAIAAgKergEAX84JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFSbF0kAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150q6457d%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLYJ096F\click,XKUDABV.BgCshxMATPkDAAEArkYAAAMAAQACFAIAAgKergEACfcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHyGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150l5nhr5%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLYJ096F\click,XKUDABV.BgCshxMATPkDAAIApkYAAP8AAAACFAIAAgKergEACfcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDxGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150a4r7mv%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLYJ096F\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000005%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D696587213 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\R0LPVWGG\dref=http%253A%252F%252Fby108w.bay108.mail.live.com%252Fmail%252FInboxLight[1].aspx%253FReadMessageId%253Dedf54902-2d97-430d-aef0-e8ed1af953a1%2526n%253D1813513964 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJCXGH4Z\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1708835965 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJCXGH4Z\dref=http%253A%252F%252Fviewmorepics.myspace.com%252Findex[1].cfm%253Ffuseaction%253DviewImage%2526friendID%253D5156491%2526albumID%253D2246133%2526imageID%253D48323382 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\;site=bhg;id=rcTextSponsorId151;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Recipes;pos=10;tile=10;sz=2x2;ord=[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\click,VaUDABe6BgArpRQAuDgGAAIABkYAAP8AAAABFQIACgKSfgYAak4JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGkF0kAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D14v4nqj44%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\click,XKUDABV.BgBPPxYAg6MFAAIA3kYAAP8AAAACFAIAAgKergEAEW8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOLzGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150sh0me7%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\click,XKUDABV.BgCDsxUAY.IFAAAAhkYAAAkAAQACFAIAAgKergEA4OQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvwGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D1508j2o4v%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\click,XKUDABV.BgCDsxUAY.IFAAIAGkYAAP8AAAACFAIAAgKergEA4OQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM.rGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150rba4em%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000005%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D696587213 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\dref=http%253A%252F%252Fmessaging.myspace[1].reply%2526friendId%253D3219952%2526type%253DInbox%2526messageID%253D40329031%2526MyToken%253D610a104c-a904-4d4e-9d23-7fa35ac6fe4c not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\S3;channel=S3;parent=bcat277;site=bhg;child1=cat740073;id=casseroleSS_12062001;gender=0;age=0000;income=00;genderage=0_0000;ageincome=0000_00;genderincome=0_00;user=0_0000[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\S3;channel=S3;parent=bcat277;site=bhg;child1=cat740073;id=casseroleSS_12062001;gender=0;age=0000;income=00;genderage=0_0000;ageincome=0000_00;genderincome=0_00;user=0_0000[3] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\S3;channel=S3;parent=bcat277;site=bhg;child1=cat740073;id=rcPhotoSponsorId175;gender=0;age=0000;income=00;genderage=0_0000;ageincome=0000_00;genderincome=0_00;user=0_0000_[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Y38L2N\S3;channel=S3;parent=bcat277;site=bhg;child1=cat740073;id=rcTextSponsorId151;gender=0;age=0000;income=00;genderage=0_0000;ageincome=0000_00;genderincome=0_00;user=0_0000_0[1] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1EBCLYV\;site=bhg;id=cat50002;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;pos=11;tile=11;sz=1x1;ord[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1EBCLYV\click,5jBaAC19BgCGihMAY.IFAAIALkYAAP8AAAAHDQIADQKUrgEA4OQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANWDVkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D14tppl086%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1EBCLYV\S3;channel=S3;site=bhg;id=rcTextSponsorId151;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;po[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1EBCLYV\S3;channel=S3;site=bhg;id=S3;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;pos=13;tile=13;sz=[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9M78HEV\;site=bhg;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;dcopt=ist;tile=1;sz=728x90;ord=1226539934747[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9M78HEV\;site=bhg;id=cat50002;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;pos=10;tile=10;sz=1x1;ord[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9M78HEV\click,5jBaAA19BgA3FRcAZEcHAAIAJkYAAP8AAAAHDQIADQKUrgEAypUKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPt-VkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D14tcgild1%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9M78HEV\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D410724433 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9M78HEV\healthconditions_injury;sz=300x250;kl=N;klg=en;kt=K;dcdupd=1;kga=-1;kr=F;kw=fat+kid+falls;kgg=-1;kcr=us;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=3534373635847240[2].5 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9M78HEV\S3;channel=S3;site=bhg;id=rcTextSponsorId167;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;po[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9M78HEV\S3;channel=S3;site=bhg;id=S3;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;pos=12;tile=12;sz=[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\;site=bhg;id=rcTextSponsorId167;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Recipes;pos=11;tile=11;sz=2x2;ord=[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,VaUDADS6BgA0WhQAQykGAAIAAkYAAP8AAAABFQIACgKSfgYAlzQJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPqjF0kAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D14vdo4mqv%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgA4ihMAY.IFAAIAjkYAAP8AAAABFAIAAgKergEA4OQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACKgF0kAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150r90ger%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgADSRQAmFcGAAIBskYAAP8AAAACFAIAAgOergEAxsUEACZ4CQAAAAAAAAAAAAAAAAAAAAAAAAAAACHyGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150v60g5n%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgAUihMAY.IFAAIAgkYAAP8AAAABFAIAAgKergEA4OQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMGfF0kAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150j4ac1s%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgCCyQ4AyrkEAAAAHkYAAA0AAQACFAIAAgOergEAHQcHAEsHBwAAAAAAAAAAAAAAAAAAAAAAAAAAAA.sGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150q17s08%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgCCyQ4AyrkEAAIANkYAAP8AAAABFAIAAgOergEAHQcHAEsHBwAAAAAAAAAAAAAAAAAAAAAAAAAAAH6cF0kAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150hh6l4s%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgCnzRUAKq0GAAIAXkYAAP8AAAABFAIAAgKergEAJuIJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH6eF0kAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D1504mrum0%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgCvcAwAMgMFAAIADkcAAP8AAAACFQIAAgOergEAr0sFAHd3BwAAAAAAAAAAAAAAAAAAAAAAAAAAAGj1GEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150qfmlpd%2FM%3D674272[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgD3hxMAY.IFAAIAMkYAAP8AAAABFAIAAgKergEA4OQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF2cF0kAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150h40dmq%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgD9uhMArlcGAAIAUkYAAP8AAAACFAIAAgOergEAxsUEAEB4CQAAAAAAAAAAAAAAAAAAAAAAAAAAABPuGEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150eeih6l%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\click,XKUDABV.BgDPlxUAlp0GAAIACkcAAP8AAAACFQIAAgKergEAPc8JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEf1GEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150hjha0m%2FM%3D674272[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1708835965 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZANEPIN\S3;channel=S3;parent=bcat277;site=bhg;child1=cat740073;id=rcPhotoSponsorId167;gender=0;age=0000;income=00;genderage=0_0000;ageincome=0000_00;genderincome=0_00;user=0_0000_[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PYF0H6F\default;sz=300x250;kl=N;klg=en;kt=K;dcdupd=1;kga=-1;kr=F;kw=robert+pattinson+interviewa;kgg=-1;kcr=us;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=9738577097751380[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2R4DAZ\;site=bhg;id=cat50002;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;dcopt=ist;tile=2;sz=250x2[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2R4DAZ\;site=bhg;id=cat50002;gender=f;age=3549;income=16;genderage=f_3549;ageincome=3549_16;genderincome=f_16;user=f_3549_16;interest=Food;type=category;pos=12;tile=12;sz=1x1;ord[2] not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2R4DAZ\click,5jBaABSlAwBusxUA3tYDAAMABAAAAP8AAAAGGAIACgL3QQsALMcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFHFVUkAAAAA,http%3A%2F%2Fpn1.ard.yahoo.com%2FSIG%3D15eioblec%2FM%3D621216[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\41SBK529\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1708835965 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\41SBK529\main_3766;sz=300x250;kl=N;!c=3766;klg=en;kvid=3nRpb-NnBcU;kpu=VanityFairMagazine;ko=p;kt=K;dcdupd=1;kpid=3766;afc=1;kga=-1;kr=F;u=3nRpb-NnBcU_3766;kgg=-1;kcr=us;custp=IsbL[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\41SBK529\main_3766;sz=480x70;kl=N;!c=3766;klg=en;kvid=3nRpb-NnBcU;kpu=VanityFairMagazine;ko=p;kt=K;dcdupd=1;kpid=3766;afc=1;kga=-1;kr=F;u=3nRpb-NnBcU_3766;kgg=-1;kcr=us;custp=IsbLo[1].asx not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PI53U9J\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D410724433 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PI53U9J\main_5703;sz=300x250;kl=N;!c=5703;klg=en;kvid=FUj5BKMGIuk;kpu=Smokestash;ko=c;kt=K;dcdupd=1;kpid=5703;afc=1;kga=-1;kr=F;u=FUj5BKMGIuk_5703;kgg=-1;kcr=us;custp=BdMVICj8kwAD[1].htm not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KN5M7T3\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D410724433 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KN5M7T3\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000005%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D808768528 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\1HYWTXVD\boating;sz=300x250;kl=N;klg=en;kt=K;dcdupd=1;kga=-1;kr=F;kw=robert+pattinson+interviews;kgg=-1;kcr=us;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=710654529399685[2].7 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\1HYWTXVD\dref=http%253A%252F%252Fby108w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1708835965 not found!
File\Folder C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Internet Files\Content.IE5\1HYWTXVD\main_3766;sz=450x60;kl=N;!c=3766;klg=en;kvid=3nRpb-NnBcU;kpu=VanityFairMagazine;ko=p;kt=K;dcdupd=1;kpid=3766;afc=1;kga=-1;kr=F;u=3nRpb-NnBcU_3766;kgg=-1;kcr=us;custp=IsbLo[1].asx not found!

Registry entries deleted on Reboot...
OTL logfile created on: 1/20/2010 7:59:14 PM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Connie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 570.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.91 Gb Total Space | 15.88 Gb Free Space | 14.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DB038KF1
Current User Name: Connie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Connie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)
PRC - C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe (Blockbuster)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Photodex\ProShowGold\scsiaccess.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\WINDOWS\system32\bmwebcfg.exe (Bytemobile, Inc.)
PRC - C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\iPod Access for Windows\iPAHelper.exe ()
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Connie\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- File not found
SRV - (RoxLiveShare9) -- File not found
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (gupdate1c9b54e4b8646dc) Google Update Service (gupdate1c9b54e4b8646dc) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Movielink Core Service) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe (Blockbuster)
SRV - (ScsiAccess) -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (PCTEL)
SRV - (bmwebcfg) -- C:\WINDOWS\System32\bmwebcfg.exe (Bytemobile, Inc.)
SRV - (iPAHelper.exe) -- C:\Program Files\iPod Access for Windows\iPAHelper.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (PCTEL Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (OEM02Vfx) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Afx) -- C:\WINDOWS\system32\drivers\OEM02Afx.sys (Creative Technology Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (RimSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (DXEC02) -- C:\WINDOWS\system32\drivers\dxec02.sys (Knowles Acoustics)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 04 70 5D DB B3 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/12 06:27:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 02:00:53 | 00,000,000 | ---D | M]

[2009/06/12 07:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\extensions
[2009/06/12 07:26:22 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2004/08/04 04:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\tbuC5\CouponsBar.dll (Coupons, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\tbuC5\CouponsBar.dll (Coupons, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LoadMSvcmm] C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0) File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1203646457031 (WUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\PROGRA~1\FUNWEB~1\SCREEN~1\Images\f3wallpp.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Connie\Local Settings\Temp\Temporary Directory 5 for V11DesktopWallpaper[1].zip\DesktopWallpaper\countrylane86wp.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bb795472-d799-11dc-ba2c-0016447161a2}\Shell - "" = AutoRun
O33 - MountPoints2\{bb795472-d799-11dc-ba2c-0016447161a2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb795472-d799-11dc-ba2c-0016447161a2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 16:38:06 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/01/20 19:47:15 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/20 14:50:38 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe
[2010/01/14 15:36:36 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Connie\Desktop\RootRepeal.exe
[2010/01/14 15:18:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Connie\Application Data\MSNInstaller
[2010/01/14 12:44:57 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/12 17:04:11 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/07/22 07:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/05 09:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/04 10:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/03/19 16:30:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/10 10:00:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/02 15:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/02 20:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2008/02/02 20:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2008/01/26 15:57:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2004/08/10 11:57:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\Documents and Settings\Connie\My Documents\*.tmp files -> C:\Documents and Settings\Connie\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 18:13:10 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\christmas list 2010.doc
[2010/02/19 00:00:07 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/14 13:03:01 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Food List.xls
[2010/02/14 07:41:27 | 00,000,351 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Christmas Dinner.rtf
[2010/02/14 07:38:58 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Christmas breakfast.rtf
[2010/02/14 07:30:56 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Christmas party.rtf
[2010/02/12 20:56:35 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\Connie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 15:30:55 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Chase Griffis Resume Seattle.doc
[2010/02/09 08:35:08 | 00,346,624 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Christmas Invitation.doc
[2010/01/20 19:56:32 | 00,524,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/20 19:56:32 | 00,443,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/20 19:56:32 | 00,072,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/20 19:52:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/20 19:52:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/20 19:51:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 19:51:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 19:51:54 | 10,632,97024 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/20 19:49:55 | 06,115,328 | ---- | M] () -- C:\Documents and Settings\Connie\ntuser.dat
[2010/01/20 19:49:55 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Connie\ntuser.ini
[2010/01/20 19:49:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/20 17:05:54 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\wbu77stp.exe
[2010/01/20 14:50:42 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connie\Desktop\OTL.exe
[2010/01/19 17:01:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/18 15:57:47 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\For Doug.xls
[2010/01/18 12:59:02 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Grocery List.doc
[2010/01/17 23:22:38 | 00,000,636 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Groceries.rtf
[2010/01/17 17:31:22 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\donna.doc
[2010/01/15 07:54:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/14 17:26:03 | 00,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/01/14 15:36:40 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Connie\Desktop\RootRepeal.exe
[2010/01/14 15:31:00 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\dds.scr
[2010/01/14 13:22:50 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 13:10:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/13 10:52:00 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Connie\My Documents\~$R_CS_Questionnaire[1][1].doc
[2010/01/12 22:46:27 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\BSR_CS_Questionnaire[1][1].doc
[2010/01/10 23:24:28 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\QLT COS 5 Isosceles Proof Attachment[1].doc
[2010/01/10 17:25:14 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/07 22:28:59 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\Assignment 1 Transformation2010.doc
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/04 00:49:50 | 00,000,532 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\spider.sav
[2010/01/04 00:40:06 | 00,062,464 | ---- | M] () -- C:\Documents and Settings\Connie\Desktop\A Plan for Surviving P3, P4 and Maintenance.doc
[2010/01/03 19:15:39 | 00,000,291 | ---- | M] () -- C:\Documents and Settings\Connie\Application Data\iPod Access v4 Prefs
[2010/01/03 16:56:55 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Connie\My Documents\CruiseInfo.xls
[2010/01/03 08:43:56 | 00,049,992 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/03 08:43:44 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[1 C:\Documents and Settings\Connie\My Documents\*.tmp files -> C:\Documents and Settings\Connie\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 13:23:31 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\christmas list 2010.doc
[2010/02/19 00:00:07 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/14 07:41:27 | 00,000,351 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Christmas Dinner.rtf
[2010/02/14 07:38:58 | 00,000,568 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Christmas breakfast.rtf
[2010/02/14 07:30:56 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Christmas party.rtf
[2010/02/10 15:30:54 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Chase Griffis Resume Seattle.doc
[2010/01/20 17:05:48 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Connie\Desktop\wbu77stp.exe
[2010/01/18 15:57:46 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\For Doug.xls
[2010/01/17 23:22:38 | 00,000,636 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Groceries.rtf
[2010/01/17 16:27:58 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\donna.doc
[2010/01/14 15:30:56 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Connie\Desktop\dds.scr
[2010/01/14 13:10:31 | 10,632,97024 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/13 10:52:00 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Connie\My Documents\~$R_CS_Questionnaire[1][1].doc
[2010/01/12 22:46:27 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\BSR_CS_Questionnaire[1][1].doc
[2010/01/12 12:08:56 | 00,033,669 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Connie (2).jpg
[2010/01/10 23:24:28 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\QLT COS 5 Isosceles Proof Attachment[1].doc
[2010/01/07 19:10:26 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\Assignment 1 Transformation2010.doc
[2010/01/07 12:42:15 | 06,115,328 | ---- | C] () -- C:\Documents and Settings\Connie\ntuser.dat
[2010/01/04 00:49:50 | 00,000,532 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\spider.sav
[2010/01/03 16:14:00 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Connie\My Documents\CruiseInfo.xls
[2010/01/03 08:43:56 | 00,049,992 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/07 19:17:38 | 00,000,276 | ---- | C] () -- C:\Documents and Settings\Connie\Application Data\wklnhst.dat
[2009/08/03 20:49:38 | 00,145,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/05 14:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/08/31 20:25:46 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2008/02/20 23:18:57 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2008/02/06 15:10:27 | 00,049,664 | ---- | C] () -- C:\Documents and Settings\Connie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/02/02 20:09:35 | 00,025,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/01/31 21:58:26 | 00,000,291 | ---- | C] () -- C:\Documents and Settings\Connie\Application Data\iPod Access v4 Prefs
[2008/01/31 21:58:19 | 00,000,053 | -H-- | C] () -- C:\Documents and Settings\Connie\Application Data\iPodAccessv4_OwnerName
[2008/01/31 21:56:01 | 00,000,010 | -H-- | C] () -- C:\Documents and Settings\Connie\Application Data\iPodAccess_Time
[2008/01/31 18:09:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/26 15:57:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/26 15:50:04 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/01/26 15:42:30 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/26 15:34:32 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/01/26 15:34:30 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/01/26 15:06:53 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/01/26 15:06:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/01/26 15:06:50 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/01/26 15:05:17 | 00,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
< End of report >


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 PM

Posted 21 January 2010 - 06:17 AM

Hi,

how is the PC doing?

Did reinstalling Messenger (and deleting all old files) help?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 redhot1n

redhot1n
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 21 January 2010 - 02:27 PM

I deleted the files and havent re added messenger yet, but everything else seems to be running much more smoothly. There was about a 30 second pause every time I tried to open an email and that also has seemed to clear up.

Thank you for your help.

You people are AMAZING!

Connie

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 PM

Posted 22 January 2010 - 11:25 AM

Hi,

since your logs seem clean, I would like you to update your software:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Let me know if you have any problems with that.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 redhot1n

redhot1n
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 22 January 2010 - 12:15 PM

Okay, there were no problems either uninstalling or installing either program. Thanks!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 PM

Posted 23 January 2010 - 09:17 AM

Hi,

very happy to hear that. smile.gif As a last step please remove the tools we used:

Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  2. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  3. Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 redhot1n

redhot1n
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 23 January 2010 - 03:40 PM

Thanks for your help Myrti.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 PM

Posted 23 January 2010 - 07:02 PM

Heya,

You're most welcome! Glad we could help! thumbup.gif

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users