Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Rundll error loading P0870Pin.dll

Started by jhazelwd , Nov 19 2009 07:33 AM

Please log in to reply

#1
jhazelwd

Posted 19 November 2009 - 07:33 AM

New Member

Member
4 posts

When my computer first boots up I receive a Rundll Error - Error loading P0870Pin.dll message.

I have followed the instructions in the Malware and Spyware Cleaning Guide and still have the error message.

Here are the logs you specified to post:

Malwarebytes' Anti-Malware 1.41
Database version: 3195
Windows 5.1.2600 Service Pack 3

11/18/2009 9:22:05 PM
mbam-log-2009-11-18 (21-22-05).txt

Scan type: Quick Scan
Objects scanned: 118060
Time elapsed: 8 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/19 05:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDCE2000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AD7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEB41E000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

OTL logfile created on: 11/19/2009 5:05:00 AM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Jeanette Hazelwood\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 406.99 Mb Available Physical Memory | 39.77% Memory free
2.40 Gb Paging File | 1.81 Gb Available in Paging File | 75.12% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.83 Gb Total Space | 36.65 Gb Free Space | 52.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEANETTE
Current User Name: Jeanette Hazelwood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/19 05:03:21 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\OTL.exe
PRC - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/08 20:22:24 | 05,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/12 19:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/12 19:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/02/06 02:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/01/05 15:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/09 17:40:16 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 17:40:16 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 18:32:46 | 01,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/10 11:56:32 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2008/06/10 11:56:28 | 00,447,560 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/04/24 12:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/06/29 11:12:34 | 00,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/06/22 13:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2006/01/15 23:16:41 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/08/05 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/08/05 12:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/05 12:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/02/23 13:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/10/30 11:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/07 13:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 13:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 13:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 13:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 13:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/07/27 13:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/03/04 08:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/03/04 08:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2003/10/29 00:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/27 15:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE
PRC - [2001/12/12 15:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE

========== Modules (SafeList) ==========

MOD - [2009/11/19 05:03:21 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\OTL.exe
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (SNMPTRAP)
SRV - File not found -- -- (SMTPSVC)
SRV - File not found -- -- (MSFtpsvc)
SRV - File not found -- -- (IISADMIN)
SRV - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/27 08:50:12 | 00,316,312 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Temp\0030511258610792mcinst.exe -- (0030511258610792mcinstcleanup)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/12 19:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/09 17:40:16 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 17:40:16 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/06/29 11:12:34 | 00,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/08/03 17:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/07 13:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 13:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 13:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 13:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/08/19 13:07:50 | 00,000,000 | ---D | M] -- C:\WINDOWS\system32\wbem\snmp -- (SNMP)
SRV - [2004/03/04 08:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/08/27 15:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)
SRV - [2001/08/23 04:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/01 17:05:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/01 23:37:15 | 00,000,000 | ---D | M]

[2009/04/01 00:13:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Mozilla\Extensions
[2009/04/01 00:13:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Mozilla\Extensions\[email protected]
[2009/09/07 17:50:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Mozilla\Firefox\extensions
[2009/09/07 17:50:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: (772 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [American Airlines DealFinder] C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe (Skinkers Communications)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [macy's fashion agenda] C:\Documents and Settings\Jeanette Hazelwood/Local Settings/Application Data/Direct Message Lab/449/macys.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PD0870 STISvc] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport-] C:\Program Files\DellSupport\DSAgnt.exe File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Staples Easy Button] C:\Program Files\Staples Easy Button\EasyButton.exe (Staples and Klipfolio Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; Mozilla\4.0 ( File not found
O4 - HKLM..\RunOnceEx: [Register Homesite+.exe] C:\Program Files\Macromedia\HomeSite+\Homesite+.exe (Macromedia, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Jeanette Hazelwood\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\Jeanette Hazelwood\Start Menu\Programs\Startup\macy's fashion agenda.lnk = C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\Direct Message Lab\449\macys.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: anywebcam.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: att.com ([www.customerservice] https in Trusted sites)
O15 - HKCU\..Trusted Domains: worldwinner.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: worldwinner.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1256832888109 (MUWebControl Class)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} https://www.worldwin...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:07:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/18 05:15:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892059130527744)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/19 05:02:35 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\OTL.exe
[2009/11/19 04:59:05 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\RootRepeal.exe
[2009/11/18 22:22:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\Erunt
[2009/11/18 22:22:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\McAfee Suite
[2009/11/18 22:06:59 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/18 22:06:58 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/18 22:06:58 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/18 22:06:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/18 22:05:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/11/18 22:05:18 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/11/18 22:05:01 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/18 22:00:31 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/18 21:55:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/18 21:10:25 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/18 21:08:16 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\SysRestorePoint.exe
[2009/11/17 22:47:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\Microsoft Direct X User Runtime
[2009/11/17 21:42:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\Staples Rewards
[2009/11/17 21:34:53 | 00,000,000 | ---D | C] -- C:\Program Files\DebugDiag
[2009/11/17 21:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\Hijack This
[2009/11/17 21:31:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\Malwarebytes' Anti-Malware
[2009/11/17 15:30:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\Tific
[2009/11/17 15:29:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Tific
[2009/11/17 12:00:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\School Reference
[2009/11/17 05:23:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Staples Easy Button
[2009/11/17 05:22:50 | 00,000,000 | ---D | C] -- C:\Program Files\Staples Easy Button
[2009/11/17 02:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/11/17 02:18:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/11/17 02:06:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/16 00:58:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\Small Claims
[2009/11/15 23:55:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/11/15 21:59:23 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/15 21:59:23 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/11/15 19:31:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/15 19:31:55 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/15 07:31:22 | 00,000,000 | ---D | C] -- C:\Program Files\Blackjack Unleashed
[2009/11/15 07:30:20 | 00,000,000 | ---D | C] -- C:\Program Files\Photo!
[2009/11/15 07:28:40 | 00,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2009/11/15 07:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\Paint.NET
[2009/11/15 07:27:34 | 00,000,000 | ---D | C] -- C:\Program Files\blackjackclub
[2009/11/15 07:23:07 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared HiJackFree
[2009/11/15 07:11:43 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Spyware Remover
[2009/11/14 14:27:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\helpigotaticket.com
[2009/11/13 06:43:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\American Airlines DealFinder
[2009/11/13 06:42:31 | 00,000,000 | ---D | C] -- C:\Program Files\American Airlines DealFinder
[2009/11/10 09:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanette Hazelwood\Tracing
[2009/11/10 09:37:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/11/10 09:36:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/10 09:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/11/10 09:32:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/11/10 08:49:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2006/01/16 18:22:40 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/19 05:12:01 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/11/19 05:03:21 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\OTL.exe
[2009/11/19 05:00:17 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\settings.dat
[2009/11/19 04:59:53 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\RootRepeal.exe
[2009/11/19 04:55:49 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/19 04:54:48 | 00,009,869 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/19 04:51:55 | 00,021,956 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/19 04:51:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/19 04:51:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/19 04:50:28 | 08,650,752 | ---- | M] () -- C:\Documents and Settings\Jeanette Hazelwood\ntuser.dat
[2009/11/19 04:50:05 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Jeanette Hazelwood\ntuser.ini
[2009/11/19 04:49:22 | 14,979,972 | -H-- | M] () -- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\IconCache.db
[2009/11/18 22:06:03 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/18 22:06:01 | 00,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/18 21:10:25 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\NTREGOPT.lnk
[2009/11/18 21:08:17 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\SysRestorePoint.exe
[2009/11/18 12:02:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/17 09:21:01 | 39,400,960 | ---- | M] () -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\NETCFSetupv2.msi
[2009/11/17 07:41:59 | 00,812,496 | ---- | M] () -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\handmarkethr-ppc-v1-00-wm5.cab
[2009/11/14 20:52:44 | 00,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/11/10 10:24:27 | 00,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 10:09:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/10 09:37:50 | 00,027,704 | ---- | M] () -- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/10 09:34:25 | 00,000,953 | ---- | M] () -- C:\Documents and Settings\Jeanette Hazelwood\My Documents\My Sharing Folders.lnk
[2009/11/10 08:51:32 | 00,565,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/10 08:51:32 | 00,477,668 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/10 08:51:32 | 00,088,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2009/11/19 05:00:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\settings.dat
[2009/11/18 22:19:54 | 00,009,869 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/18 22:06:02 | 00,000,366 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/18 22:06:01 | 00,000,344 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/18 21:10:25 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\NTREGOPT.lnk
[2009/11/17 09:20:54 | 39,400,960 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\NETCFSetupv2.msi
[2009/11/17 07:41:47 | 00,812,496 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Desktop\handmarkethr-ppc-v1-00-wm5.cab
[2009/11/15 23:58:30 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/14 20:52:44 | 00,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/10/29 08:03:35 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\setup_ldm.iss
[2009/05/20 19:15:01 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\$_hpcst$.hpc
[2009/02/10 12:10:35 | 00,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/02/10 12:09:48 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/02/10 12:09:42 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/02/10 12:08:27 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/02/09 10:23:39 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Launch Internet Explorer Browser.lnk
[2008/10/10 11:26:05 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\ConTest.dll
[2008/05/23 20:22:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2008/05/23 20:22:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/05/23 20:22:07 | 00,000,113 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/05/23 20:22:07 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2008/05/23 20:22:07 | 00,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/05/23 20:21:57 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2008/05/23 20:21:57 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2008/05/23 20:21:42 | 00,000,447 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/05/23 20:21:42 | 00,000,038 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/05/23 20:21:40 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2008/02/26 20:48:12 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VI2_SETUP.ini
[2008/01/04 00:10:02 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/14 09:03:00 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\F35EF14300.dll
[2007/11/30 03:36:02 | 00,008,474 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/10/28 17:12:17 | 00,000,956 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2007/01/18 01:50:15 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/11/07 10:30:19 | 00,000,365 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/30 17:34:34 | 00,027,120 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/08 03:24:02 | 00,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2006/03/08 03:24:01 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/03/08 03:24:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2006/03/08 03:24:01 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/03/08 03:24:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2006/03/08 03:23:59 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2006/02/24 15:20:01 | 14,979,972 | -H-- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\IconCache.db
[2006/02/23 01:05:52 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/23 01:05:52 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/18 00:19:38 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/02/18 00:18:31 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2006/02/18 00:10:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/18 18:28:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/15 13:16:56 | 00,000,391 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/09/07 12:00:57 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/23 15:38:04 | 00,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/08/23 15:38:04 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\F38CF7322D.sys
[2005/08/19 10:11:30 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\PFP120JPR.{PB
[2005/08/19 10:11:30 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\PFP120JCM.{PB
[2005/08/16 20:53:11 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/16 18:39:40 | 00,027,704 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/16 18:38:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\desktop.ini
[2005/08/16 18:38:44 | 00,000,141 | ---- | C] () -- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\fusioncache.dat
[2005/08/08 05:15:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/08 05:03:50 | 00,000,525 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/08 04:55:32 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/08/08 04:30:46 | 00,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2005/08/08 04:30:46 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2005/08/08 04:30:04 | 00,000,372 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/12 08:25:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 13:20:39 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:01:43 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 12:57:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/19 12:49:59 | 00,000,690 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/19 12:49:56 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/19 12:49:39 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/12 05:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/07/20 10:14:06 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2004/02/10 12:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 12:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2001/08/17 14:36:28 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/09/07 17:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/02/10 01:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/10/15 13:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720
[2007/12/03 19:45:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support(2).com
[2007/12/03 19:39:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support(3).com
[2009/02/09 02:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/11/30 03:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/29 22:37:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/11/18 16:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\American Airlines DealFinder
[2009/09/07 17:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Azureus
[2007/07/09 15:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Comcast
[2005/08/19 10:11:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Corel
[2009/02/09 02:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Keynote Systems
[2006/04/18 15:16:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Leadertech
[2009/04/02 10:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\LimeWire
[2007/11/30 03:44:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\MSNInstaller
[2009/01/26 09:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\ooVoo Details
[2009/02/08 23:05:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\PreCast
[2009/05/23 06:19:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Southwest Airlines
[2009/11/19 04:56:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Staples Easy Button
[2009/11/17 15:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Tific
[2007/03/19 09:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Viewpoint
[2005/11/23 20:09:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanette Hazelwood\Application Data\ZipGenius
[2004/08/10 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/18 22:06:03 | 00,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/18 22:06:01 | 00,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/11/19 04:55:49 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/11/19 04:51:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/10 02:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[4 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/10 02:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[4 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/10 02:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[4 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[4 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 20:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[4 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Jeanette Hazelwood\My Documents\Default.rdp:SummaryInformation
< End of report >

OTL Extras logfile created on: 11/19/2009 5:05:00 AM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Jeanette Hazelwood\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 406.99 Mb Available Physical Memory | 39.77% Memory free
2.40 Gb Paging File | 1.81 Gb Available in Paging File | 75.12% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.83 Gb Total Space | 36.65 Gb Free Space | 52.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEANETTE
Current User Name: Jeanette Hazelwood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\FerretSoft\WebFerret\WebFerret.exe" = C:\Program Files\FerretSoft\WebFerret\WebFerret.exe:*:Enabled:WebFerret 5.0 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- File not found
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- File not found
"C:\Program Files\Java\j2re1.4.2_03\javaws\javaws.exe" = C:\Program Files\Java\j2re1.4.2_03\javaws\javaws.exe:*:Enabled:Java Web Start -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\Documents and Settings\Jeanette Hazelwood\Recent\Internet Explorer.lnk" = C:\Documents and Settings\Jeanette Hazelwood\Recent\Internet Explorer.lnk:*:Enabled:Internet Explorer -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)
"C:\Program Files\Torrents_Download\Torrents Download\SubsSearch.exe" = C:\Program Files\Torrents_Download\Torrents Download\SubsSearch.exe:*:Enabled:UniFS Media - SubsSearch.exe -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{06276C76-80C8-40A9-B0B4-36B2104FD7F3}" = MediaDirect
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1136B2B6-60BD-4D79-94E9-2E0E8C395F54}" = ArcSoft VideoImpression 2
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9B46555-DECD-49B5-8C13-34F355BCB1B3}" = Casino Verite Blackjack V4
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3E7A2A5-A059-4A44-949B-21FBD371A8B8}" = Paint.NET v3.5
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.2.1056)
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Spyware Remover Free Edition_is1" = Advanced Spyware Remover Free Edition
"All ATI Software" = ATI - Software Uninstall Utility
"American Airlines DealFinder" = American Airlines DealFinder (remove only)
"Ask Toolbar_is1" = Vuze Toolbar
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"Blackjack Unleashed" = Blackjack Unleashed
"Buddy Spy_is1" = Buddy Spy 2.2.19
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comcast PhotoShow Deluxe 4" = Comcast PhotoShow Deluxe 4
"Comcast Rhapsody" = Comcast Rhapsody
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"ERUNT_is1" = ERUNT 1.1j
"Face Tracking Utility" = Face Tracking Utility
"GENEUIDE" = USB Storage Driver
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"LimeWire" = LimeWire 4.18.8
"macy's fashion agenda 1.00" = macy's fashion agenda
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MessageGroups 1.0" = MessageGroups 1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pan and Tilt Control" = Pan and Tilt Control
"PhotoRecord" = Canon PhotoRecord
"PhotoToolkit_is1" = Photo! Editor 1.1
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Staples Easy Button" = Staples Easy Button (remove only)
"TTB000001.TTB000001Toolbar" = CouponBar
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! IE Suggest" = Yahoo! Search Suggest Add-on for IE7
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"blackjackclub" = The BlackJack Club Game
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2009 1:56:56 AM | Computer Name = JEANETTE | Source = FTPCtrs | ID = 1000
Description = Unable to collect the FTP performance statistics. The error code returned
by the service is data DWORD 0. For additional information specific to this message
please visit the Microsoft Online Support site located at: http://www.microsoft...entredirect.asp.

Error - 11/18/2009 1:56:56 AM | Computer Name = JEANETTE | Source = IISInfoCtrs | ID = 1001
Description = Unable to read the first counter index value from the registry. The
error code returned by the registry is data DWORD 0. For additional information
specific to this message please visit the Microsoft Online Support site located
at: http://www.microsoft...entredirect.asp.

Error - 11/18/2009 1:56:56 AM | Computer Name = JEANETTE | Source = FTPCtrs | ID = 1000
Description = Unable to collect the FTP performance statistics. The error code returned
by the service is data DWORD 0. For additional information specific to this message
please visit the Microsoft Online Support site located at: http://www.microsoft...entredirect.asp.

Error - 11/18/2009 1:56:58 AM | Computer Name = JEANETTE | Source = IISInfoCtrs | ID = 1001
Description = Unable to read the first counter index value from the registry. The
error code returned by the registry is data DWORD 0. For additional information
specific to this message please visit the Microsoft Online Support site located
at: http://www.microsoft...entredirect.asp.

Error - 11/18/2009 1:56:58 AM | Computer Name = JEANETTE | Source = FTPCtrs | ID = 1000
Description = Unable to collect the FTP performance statistics. The error code returned
by the service is data DWORD 0. For additional information specific to this message
please visit the Microsoft Online Support site located at: http://www.microsoft...entredirect.asp.

Error - 11/18/2009 1:56:58 AM | Computer Name = JEANETTE | Source = IISInfoCtrs | ID = 1001
Description = Unable to read the first counter index value from the registry. The
error code returned by the registry is data DWORD 0. For additional information
specific to this message please visit the Microsoft Online Support site located
at: http://www.microsoft...entredirect.asp.

Error - 11/18/2009 1:56:58 AM | Computer Name = JEANETTE | Source = FTPCtrs | ID = 1000
Description = Unable to collect the FTP performance statistics. The error code returned
by the service is data DWORD 0. For additional information specific to this message
please visit the Microsoft Online Support site located at: http://www.microsoft...entredirect.asp.

Error - 11/18/2009 7:55:43 PM | Computer Name = JEANETTE | Source = Application Error | ID = 1000
Description = Faulting application set1d.tmp, version 9.1.0.429, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 11/18/2009 7:55:53 PM | Computer Name = JEANETTE | Source = Application Error | ID = 1000
Description = Faulting application set1f.tmp, version 9.1.0.429, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 11/18/2009 8:09:42 PM | Computer Name = JEANETTE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 11/19/2009 8:53:32 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.

Error - 11/19/2009 8:53:32 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7000
Description = The IIS Admin service failed to start due to the following error:
%%2

Error - 11/19/2009 8:53:32 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7001
Description = The FTP Publishing service depends on the IIS Admin service which
failed to start because of the following error: %%2

Error - 11/19/2009 8:53:32 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7001
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the IIS
Admin service which failed to start because of the following error: %%2

Error - 11/19/2009 8:53:32 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7000
Description = The SNMP Service service failed to start due to the following error:
%%2

Error - 11/19/2009 8:53:32 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7023
Description = The Simple TCP/IP Services service terminated with the following error:
%%126

Error - 11/19/2009 8:53:32 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Media Player
Network Sharing Service service to connect.

Error - 11/19/2009 8:53:32 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%1053

Error - 11/19/2009 8:54:30 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Media Player
Network Sharing Service service to connect.

Error - 11/19/2009 8:54:30 AM | Computer Name = JEANETTE | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%1053

< End of report >

Thank you for your assistance!

Jeanette

#2
RKinner

Posted 20 November 2009 - 12:00 PM

Malware Expert

Expert
24,625 posts

Jeanette,

Have you recently uninstalled a webcam? The dll file it is complaining about is part of Creative WebCam Monitor. Perhaps it did not cleanly install and left a registry entry.

I don't think you have an infection but let's make sure and run Combofix. It should remove the registry entry and tell us if you have an infection.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

1.Contents of C:\Combofix.txt;

Ron

#3
jhazelwd

Posted 20 November 2009 - 05:00 PM

New Member

Topic Starter
Member
4 posts

I followed your directions....please find the Combofix.txt log as requested.

Thank you again for your assistance!!

Jeanette

ComboFix 09-11-20.02 - Jeanette Hazelwood 11/20/2009 13:52:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.497 [GMT -8:00]
Running from: C:\Documents and Settings\Jeanette Hazelwood\Desktop\george.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\comres(2).dll
C:\WINDOWS\system32\comres(3).dll
C:\WINDOWS\system32\drivers\pciide.sys
C:\WINDOWS\system32\Plugins

.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-19 20:04:32 . 2009-11-19 20:04:32 10134 ----a-r- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-11-19 20:02:10 . 2009-11-19 20:02:10 0 d-----w- C:\Documents and Settings\All Users\Application Data\Logitech
2009-11-19 20:02:06 . 2009-11-19 20:02:06 0 d-----w- C:\Program Files\Logitech
2009-11-19 06:06:59 . 2009-11-05 00:54:12 40552 ------w- C:\WINDOWS\system32\drivers\mfesmfk.sys
2009-11-19 06:06:58 . 2009-11-05 00:54:12 79816 ------w- C:\WINDOWS\system32\drivers\mfeavfk.sys
2009-11-19 06:06:58 . 2009-11-05 00:54:12 35272 ------w- C:\WINDOWS\system32\drivers\mfebopk.sys
2009-11-19 06:06:48 . 2009-07-16 20:32:26 120136 ------w- C:\WINDOWS\system32\drivers\Mpfp.sys
2009-11-19 06:05:24 . 2009-11-19 06:06:53 0 d-----w- C:\Program Files\Common Files\McAfee
2009-11-19 06:05:18 . 2009-11-19 06:05:49 0 d-----w- C:\Program Files\McAfee.com
2009-11-19 06:05:01 . 2009-11-19 16:22:52 0 d-----w- C:\Program Files\McAfee
2009-11-19 06:00:31 . 2009-11-05 00:53:40 34248 ------w- C:\WINDOWS\system32\drivers\mferkdk.sys
2009-11-19 05:55:23 . 2009-11-19 09:07:13 0 d-----w- C:\Documents and Settings\All Users\Application Data\McAfee
2009-11-19 05:10:25 . 2009-11-19 05:10:27 0 d-----w- C:\Program Files\ERUNT
2009-11-18 06:52:59 . 2008-05-30 22:11:46 467984 ------w- C:\WINDOWS\system32\d3dx10_38.dll
2009-11-18 06:51:55 . 2005-05-26 23:34:52 2297552 ------w- C:\WINDOWS\system32\d3dx9_26.dll
2009-11-18 05:34:53 . 2009-11-18 06:02:02 0 d-----w- C:\Program Files\DebugDiag
2009-11-17 23:30:04 . 2009-11-17 23:30:05 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\Tific
2009-11-17 23:29:57 . 2009-11-17 23:29:57 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Tific
2009-11-17 13:23:10 . 2009-11-20 14:33:02 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Staples Easy Button
2009-11-17 13:22:50 . 2009-11-17 13:23:07 0 d-----w- C:\Program Files\Staples Easy Button
2009-11-17 10:27:43 . 2009-11-17 10:27:43 0 d-----w- C:\Program Files\Windows Sidebar
2009-11-17 10:18:01 . 2009-11-17 10:18:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-11-17 10:06:20 . 2009-11-19 04:15:14 0 d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2009-11-16 07:57:46 . 2009-11-03 04:42:06 195456 ------w- C:\WINDOWS\system32\MpSigStub.exe
2009-11-16 07:55:05 . 2009-11-16 07:55:07 0 d-----w- C:\Program Files\Windows Defender
2009-11-16 05:59:23 . 2009-11-18 05:33:26 0 d-----w- C:\Program Files\trend micro
2009-11-16 05:59:23 . 2009-11-16 05:59:36 0 d-----w- C:\rsit
2009-11-16 03:31:57 . 2009-09-10 22:54:06 38224 ------w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-11-16 03:31:55 . 2009-09-10 22:53:50 19160 ------w- C:\WINDOWS\system32\drivers\mbam.sys
2009-11-15 15:31:22 . 2009-11-15 15:31:22 0 d-----w- C:\Program Files\Blackjack Unleashed
2009-11-15 15:30:20 . 2009-11-15 15:30:20 0 d-----w- C:\Program Files\Photo!
2009-11-15 15:28:40 . 2009-11-20 18:03:39 0 d-----w- C:\Program Files\Paint.NET
2009-11-15 15:28:28 . 2009-11-20 18:05:12 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\Paint.NET
2009-11-15 15:27:34 . 2009-11-15 15:27:35 0 d-----w- C:\Program Files\blackjackclub
2009-11-15 15:23:07 . 2009-11-15 15:23:12 0 d-----w- C:\Program Files\a-squared HiJackFree
2009-11-15 15:11:43 . 2009-11-16 02:03:58 0 d-----w- C:\Program Files\Advanced Spyware Remover
2009-11-13 14:43:44 . 2009-11-19 00:46:02 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\American Airlines DealFinder
2009-11-13 14:42:31 . 2009-11-13 14:42:40 0 d-----w- C:\Program Files\American Airlines DealFinder
2009-11-10 17:38:10 . 2009-11-19 13:52:04 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Tracing
2009-11-10 17:37:04 . 2009-11-10 17:37:04 0 d-----w- C:\Program Files\Microsoft Sync Framework
2009-11-10 17:36:24 . 2006-11-29 21:06:18 3426072 ------w- C:\WINDOWS\system32\d3dx9_32.dll
2009-11-10 17:36:18 . 2009-11-10 17:36:18 0 d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2009-11-10 17:33:05 . 2009-11-10 17:33:05 0 d-----w- C:\Program Files\Windows Live SkyDrive
2009-11-10 17:32:39 . 2009-11-10 17:37:24 0 d-----w- C:\Program Files\Windows Live
2009-11-10 16:49:53 . 2009-11-10 16:49:53 0 d-----w- C:\WINDOWS\system32\URTTEMP
2009-11-10 16:43:46 . 2009-11-10 16:43:46 152576 ------w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-05 00:54:12 . 2009-11-05 00:54:12 214664 ------w- C:\WINDOWS\system32\drivers\mfehidk.sys
2009-11-01 23:54:15 . 2009-11-01 23:54:15 0 d-----w- C:\WINDOWS\system32\XPSViewer
2009-11-01 23:54:01 . 2009-11-01 23:54:01 0 d-----w- C:\Program Files\Reference Assemblies
2009-11-01 22:18:03 . 2009-11-01 22:18:03 3584 ------r- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-01 22:18:02 . 2009-11-01 22:18:02 0 d-----w- C:\Program Files\Windows Installer Clean Up
2009-11-01 22:17:50 . 2009-11-01 22:17:50 0 d-----w- C:\Program Files\MSECACHE
2009-11-01 21:58:32 . 2009-11-18 05:48:00 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\Yahoo!
2009-11-01 21:58:02 . 2009-11-15 04:53:36 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Yahoo!
2009-11-01 21:58:02 . 2009-11-15 04:53:12 0 d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-10-29 22:59:43 . 2009-10-29 22:59:43 56 ---h--w- C:\WINDOWS\system32\ezsidmv.dat
2009-10-29 22:59:39 . 2009-11-20 22:26:35 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\skypePM
2009-10-29 18:14:17 . 2009-11-20 22:26:29 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Skype
2009-10-29 18:12:59 . 2009-10-29 18:12:59 0 d-----w- C:\Program Files\Common Files\Skype
2009-10-29 18:12:56 . 2009-10-29 18:13:33 0 d-----r- C:\Program Files\Skype
2009-10-29 18:12:51 . 2009-10-29 18:12:55 0 d-----w- C:\Documents and Settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 20:07:41 . 2005-08-17 04:59:56 0 d-----w- C:\Program Files\anywebcam
2009-11-19 20:03:42 . 2007-05-09 12:36:01 0 d-----w- C:\Program Files\Common Files\logishrd
2009-11-19 20:02:15 . 2007-09-18 09:19:05 0 d-----w- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-11-19 14:33:03 . 2009-02-08 09:00:54 0 d-----w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Download Manager
2009-11-19 04:13:00 . 2005-08-08 13:06:23 0 d-----w- C:\Program Files\Common Files\Symantec Shared
2009-11-18 06:07:12 . 2009-01-26 17:24:16 0 d-----w- C:\Program Files\oovooToolbar
2009-11-18 06:05:51 . 2005-08-08 12:52:03 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-11-18 06:04:58 . 2006-11-13 20:29:36 0 d-----w- C:\Program Files\MySurvey Messenger
2009-11-17 20:45:10 . 2007-06-19 01:04:49 0 d-----w- C:\Program Files\Buddy Spy
2009-11-16 03:32:00 . 2009-02-09 06:46:44 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-10 17:37:50 . 2005-08-17 02:39:40 27704 -c----w- C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 17:33:53 . 2006-05-08 23:58:16 0 d-----w- C:\Program Files\MSN Messenger
2009-11-10 16:44:48 . 2009-02-09 10:17:29 0 d-----w- C:\Program Files\Java
2009-11-01 21:58:04 . 2009-02-12 15:54:25 0 d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-11-01 21:58:04 . 2009-02-09 10:16:31 0 d-----w- C:\Program Files\Yahoo!
2009-10-29 22:59:42 . 2009-06-12 14:13:39 0 d-----w- C:\Program Files\Microsoft
2009-10-29 16:10:56 . 2005-08-17 05:38:02 0 d-----w- C:\Program Files\Common Files\Adobe
2009-10-11 12:17:27 . 2008-12-08 20:38:06 411368 -c----w- C:\WINDOWS\system32\deploytk.dll
2009-10-08 21:57:02 . 2008-07-30 03:59:58 611328 ------w- C:\WINDOWS\system32\uiautomationcore.dll
2009-10-08 21:57:00 . 2001-08-23 12:00:00 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2009-10-08 21:56:56 . 2001-08-23 12:00:00 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
2009-09-11 14:18:39 . 2001-08-23 12:00:00 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-09-07 18:58:27 . 2009-09-07 18:58:27 127872 ------w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Move Networks\uninstall.exe
2009-09-07 18:58:25 . 2009-06-16 06:35:40 4183416 ------w- C:\Documents and Settings\Jeanette Hazelwood\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-05 01:44:40 . 2009-11-18 06:53:25 515416 ------w- C:\WINDOWS\system32\XAudio2_5.dll
2009-09-05 01:44:40 . 2009-11-18 06:53:24 238936 ------w- C:\WINDOWS\system32\xactengine3_5.dll
2009-09-05 01:44:40 . 2009-11-18 06:53:13 69464 ------w- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-09-05 01:29:34 . 2009-11-18 06:53:19 235344 ------w- C:\WINDOWS\system32\d3dx11_42.dll
2009-09-05 01:29:34 . 2009-11-18 06:53:18 453456 ------w- C:\WINDOWS\system32\d3dx10_42.dll
2009-09-05 01:29:32 . 2009-11-18 06:53:23 1974616 ------w- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-09-05 01:29:32 . 2009-11-18 06:53:22 5501792 ------w- C:\WINDOWS\system32\d3dcsx_42.dll
2009-09-05 01:29:30 . 2009-11-18 06:53:17 1892184 ------w- C:\WINDOWS\system32\D3DX9_42.dll
2009-09-04 21:03:36 . 2001-08-23 12:00:00 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-08-29 08:08:21 . 2001-08-23 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-08-26 08:00:21 . 2001-08-23 12:00:00 247326 -c--a-w- C:\WINDOWS\system32\strmdll.dll
2006-01-17 02:22:29 . 2006-01-17 02:22:40 774144 -c----w- C:\Program Files\RngInterstitial.dll
2007-12-14 17:03:08 . 2007-12-14 17:03:00 80 -csh--r- C:\WINDOWS\system32\F35EF14300.dll
2005-10-07 03:29:48 . 2005-08-23 23:38:04 56 -csh--r- C:\WINDOWS\system32\F38CF7322D.sys
2005-10-07 03:29:48 . 2005-08-23 23:38:04 1890 -csh--w- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-09 12:17:41 . 2007-05-07 23:19:45 1770528 -csh--w- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-09 12:17:41 . 2007-05-07 23:19:45 85024 -csh--w- C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 04:05:26 204288]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 13:42:30 1695232]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\ApcMain.exe" [BU]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 02:32:40 206064]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 20:39:52 1289000]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-10-09 20:11:12 25623336]
"Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 23:39:26 5244216]
"Staples Easy Button"="C:\Program Files\Staples Easy Button\EasyButton.exe" [2009-11-17 13:22:52 1739312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 19:59:54 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 05:05:00 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 21:19:56 53248]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 21:50:18 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 21:50:42 221184]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56:34 64512]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 21:33:20 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-16 07:16:41 180269]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 17:24:00 16384]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 20:25:22 202560]
"macy's fashion agenda"="C:\Documents and Settings\Jeanette Hazelwood/Local Settings/Application Data/Direct Message Lab/449/macys.exe" [2008-09-09 21:51:16 1545219]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 02:32:40 206064]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 19:56:32 1406024]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-01-05 23:18:48 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-03-13 03:56:58 342312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 11:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 19:08:30 935288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 12:17:36 149280]
"American Airlines DealFinder"="C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe" [2009-03-17 08:26:16 759728]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 22:53:56 1312080]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-04 03:20:12 866584]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 14:54:44 1218008]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 04:22:24 5134864]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-26 00:02:54 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-26 00:06:30 2027792]

C:\Documents and Settings\Jeanette Hazelwood\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
macy's fashion agenda.lnk - C:\Documents and Settings\Jeanette Hazelwood\Local Settings\Application Data\Direct Message Lab\449\macys.exe [2008-9-15 1545219]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-8-8 24576]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-10-15 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08:06 110592 ------w- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp.exe" -mini

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_03\\javaws\\javaws.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"= C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 ASKService;ASKService;C:\Program Files\AskBarDis\bar\bin\AskService.exe [9/7/2009 5:50:09 PM 464264]
R2 ASKUpgrade;ASKUpgrade;C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [9/7/2009 5:50:43 PM 234888]
R2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [11/3/2006 7:19:58 PM 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 3:28:36 PM 1533808]
S3 AngelUsb;Angel USB MPEG Device;C:\WINDOWS\system32\drivers\AngelUsb.sys [8/8/2005 4:30:46 AM 375424]
S3 ATIXPGAA;ATIXPGAA;C:\dell\drivers\R101351\ATIXPGAA.SYS [8/8/2007 8:38:44 AM 12032]
.
Contents of the 'Scheduled Tasks' folder

2009-11-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34:12 . 2008-07-30 19:34:12]

2009-11-19 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-19 06:05:56 . 2009-09-25 20:22:14]

2009-11-19 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-19 06:05:56 . 2009-09-25 20:22:14]

2009-11-20 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20:06 . 2006-11-04 03:20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: anywebcam.com
Trusted Zone: att.com\www.customerservice
Trusted Zone: worldwinner.com\www
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{88E20C72-8089-469B-8BD9-53F2D2D65554} - (no file)
HKCU-Run-DellSupport- - C:\Program Files\DellSupport\DSAgnt.exe
HKLM-Run-PD0870 STISvc - P0870Pin.dll
AddRemove-{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 - C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe

#4
RKinner

Posted 20 November 2009 - 06:10 PM

Malware Expert

Expert
24,625 posts

Don't see anything really evil. Combofix removed the entry you were concerned about. You do have 4 services which are broken. These should be turned off since they will slow your boot and are not even installed on most PCs. Did you once use the computer to host a website?

SRV - File not found -- -- (SNMPTRAP)
SRV - File not found -- -- (SMTPSVC)
SRV - File not found -- -- (MSFtpsvc)
SRV - File not found -- -- (IISADMIN)

To turn them off:

Start, Run, cmd, OK or All Programs, Accessories, Command Prompt to open a command window . Type with an Enter after each line:

sc delete SNMPTRAP

sc delete SMTPSVC

sc delete MSFtpsvc

sc delete IISADMIN

exit

Reboot.

The only other thing I see is a problem with Windows Media Player. I would uninstall it via Start, (Settings,) Control Panel, Add/Remove Programs. Then reboot and download and install the latest version from http://www.microsoft...11/default.aspx

While in Add/Remove Programs look for Java 2 Runtime Environment, SE v1.4.2_03 and Uninstall. (Old versions of Java are vulnerable to malware)

You really ought to also uninstall any P2P program like Limewire and Vuze

"LimeWire" = LimeWire 4.18.8
"8461-7759-5462-8226" = Vuze

and this worthless toolbar you got with vuze:

Ask Toolbar_is1" = Vuze Toolbar

With P2P programs you never know where a file has been or what's been done with it.

Is the original problem gone now? Working OK?

Ron

#5
RKinner

Posted 21 November 2009 - 04:21 PM

Malware Expert

Expert
24,625 posts

One of the guys here at Geekstogo tells me that combofix removed a critical system file (C:\WINDOWS\system32\drivers\pciide.sys) by mistake and is worried that you might have trouble booting. If that the case there is a simple fix with the Recovery Console. See http://www.geekstogo...49#entry1690149

Ron