-
The olt file is so large it is making me post in three posts.
OTL logfile created on: 7/5/2010 12:45:03 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Ray\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 30.54 Gb Free Space | 40.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 107.27 Gb Free Space | 46.06% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DEN-X2GAHDX56W8
Current User Name: Ray
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/05 12:43:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/29 14:20:26 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/01/27 04:30:16 | 001,312,848 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/11/22 17:48:26 | 000,016,384 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 04:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/12 15:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2002/07/17 12:00:00 | 000,200,767 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\mnyexpr.exe
========== Modules (SafeList) ==========
MOD - [2010/07/05 12:43:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
MOD - [2009/11/22 17:48:26 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Ray\Local Settings\Temp\IadHide3.dll
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/01/29 14:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/21 13:18:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/10 04:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 04:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/12/15 12:19:06 | 001,463,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/20 23:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/06/02 14:35:32 | 000,025,856 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/06/02 14:35:28 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/06/02 14:34:56 | 000,055,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2005/06/02 14:34:44 | 000,013,440 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/05/17 15:00:54 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/05/17 15:00:52 | 000,033,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2003/10/29 14:02:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/09/19 03:11:00 | 000,067,440 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/09/19 03:11:00 | 000,050,432 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/09/19 03:11:00 | 000,022,064 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2001/09/19 03:11:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/08/17 15:06:02 | 000,154,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam4USB.sys -- (Icam4USB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/10 21:24:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/19 08:07:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 16:15:51 | 000,000,000 | ---D | M]
-
[2010/02/14 09:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions
[2010/02/13 08:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions\[email protected]
[2010/05/13 15:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\j1zwhh86.default\extensions
[2010/05/13 15:19:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\j1zwhh86.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/20 19:46:46 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\j1zwhh86.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/02/21 18:25:13 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\j1zwhh86.default\searchplugins\aim-search.xml
[2010/06/29 07:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
O1 HOSTS File: ([2010/07/04 23:22:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MP3Bar) - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (MP3Bar) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MP3Bar - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetect...etection32.cab (Device Detection)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplug...bootloader.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1258940716859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1269057852000 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobio...ne/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/acti..._v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.246.161.2 216.57.207.18
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/22 09:20:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/05 12:42:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
[2010/07/04 17:27:18 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Ray\Desktop\avgremover.exe
[2010/07/01 21:32:38 | 001,869,952 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ray\Desktop\HousecallLauncher.exe
[2010/06/25 16:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\winMd5Sum
[2010/06/22 17:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2010/06/20 21:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\HorizonWimba
[2010/06/20 15:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\InfraRecorder
[2010/06/20 15:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\Yahoo
[2010/06/20 15:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2010/06/20 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/06/20 15:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\FCSB000062035
[2010/06/20 15:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2010/06/20 15:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 2
[2010/06/20 15:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/06/20 15:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Yahoo!
[2010/06/20 15:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/20 13:14:40 | 004,573,184 | ---- | C] (Geza Kovacs) -- C:\Documents and Settings\Ray\Desktop\unetbootin-windows-471.exe
[2010/06/10 20:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Research In Motion
[2010/06/10 20:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/06/10 20:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/06/10 20:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/06/10 20:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/06/04 22:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/05/31 18:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\cache
[2010/05/31 18:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\FullTiltPoker
[2010/05/31 18:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/05/26 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\thinkorswim
[2010/04/24 12:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Facebook
[2010/04/19 08:07:31 | 000,230,824 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2010/04/19 08:07:30 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/19 08:07:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/04/19 08:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/19 07:38:37 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Ray\Desktop\couponprinter.exe
-
========== Files - Modified Within 90 Days ==========
[2010/07/05 12:43:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
[2010/07/05 12:10:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/07/05 09:06:39 | 032,428,032 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\My Money.mny
[2010/07/05 08:21:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 08:15:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 08:15:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/04 23:31:33 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Ray\NTUSER.DAT
[2010/07/04 23:31:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ray\ntuser.ini
[2010/07/04 23:23:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/04 23:22:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/04 17:27:23 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Ray\Desktop\avgremover.exe
[2010/07/04 15:00:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\ne3ex8xx.exe
[2010/07/04 09:40:02 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\dds.scr
[2010/07/03 23:45:15 | 004,842,642 | -H-- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\IconCache.db
[2010/07/03 13:13:57 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\iTunes.lnk
[2010/07/01 22:46:22 | 000,000,629 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/01 22:46:22 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/07/01 22:12:14 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\barquery.doc
[2010/07/01 22:11:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Word 2003.lnk
[2010/07/01 21:32:50 | 001,869,952 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ray\Desktop\HousecallLauncher.exe
[2010/07/01 20:33:57 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/01 20:33:57 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/30 21:10:00 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\RaysPM2.mdb
[2010/06/30 11:41:26 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Ray\.recently-used.xbel
[2010/06/28 17:31:52 | 002,240,700 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\ubuntupocketguide-v1-1.pdf
[2010/06/25 16:47:54 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010/06/25 16:47:54 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2010/06/25 16:47:27 | 003,432,724 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\ir050.exe
[2010/06/25 16:30:56 | 000,184,707 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Install-winMd5Sum.exe
[2010/06/23 12:02:32 | 000,505,172 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 12:02:32 | 000,443,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 12:02:32 | 000,071,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 17:56:23 | 000,369,152 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\ISORecorderV2RC1.msi
[2010/06/21 18:16:10 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\RaysPM.mdb
[2010/06/21 18:04:17 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Our Cruise Elegant Evening filled with pictures before.doc
[2010/06/21 17:53:42 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\June 29.doc
[2010/06/21 17:23:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\June 29 and 30.doc
[2010/06/21 16:41:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Sunday June 28.doc
[2010/06/20 13:14:42 | 004,573,184 | ---- | M] (Geza Kovacs) -- C:\Documents and Settings\Ray\Desktop\unetbootin-windows-471.exe
[2010/06/11 05:51:45 | 001,082,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 21:24:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 21:05:48 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/06/06 20:59:33 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Family Tree.doc
[2010/06/06 15:08:07 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Grandma.doc
[2010/06/06 14:47:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Del.doc
[2010/06/04 17:06:31 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\June 30 enjoying a sunset out on the deck after dinner.doc
[2010/06/04 16:06:24 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Each evening we would be welcomed back to our room by a new towel friend.doc
[2010/06/03 21:11:23 | 001,410,560 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Dear John2.doc
[2010/06/03 20:28:37 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Deat John.doc
[2010/06/02 21:09:27 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\compare and contrast.doc
[2010/06/02 21:07:27 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\connection to own life.doc
[2010/06/02 20:17:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Zip line.doc
[2010/06/02 19:49:44 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Activitiy.doc
[2010/06/02 19:29:04 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Welcome to Puerto Vallarta.doc
[2010/05/31 18:44:19 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/05/27 08:52:52 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\english 6 questions.doc
[2010/05/26 20:29:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\thinkorswim.lnk
[2010/05/26 20:04:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/25 16:58:10 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\picasso.doc
[2010/05/23 09:34:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/22 15:31:37 | 001,739,086 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\16623415-BlackBerry-Bold-9000-User-Guide.pdf
[2010/05/21 15:43:35 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Types of Contraceptive Techniques.doc
[2010/05/21 14:57:14 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\ap 19 weeks fetus.doc
[2010/05/21 12:49:49 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\STDS AP2.doc
[2010/05/21 12:33:00 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\AP 1.doc
[2010/05/20 22:02:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/19 08:39:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\first glance at picasso.doc
[2010/05/14 14:06:37 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fiesta Download Manager.lnk
[2010/05/12 16:50:34 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\E-mail.lnk
[2010/05/11 08:44:25 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Mona Lisa SMiles paper.doc
[2010/05/10 10:39:10 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/10 07:30:46 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Print Shop 21.lnk
[2010/05/09 15:37:58 | 000,348,952 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/09 13:12:46 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\PersuasiveParagraph[1].doc
[2010/05/09 13:12:23 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\PersuasiveOutline[1].doc
[2010/05/05 22:17:52 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\English paper about My Fathers lIfe.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/19 08:07:31 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2010/04/19 07:38:43 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Ray\Desktop\couponprinter.exe
[2010/04/14 20:35:51 | 000,121,416 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/07 07:15:08 | 000,018,394 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\coupon2_1.gif
[2010/04/06 18:59:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\ASL Project.doc
-
========== Files Created - No Company Name ==========
[2010/07/04 15:00:33 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\ne3ex8xx.exe
[2010/07/04 09:39:58 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\dds.scr
[2010/07/03 13:13:47 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\iTunes.lnk
[2010/07/01 22:12:13 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\barquery.doc
[2010/06/30 21:09:44 | 000,172,032 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\RaysPM2.mdb
[2010/06/30 11:41:26 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Ray\.recently-used.xbel
[2010/06/28 17:31:52 | 002,240,700 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\ubuntupocketguide-v1-1.pdf
[2010/06/25 16:47:54 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2010/06/25 16:47:27 | 003,432,724 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\ir050.exe
[2010/06/25 16:30:34 | 000,184,707 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Install-winMd5Sum.exe
[2010/06/22 17:56:21 | 000,369,152 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\ISORecorderV2RC1.msi
[2010/06/20 15:52:51 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010/06/17 09:28:20 | 004,326,193 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\P1000138.JPG
[2010/06/10 20:23:49 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/06/06 20:52:17 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Family Tree.doc
[2010/06/06 15:08:07 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Grandma.doc
[2010/06/06 14:41:40 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Del.doc
[2010/06/03 21:10:14 | 001,410,560 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Dear John2.doc
[2010/06/03 18:05:11 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Deat John.doc
[2010/06/02 21:07:27 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\connection to own life.doc
[2010/06/02 20:17:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Zip line.doc
[2010/06/02 19:49:44 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Activitiy.doc
[2010/06/02 19:29:04 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Welcome to Puerto Vallarta.doc
[2010/06/02 19:19:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\June 30 enjoying a sunset out on the deck after dinner.doc
[2010/06/02 19:16:28 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Each evening we would be welcomed back to our room by a new towel friend.doc
[2010/06/02 19:09:33 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Our Cruise Elegant Evening filled with pictures before.doc
[2010/06/02 18:44:31 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\June 29.doc
[2010/06/02 18:07:09 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\compare and contrast.doc
[2010/06/02 16:41:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\June 29 and 30.doc
[2010/06/02 15:54:44 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Sunday June 28.doc
[2010/05/31 18:44:19 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/05/27 08:52:52 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\english 6 questions.doc
[2010/05/26 20:29:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\thinkorswim.lnk
[2010/05/25 16:51:41 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\picasso.doc
[2010/05/22 15:31:28 | 001,739,086 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\16623415-BlackBerry-Bold-9000-User-Guide.pdf
[2010/05/21 15:43:34 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Types of Contraceptive Techniques.doc
[2010/05/21 14:57:14 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\ap 19 weeks fetus.doc
[2010/05/21 12:46:41 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\STDS AP2.doc
[2010/05/21 12:33:00 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\AP 1.doc
[2010/05/19 08:39:28 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\first glance at picasso.doc
[2010/05/12 16:50:34 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\E-mail.lnk
[2010/05/11 08:44:25 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Mona Lisa SMiles paper.doc
[2010/05/09 13:12:46 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\PersuasiveParagraph[1].doc
[2010/05/09 13:12:22 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\PersuasiveOutline[1].doc
[2010/04/19 21:00:45 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\English paper about My Fathers lIfe.doc
[2010/04/07 07:16:25 | 000,018,394 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\coupon2_1.gif
[2010/04/06 18:59:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\ASL Project.doc
[2010/03/26 21:42:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/15 14:00:18 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/22 23:19:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/22 18:10:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/11/22 17:47:02 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2009/11/22 17:47:02 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/02/01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/03/20 12:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/22 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/11/22 22:26:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/14 14:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fiesta Download Manager
[2010/06/04 22:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/02 21:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/12/05 09:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/10 20:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/02/23 17:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/02/15 14:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/13 08:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/02/27 11:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/11/22 22:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/15 14:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Canon
[2010/04/24 12:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Facebook
[2010/06/20 15:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\FCSB000062035
[2010/06/30 11:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\gtk-2.0
[2010/06/20 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\HorizonWimba
[2010/02/13 16:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ieSpell
[2010/06/20 15:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\InfraRecorder
[2010/02/27 11:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Leadertech
[2010/02/09 17:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\licenses
[2010/02/14 09:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Opera
[2010/03/26 21:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Panasonic
[2010/02/07 18:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\PCMM2009
[2010/02/07 18:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\PCMM2010
[2010/06/10 20:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Research In Motion
[2010/02/15 14:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ScanSoft
[2010/02/13 08:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\TomTom
[2010/07/05 12:10:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/11/22 09:20:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/12 21:32:51 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/07/01 22:46:22 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/02/14 10:59:28 | 000,001,331 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/04 23:27:49 | 000,016,855 | ---- | M] () -- C:\ComboFix.txt
[2009/11/22 09:20:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/22 09:20:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/20 19:46:25 | 000,000,460 | -H-- | M] () -- C:\IPH.PH
[2010/07/01 20:59:35 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/06/22 17:53:16 | 000,014,634 | ---- | M] () -- C:\mcdbp.log
[2009/11/22 09:20:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/22 09:44:17 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/11/22 10:01:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/05 08:15:08 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/03/26 22:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006/03/26 22:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/11/22 01:09:49 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/22 01:09:49 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/22 01:09:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 06:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 06:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 19:03:37
< >
< End of report >
-
The last log was for posts not three.
-
Update your Java version here: http://www.java.com/en/download/installed.jsp
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).
=================================================================
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplug...bootloader.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
[2010/03/20 12:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
All processes killed
========== OTL ==========
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File E:\INSTALL\GMSIPCI.SYS not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\ deleted successfully.
C:\Program Files\Microsoft Money\System\mnyside.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Starting removal of ActiveX control {32C3FEAE-0877-4767-8C20-62A5829A0945}
C:\WINDOWS\Downloaded Program Files\axfbootloader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Chjw\125814095813e9ed folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Chjw\1200594e005939c5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Chjw folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Ray
->Temp folder emptied: 6625413 bytes
->Temporary Internet Files folder emptied: 26997223 bytes
->Java cache emptied: 2729654 bytes
->FireFox cache emptied: 68730835 bytes
->Flash cache emptied: 31850 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 511 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 100.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: Ray
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.7.1 log created on 07052010_142404
Files\Folders moved on Reboot...
C:\Documents and Settings\Ray\Local Settings\Temp\IadHide3.dll moved successfully.
File\Folder C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_99c.dat not found!
Registry entries deleted on Reboot...
-
Good :)
1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
2. Go to Kaspersky website and perform an online antivirus scan.
1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
-
OTL logfile created on: 7/5/2010 2:32:54 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Ray\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 30.48 Gb Free Space | 40.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 107.27 Gb Free Space | 46.06% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DEN-X2GAHDX56W8
Current User Name: Ray
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/05 12:43:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/29 14:20:26 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/01/27 04:30:16 | 001,312,848 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/11/22 17:48:26 | 000,016,384 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 04:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/12 15:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
========== Modules (SafeList) ==========
MOD - [2010/07/05 12:43:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
MOD - [2009/11/22 17:48:26 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Ray\Local Settings\Temp\IadHide3.dll
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/01/29 14:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
========== Driver Services (SafeList) ==========
DRV - [2010/03/21 13:18:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/10 04:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 04:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/12/15 12:19:06 | 001,463,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/20 23:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/06/02 14:35:32 | 000,025,856 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/06/02 14:35:28 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/06/02 14:34:56 | 000,055,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2005/06/02 14:34:44 | 000,013,440 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/05/17 15:00:54 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/05/17 15:00:52 | 000,033,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2003/10/29 14:02:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/09/19 03:11:00 | 000,067,440 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/09/19 03:11:00 | 000,050,432 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/09/19 03:11:00 | 000,022,064 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2001/09/19 03:11:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/08/17 15:06:02 | 000,154,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam4USB.sys -- (Icam4USB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
-
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/10 21:24:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/19 08:07:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/05 14:21:05 | 000,000,000 | ---D | M]
[2010/02/14 09:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions
[2010/02/13 08:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions\[email protected]
[2010/05/13 15:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\j1zwhh86.default\extensions
[2010/05/13 15:19:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\j1zwhh86.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/20 19:46:46 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\j1zwhh86.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/02/21 18:25:13 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\j1zwhh86.default\searchplugins\aim-search.xml
[2010/07/05 14:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/05 14:21:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/05 14:20:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
O1 HOSTS File: ([2010/07/05 14:24:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MP3Bar) - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (MP3Bar) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MP3Bar - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetect...etection32.cab (Device Detection)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1258940716859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1269057852000 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobio...ne/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/acti..._v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.246.161.2 216.57.207.18
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/22 09:20:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/07/05 14:24:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/05 14:24:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/05 14:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/05 12:42:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
[2010/07/04 17:27:18 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Ray\Desktop\avgremover.exe
[2010/07/01 21:32:38 | 001,869,952 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ray\Desktop\HousecallLauncher.exe
[2010/06/25 16:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\winMd5Sum
[2010/06/22 17:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2010/06/20 21:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\HorizonWimba
[2010/06/20 15:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\InfraRecorder
[2010/06/20 15:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\Yahoo
[2010/06/20 15:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2010/06/20 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/06/20 15:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\FCSB000062035
[2010/06/20 15:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2010/06/20 15:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 2
[2010/06/20 15:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/06/20 15:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Yahoo!
[2010/06/20 15:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/20 13:14:40 | 004,573,184 | ---- | C] (Geza Kovacs) -- C:\Documents and Settings\Ray\Desktop\unetbootin-windows-471.exe
[2010/06/10 20:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Research In Motion
[2010/06/10 20:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/06/10 20:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/06/10 20:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/06/10 20:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/06/04 22:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/05/31 18:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\cache
[2010/05/31 18:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\FullTiltPoker
[2010/05/31 18:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/05/26 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\thinkorswim
[2010/04/24 12:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Facebook
[2010/04/19 08:07:31 | 000,230,824 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2010/04/19 08:07:30 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/19 08:07:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/04/19 08:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/19 07:38:37 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Ray\Desktop\couponprinter.exe
-
========== Files - Modified Within 90 Days ==========
[2010/07/05 14:26:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 14:25:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 14:25:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 14:24:46 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Ray\NTUSER.DAT
[2010/07/05 14:24:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ray\ntuser.ini
[2010/07/05 14:24:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/05 12:43:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe
[2010/07/05 12:10:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/07/05 09:06:39 | 032,428,032 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\My Money.mny
[2010/07/04 23:23:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/04 17:27:23 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Ray\Desktop\avgremover.exe
[2010/07/04 15:00:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\ne3ex8xx.exe
[2010/07/04 09:40:02 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\dds.scr
[2010/07/03 23:45:15 | 004,842,642 | -H-- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\IconCache.db
[2010/07/03 13:13:57 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\iTunes.lnk
[2010/07/01 22:46:22 | 000,000,629 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/01 22:46:22 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/07/01 22:12:14 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\barquery.doc
[2010/07/01 22:11:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Word 2003.lnk
[2010/07/01 21:32:50 | 001,869,952 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ray\Desktop\HousecallLauncher.exe
[2010/07/01 20:33:57 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/01 20:33:57 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/30 21:10:00 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\RaysPM2.mdb
[2010/06/30 11:41:26 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Ray\.recently-used.xbel
[2010/06/28 17:31:52 | 002,240,700 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\ubuntupocketguide-v1-1.pdf
[2010/06/25 16:47:54 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010/06/25 16:47:54 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2010/06/25 16:47:27 | 003,432,724 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\ir050.exe
[2010/06/25 16:30:56 | 000,184,707 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Install-winMd5Sum.exe
[2010/06/23 12:02:32 | 000,505,172 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 12:02:32 | 000,443,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 12:02:32 | 000,071,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 17:56:23 | 000,369,152 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\ISORecorderV2RC1.msi
[2010/06/21 18:16:10 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\RaysPM.mdb
[2010/06/21 18:04:17 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Our Cruise Elegant Evening filled with pictures before.doc
[2010/06/21 17:53:42 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\June 29.doc
[2010/06/21 17:23:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\June 29 and 30.doc
[2010/06/21 16:41:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Sunday June 28.doc
[2010/06/20 13:14:42 | 004,573,184 | ---- | M] (Geza Kovacs) -- C:\Documents and Settings\Ray\Desktop\unetbootin-windows-471.exe
[2010/06/11 05:51:45 | 001,082,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 21:24:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 21:05:48 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/06/06 20:59:33 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Family Tree.doc
[2010/06/06 15:08:07 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Grandma.doc
[2010/06/06 14:47:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Del.doc
[2010/06/04 17:06:31 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\June 30 enjoying a sunset out on the deck after dinner.doc
[2010/06/04 16:06:24 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Each evening we would be welcomed back to our room by a new towel friend.doc
[2010/06/03 21:11:23 | 001,410,560 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Dear John2.doc
[2010/06/03 20:28:37 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Deat John.doc
[2010/06/02 21:09:27 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\compare and contrast.doc
[2010/06/02 21:07:27 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\connection to own life.doc
[2010/06/02 20:17:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Zip line.doc
[2010/06/02 19:49:44 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Activitiy.doc
[2010/06/02 19:29:04 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Welcome to Puerto Vallarta.doc
[2010/05/31 18:44:19 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/05/27 08:52:52 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\english 6 questions.doc
[2010/05/26 20:29:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\thinkorswim.lnk
[2010/05/26 20:04:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/25 16:58:10 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\picasso.doc
[2010/05/23 09:34:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/22 15:31:37 | 001,739,086 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\16623415-BlackBerry-Bold-9000-User-Guide.pdf
[2010/05/21 15:43:35 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Types of Contraceptive Techniques.doc
[2010/05/21 14:57:14 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\ap 19 weeks fetus.doc
[2010/05/21 12:49:49 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\STDS AP2.doc
[2010/05/21 12:33:00 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\AP 1.doc
[2010/05/20 22:02:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/19 08:39:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\first glance at picasso.doc
[2010/05/14 14:06:37 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fiesta Download Manager.lnk
[2010/05/12 16:50:34 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\E-mail.lnk
[2010/05/11 08:44:25 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Mona Lisa SMiles paper.doc
[2010/05/10 10:39:10 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/10 07:30:46 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Print Shop 21.lnk
[2010/05/09 15:37:58 | 000,348,952 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/09 13:12:46 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\PersuasiveParagraph[1].doc
[2010/05/09 13:12:23 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\PersuasiveOutline[1].doc
[2010/05/05 22:17:52 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\English paper about My Fathers lIfe.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/19 08:07:31 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2010/04/19 07:38:43 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Ray\Desktop\couponprinter.exe
[2010/04/14 20:35:51 | 000,121,416 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/07 07:15:08 | 000,018,394 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\coupon2_1.gif
[2010/04/06 18:59:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\ASL Project.doc
========== Files Created - No Company Name ==========
[2010/07/04 15:00:33 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\ne3ex8xx.exe
[2010/07/04 09:39:58 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\dds.scr
[2010/07/03 13:13:47 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\iTunes.lnk
[2010/07/01 22:12:13 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\barquery.doc
[2010/06/30 21:09:44 | 000,172,032 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\RaysPM2.mdb
[2010/06/30 11:41:26 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Ray\.recently-used.xbel
[2010/06/28 17:31:52 | 002,240,700 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\ubuntupocketguide-v1-1.pdf
[2010/06/25 16:47:54 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2010/06/25 16:47:27 | 003,432,724 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\ir050.exe
[2010/06/25 16:30:34 | 000,184,707 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Install-winMd5Sum.exe
[2010/06/22 17:56:21 | 000,369,152 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\ISORecorderV2RC1.msi
[2010/06/20 15:52:51 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010/06/17 09:28:20 | 004,326,193 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\P1000138.JPG
[2010/06/10 20:23:49 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/06/06 20:52:17 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Family Tree.doc
[2010/06/06 15:08:07 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Grandma.doc
[2010/06/06 14:41:40 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Del.doc
[2010/06/03 21:10:14 | 001,410,560 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Dear John2.doc
[2010/06/03 18:05:11 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Deat John.doc
[2010/06/02 21:07:27 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\connection to own life.doc
[2010/06/02 20:17:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Zip line.doc
[2010/06/02 19:49:44 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Activitiy.doc
[2010/06/02 19:29:04 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Welcome to Puerto Vallarta.doc
[2010/06/02 19:19:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\June 30 enjoying a sunset out on the deck after dinner.doc
[2010/06/02 19:16:28 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Each evening we would be welcomed back to our room by a new towel friend.doc
[2010/06/02 19:09:33 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Our Cruise Elegant Evening filled with pictures before.doc
[2010/06/02 18:44:31 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\June 29.doc
[2010/06/02 18:07:09 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\compare and contrast.doc
[2010/06/02 16:41:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\June 29 and 30.doc
[2010/06/02 15:54:44 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Sunday June 28.doc
[2010/05/31 18:44:19 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/05/27 08:52:52 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\english 6 questions.doc
[2010/05/26 20:29:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\thinkorswim.lnk
[2010/05/25 16:51:41 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\picasso.doc
[2010/05/22 15:31:28 | 001,739,086 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\16623415-BlackBerry-Bold-9000-User-Guide.pdf
[2010/05/21 15:43:34 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Types of Contraceptive Techniques.doc
[2010/05/21 14:57:14 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\ap 19 weeks fetus.doc
[2010/05/21 12:46:41 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\STDS AP2.doc
[2010/05/21 12:33:00 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\AP 1.doc
[2010/05/19 08:39:28 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\first glance at picasso.doc
[2010/05/12 16:50:34 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\E-mail.lnk
[2010/05/11 08:44:25 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Mona Lisa SMiles paper.doc
[2010/05/09 13:12:46 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\PersuasiveParagraph[1].doc
[2010/05/09 13:12:22 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\PersuasiveOutline[1].doc
[2010/04/19 21:00:45 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\English paper about My Fathers lIfe.doc
[2010/04/07 07:16:25 | 000,018,394 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\coupon2_1.gif
[2010/04/06 18:59:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\ASL Project.doc
[2010/03/26 21:42:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/15 14:00:18 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/22 23:19:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/22 18:10:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/11/22 17:47:02 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2009/11/22 17:47:02 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/02/01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/02/22 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/11/22 22:26:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/14 14:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fiesta Download Manager
[2010/06/04 22:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/02 21:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/12/05 09:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/10 20:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/02/23 17:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/02/15 14:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/13 08:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/02/27 11:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/11/22 22:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/15 14:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Canon
[2010/04/24 12:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Facebook
[2010/06/20 15:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\FCSB000062035
[2010/06/30 11:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\gtk-2.0
[2010/06/20 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\HorizonWimba
[2010/02/13 16:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ieSpell
[2010/06/20 15:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\InfraRecorder
[2010/02/27 11:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Leadertech
[2010/02/09 17:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\licenses
[2010/02/14 09:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Opera
[2010/03/26 21:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Panasonic
[2010/02/07 18:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\PCMM2009
[2010/02/07 18:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\PCMM2010
[2010/06/10 20:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Research In Motion
[2010/02/15 14:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ScanSoft
[2010/02/13 08:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\TomTom
[2010/07/05 12:10:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
========== Purity Check ==========
< End of report >
-
1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
2. Go to Kaspersky website and perform an online antivirus scan.
1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
-
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 5, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 05, 2010 20:15:16
Records in database: 4243479
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Objects scanned: 163608
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:39:01
No threats found. Scanned area is clean.
Selected area has been scanned.
-
OTL Clean-Up
Clean up with OTL:
* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
==============================================================
Your computer is clean https://discussions.virtualdr.com/
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.
Turn off System Restore:
- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
2. Restart computer.
3. Turn System Restore on.
4. Make sure, Windows Updates are current.
5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run defrag at your convenience.
8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
9. Please, let me know, how is your computer doing.
-
Thank you
Broni
Thank you very much for your help. You have helped me many times and I am very greatful. The pc is running fine. The only thing worth noting is that when I look in the task manager I still see some AVG stuff running in there. Dont know if I need to do something about that. Thank you so much
