caewe12

Hi, I changed the boot sequence to "Onboard or USB CD-Rom Drive but when I try to boot I get an error message that says "Selected boot device not available". Not sure what I'm doing wrong or if it's the CD. Feeling WAY out of my comfort zone. Help! Thanks. CAE

Hi, I think I successfully burned the disc. Let's give it a go. Thanks. CAE

Hi, Borrowed a laptop from work and tried to download Gparted.... unsuccessfully. Trying to download it directly to CD but keep getting error messages. May have to use my computer tomorrow. Is that a terribleidea? CAE

Hi, I probably won't be able to burn the cd until Wednesday. Don't want my post to get locked. How many days to I have? Thanks. CAE

Ok quarantined. What is a TDL4+ infection?

Hi, This is probably nothing but just want to check with you. This file that you wanted checked (see below) was from the GMER link. When I downloaded the file from that link today it had a different name (etp12y1.exe) but the icon says GMER. Just thought that was strange and worth mentioning. I ran the GMER scan but it didn't find anything (there was a message). I was able to create a log but it is completely empty. There's an exe file that I'd like for you to have checked online. It is on your Desktop. Use your browser to go here at Virustotal website Click the Browse button and then navigate to C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe, then click the Submit button. I downloaded TDSSKILLER again but it still will not run (am in safemode w/networking). When I click on the icon nothing happens. Here are the logs for Roguekiller and RKill. Thanks. CAE RogueKiller V7.1.0 [02/15/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Ekenbarger's [Admin rights] Mode: Scan -- Date: 02/25/2012 11:35:52 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 8 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Bomgar Support Reconnect [1297805904] ("C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1946173170-350803515-410004273-1006[...]\Run : Bomgar Support Reconnect [1297805904] ("C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti) -> FOUND [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Maxtor 6Y160M0 +++++ --- User --- [MBR] e8c4ef311439380bf8161fe3e04c23d1 [bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo User != LL1 ... KO! --- LL1 --- [MBR] 1234b9627f851ba5c40b58d46ae5bfa5 [bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312496380 | Size: 1 Mo User != LL2 ... KO! --- LL2 --- [MBR] 1234b9627f851ba5c40b58d46ae5bfa5 [bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312496380 | Size: 1 Mo +++++ PhysicalDrive1: WDC WD5000AADS-00S9B0 +++++ --- User --- [MBR] e8c4ef311439380bf8161fe3e04c23d1 [bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo User != LL1 ... KO! --- LL1 --- [MBR] 9ff5de6a7f5bd44494e6713738cfaa5e [bSP] 766475e27f711b63811094046f843551 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo User != LL2 ... KO! --- LL2 --- [MBR] 9ff5de6a7f5bd44494e6713738cfaa5e [bSP] 766475e27f711b63811094046f843551 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 02/25/2012 at 11:50:38. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\WINDOWS\system32\wuauclt.exe Rkill completed on 02/25/2012 at 11:51:53.

Hi, Ran RogueKiller and Rkill. Deleted the TDSSKILLER.exe file and downloaded the new one but it will not run. As I recall this happened last time. I also tried just running it without saving first but nothing happens. Don't know if I should proceed with GMER without doing this first. Please advise. Also after running RogueKiller I noticed that the ARO2012 program I "unintentionally" downloaded created another icon on my desktop. It says "Clean Registry for Free". Can I delete this ARO2012?? Thanks. CAE

Hi, Yes. The programs are listed under the start menu but you cannot access anything. I ran the scan. Here is the log. Thank you. CAE RogueKiller V7.1.0 [02/15/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Ekenbarger's [Admin rights] Mode: Scan -- Date: 02/25/2012 09:11:08 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 8 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Bomgar Support Reconnect [1297805904] ("C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1946173170-350803515-410004273-1006[...]\Run : Bomgar Support Reconnect [1297805904] ("C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti) -> FOUND [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Maxtor 6Y160M0 +++++ --- User --- [MBR] e8c4ef311439380bf8161fe3e04c23d1 [bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo User != LL1 ... KO! --- LL1 --- [MBR] 1234b9627f851ba5c40b58d46ae5bfa5 [bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312496380 | Size: 1 Mo User != LL2 ... KO! --- LL2 --- [MBR] 1234b9627f851ba5c40b58d46ae5bfa5 [bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312496380 | Size: 1 Mo +++++ PhysicalDrive1: WDC WD5000AADS-00S9B0 +++++ --- User --- [MBR] e8c4ef311439380bf8161fe3e04c23d1 [bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo User != LL1 ... KO! --- LL1 --- [MBR] 9ff5de6a7f5bd44494e6713738cfaa5e [bSP] 766475e27f711b63811094046f843551 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo User != LL2 ... KO! --- LL2 --- [MBR] 9ff5de6a7f5bd44494e6713738cfaa5e [bSP] 766475e27f711b63811094046f843551 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo Finished : << RKreport[1].txt >> RKreport[1].txt

I ran the utility and a few items showed up in the start menu but the files that were empty are still empty. Not sure what specifics you're looking for. When I go to all programs on the start menu and click on ITUNES, Microsoft Office (anything Microsoft), Safari, Google, Mozilla, Norton Ghost, they are empty. If I right click and then click on properties it shows 0 bytes, 0 files but I know some of the programs must be there. I can open a document and I see Microsoft word open. I was able to find ITUNES in the my music folder on the start menu. What other information can I provide?? CAE

Files still empty. I'm getting quicker. CAE Logfile of random's system information tool 1.09 (written by random/random) Run by Ekenbarger's at 2012-02-23 17:54:12 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 105 GB (70%) free of 149 GB Total RAM: 2558 MB (73% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:54:23 PM, on 2/23/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Napster\napster.exe C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\real\realplayer\update\realsched.exe C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe C:\Program Files\trend micro\Ekenbarger's.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe -rem O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www6.iepdirect.com/ScriptX_6_5/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://e-talk1.whps.org/dwa7W.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O19 - User stylesheet: C:\Documents and Settings\Ekenbarger's\Recent\neopets.css.lnk (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9381 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default<p>prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT3106777&SearchSource=13" prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, toolbar@shopathome.com:5.2.0.0, {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1, {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16" prefs.js - "keyword.URL" - "

Hi, Ran both I had to copy/paste from the first site. Wasn't sure how much of the info you wanted. Thanks. CAE Virustotal SHA256: ce723717c56b2231ea7843f5408225b07a997b466584d38d278db5e7cf2c2eb0 SHA1: bca23ce5d074b45038076bcd19e5beea2d55fbef MD5: ff72056739c31e4cc920fbdff4f9a8e5 File size: 295.5 KB ( 302592 bytes ) File name: download (48) File type: Win32 EXE Tags: upx Detection ratio: 1 / 43 Analysis date: 2012-02-23 19:11:20 UTC ( 3 hours, 23 minutes ago ) 70Antivirus Result Update AhnLab-V3 - 20120223 AntiVir - 20120223 Antiy-AVL - 20120223 Avast - 20120223 AVG - 20120223 BitDefender - 20120223 ByteHero - 20120222 CAT-QuickHeal - 20120223 ClamAV - 20120223 Commtouch - 20120223 Comodo - 20120223 DrWeb - 20120223 Emsisoft - 20120223 eSafe - 20120223 eTrust-Vet - 20120223 F-Prot - 20120223 F-Secure - 20120223 Fortinet - 20120223 GData - 20120223 Ikarus - 20120223 Jiangmin Trojan/JmGenGeneric.aic 20120223 K7AntiVirus - 20120222 Kaspersky - 20120223 McAfee - 20120223 McAfee-GW-Edition - 20120223 Microsoft - 20120223 NOD32 - 20120223 Norman - 20120223 nProtect - 20120223 Panda - 20120223 PCTools - 20120221 Prevx - 20120223 Rising - 20120223 Sophos - 20120223 SUPERAntiSpyware - 20120223 Symantec - 20120223 TheHacker - 20120223 TrendMicro - 20120223 TrendMicro-HouseCall - 20120223 VBA32 - 20120223 VIPRE - 20120223 ViRobot - 20120223 VirusBuster - 20120222 ssdeep 6144:DyAbEezLGANgl17GDWGUbG2ncTsyVuiKPlJxibr:jb7zScc7o2G2cwyQ1Wb TrID Win32 EXE PECompact compressed (generic) (34.9%) UPX compressed Win32 Executable (25.7%) Win32 EXE Yoda's Crypter (22.3%) Win32 Executable Generic (7.1%) Win32 Dynamic Link Library (generic) (6.3%) F-Prot packer identifier UPX PEiD packer identifier UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser ExifTool UninitializedDataSize....: 454656 InitializedDataSize......: 8192 ImageVersion.............: 0.0 FileVersionNumber........: 1.0.15.15641 LanguageCode.............: Polish FileFlagsMask............: 0x003f CharacterSet.............: Unicode LinkerVersion............: 9.0 MIMEType.................: application/octet-stream FileVersion..............: 1, 0, 15, 15641 TimeStamp................: 2011:07:16 21:21:05+01:00 FileType.................: Win32 EXE PEType...................: PE32 SubsystemVersion.........: 5.0 OSVersion................: 5.0 FileOS...................: Windows NT 32-bit Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles CodeSize.................: 299008 FileSubtype..............: 0 ProductVersionNumber.....: 1.0.15.15641 EntryPoint...............: 0xb8360 ObjectFileType...........: Dynamic link library Sigcheck file version.............: 1, 0, 15, 15641 Portable Executable structural information Compilation timedatestamp.....: 2011-07-16 20:21:05 Target machine................: 332 Entry point address...........: 0x000B8360 PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 UPX0 4096 454656 0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 458752 299008 296448 7.93 3af8f41c1f1f4d65f9570e2907b7a264 .rsrc 757760 8192 5120 3.42 17ef10a2ad97a06348443c129baed323 PE Imports....................: KERNEL32.DLL LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess First seen by VirusTotal 2011-07-19 14:51:29 UTC ( 7 months, 1 week ago ) Last seen by VirusTotal 2012-02-23 19:11:20 UTC ( 3 hours, 23 minutes ago ) File names (max. 25) 1.download (48) 2.56b1cjw9.exe 3.ch8d29rz.exe 4.gmer.exe 5.nbxylnku.exe 6.h2k3lgty.exe 7.6uyu8tvl.exe 8.24qoi488.exe 9.85q7pi16.exe 10.tool_GMER_1_0_15_15641.com 11.bpiy55po.exe 12.gmer_ewmp2ih3.exe 13.gmer.exe 14.vppvyudx.exe 15.vppvyudx.exe 16.socmkrvi.exe 17.tii31g8f.exe 18.p5q6y4s9.exe 19.bsdtxyii.exe 20.kp1mluvy.exe 21.C:\Documents and Settings\c32533\Desktop\tcemsgsh.exe 22.r7bzzsbo.exe 23.uts2z68b.exe 24.i1xiy09i.exe 25.iwbhvzk7 VirSCAN- VirSCAN.org Scanned Report : Scanned time : 2012/02/22 21:10:06 (EST) Scanner results: 3% Scanner(s) (1/36) found malware! File Name : srypp2r5.exe File Size : 302592 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : ff72056739c31e4cc920fbdff4f9a8e5 SHA1 : bca23ce5d074b45038076bcd19e5beea2d55fbef Online report : http://r.virscan.org/ff9cc17b92d9d0d6832463f27901b09d Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 5.1.0.4 20120223001329 2012-02-23 2.83 - AhnLab V3 2012.02.23.00 2012.02.23 2012-02-23 7.18 - AntiVir 8.2.8.44 7.11.21.199 2012-01-27 0.24 - Antiy 2.0.18 2.0.18. 0002-18-00 0.18 - Arcavir 2011 201202170436 2012-02-17 4.65 - Authentium 5.1.1 201202212129 2012-02-21 1.53 - AVAST! 4.7.4 120221-1 2012-02-21 0.48 - AVG 12.0.1782 2113/4823 2012-02-21 1.83 - BitDefender 7.90123.7381873 7.41087 2012-02-21 3.99 - ClamAV 0.97.3 14493 2012-02-22 0.40 - Comodo 5.1 11582 2012-02-22 2.41 - CP Secure 1.3.0.5 2012.02.22 2012-02-22 0.68 - Dr.Web 7.0.0.11250 2012.02.20 2012-02-20 13.37 - F-Prot 4.6.2.117 20120221 2012-02-21 2.00 - F-Secure 7.02.73807 2012.02.07.03 2012-02-07 0.29 - Fortinet 4.3.388 15.238 2012-02-22 0.32 - GData 22.3951 20120223 2012-02-23 5.58 - ViRobot 20120222 2012.02.22 2012-02-22 0.42 - Ikarus T3.1.32.20.0 2012.02.22.80540 2012-02-22 9.20 - JiangMin 13.0.900 2012.02.22 2012-02-22 3.90 Trojan/JmGenGeneric.aic Kaspersky 5.5.10 2012.02.20 2012-02-20 0.56 - KingSoft 2009.2.5.15 2012.2.22.9 2012-02-22 1.17 - McAfee 5400.1158 6627 2012-02-21 13.50 - Microsoft 1.8101 2012.02.23 2012-02-23 11.46 - NOD32 3.0.21 6841 2012-01-30 0.21 - Panda 9.05.01 2012.02.22 2012-02-22 4.04 - Trend Micro 9.500-1005 8.792.07 2012-02-21 0.46 - Quick Heal 11.00 2012.02.22 2012-02-22 1.37 - Rising 20.0 23.98.02.02 2012-02-22 5.69 - Sophos 3.28.1 4.74 2012-02-22 6.73 - Sunbelt 3.9.2527.2 11579 2012-02-22 1.05 - Symantec 1.3.0.24 20120221.002 2012-02-21 2.66 - nProtect 20120222.01 11293847 2012-02-22 3.11 - The Hacker 6.7.0.1 v00406 2012-02-21 1.44 - VBA32 3.12.16.4 20120221.1124 2012-02-21 3.70 - VirusBuster 5.4.1.7 14.1.230.0/79359682012-02-22 0.30 -

OTL222.Txt Hi, Sorry I chopped it up. Attaching now. As far as my system nothing is popping up. My files are still empty and other than coming to this site I haven't really done anything. Can I? CAE

Not sure what I did there but I can re-post if need be. CAE

OTL contd pg 2 of 2 < %ALLUSERSPROFILE%\Application Data\*. > [2011/02/15 17:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2007/05/04 19:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL [2007/05/19 20:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads [2007/05/19 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP [2007/07/11 15:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2007/07/11 15:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2012/02/17 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2008/12/19 20:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2009/06/24 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs [2011/02/03 14:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2009/01/14 18:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2011/09/25 13:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater [2005/09/16 00:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek [2011/12/26 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2005/09/16 00:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2005/09/16 00:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2012/02/20 14:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/08/22 12:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2008/12/27 08:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com [2011/01/27 08:51:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2008/01/05 19:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2011/02/13 15:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2007/04/14 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2005/09/16 00:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2011/11/22 13:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real [2004/08/10 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/12/27 08:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2008/12/19 21:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2009/06/24 20:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPORE [2012/02/06 19:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/12/20 00:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2011/02/15 18:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2011/02/15 17:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2010/01/18 16:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2007/03/11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/08/25 08:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2011/12/26 15:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC [2008/12/28 17:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [2011/12/26 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/04 08:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/04 14:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe [2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\17804\AcrobatUpdater.exe [2012/01/03 02:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\17804\AdobeARM.exe [2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\17804\AdobeARMHelper.exe [2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\17804\ReaderUpdater.exe [2011/03/30 12:29:02 | 000,319,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\27497\AcrobatUpdater.exe [2011/03/30 12:29:02 | 000,937,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\27497\AdobeARM.exe [2011/03/30 12:29:02 | 000,319,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\27497\ReaderUpdater.exe [2010/03/24 13:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\7902\AcrobatUpdater.exe [2010/03/24 13:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\7902\AdobeARM.exe [2010/03/24 13:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\7902\ReaderUpdater.exe [2011/01/30 15:44:03 | 000,337,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe [2007/02/27 21:33:56 | 000,166,448 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_4.0.39.3\setup.exe [2007/02/27 21:34:08 | 001,075,936 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_4.0.39.3\toolbar.exe [2007/05/19 20:09:36 | 001,272,304 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\AIMinst.exe [2007/05/19 20:09:55 | 000,481,432 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\AIMLang.exe [2007/05/19 20:09:40 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\alsetup.exe [2007/05/19 20:09:41 | 000,120,368 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\aoldlmgr.exe [2007/05/19 20:09:42 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\migrator.exe [2007/05/19 20:09:51 | 005,312,840 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\ocpinst.exe [2007/05/19 20:09:39 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\postproc.exe [2007/05/19 20:09:39 | 000,169,520 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe [2007/05/19 20:09:53 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\tbsetup.exe [2007/05/19 20:09:54 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\unagi3.exe [2007/05/19 20:10:02 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\Vwpt.exe [2007/05/04 15:02:16 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\DialReg.exe [2006/05/31 19:50:12 | 000,010,752 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptScan.exe [2005/08/09 13:43:04 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\AMP\ampx.exe [2011/12/08 14:51:08 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.2.11\SetupAdmin.exe [2010/02/14 11:15:48 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe [2007/11/13 16:46:00 | 000,135,168 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2011/12/06 13:06:34 | 000,526,512 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe [2008/12/19 20:24:36 | 000,327,437 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\CIP\TransferAgentSetup.exe [2007/02/18 16:58:20 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\HTML\MakeDesktopShortcut.EXE [2007/07/18 20:31:51 | 000,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch7\HTML\item_templ\coach\RunGdp.exe [2007/02/11 17:00:12 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\HTML\MakeDesktopShortcut.EXE [2007/02/11 17:00:12 | 000,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\HTML\fix\DellSupportLauncher.exe [2007/02/11 17:00:12 | 000,072,704 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\HTML\fix\DellSupportODBK.exe [2011/02/13 15:18:49 | 048,536,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\AdbeRdr1001_en_US.exe [2011/02/13 15:18:25 | 000,079,232 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe [2010/04/15 16:03:39 | 001,025,992 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe < %APPDATA%\*. > [2011/02/14 19:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Adobe [2008/08/26 09:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\AdobeUM [2007/04/22 11:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\AOL [2011/12/30 16:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Apple Computer [2010/11/14 18:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\ArcSoft [2006/10/16 22:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Corel [2005/10/30 08:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Creative [2007/05/15 18:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\CyberLink [2011/12/26 12:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\ElevatedDiagnostics [2008/04/29 18:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Google [2007/02/11 17:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Gtek [2011/04/10 12:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\gtk-2.0 [2008/12/28 13:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Help [2004/08/10 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Identities [2008/01/04 21:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\InstallShield [2005/10/30 08:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Jasc Software Inc [2007/01/29 18:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Leadertech [2005/09/20 19:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Macromedia [2012/02/20 14:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Malwarebytes [2011/02/14 19:24:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft [2005/11/03 15:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft Web Folders [2008/08/29 17:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Move Networks [2008/12/18 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla [2011/07/31 17:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Nikon [2012/02/17 19:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\QuickScan [2011/06/30 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Real [2008/01/05 19:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Roxio [2012/02/18 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sammsoft [2008/09/28 13:31:35 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SecuROM [2007/05/13 06:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SmartDraw [2007/01/29 18:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sonic [2010/06/16 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SPORE [2005/09/16 00:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sun [2010/01/18 17:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Symantec [2007/03/11 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint [2008/12/28 16:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Yahoo! < %APPDATA%\*.exe /s > [2008/08/26 09:22:00 | 019,900,192 | ---- | M] ( ) -- C:\Documents and Settings\Ekenbarger's\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe [2008/12/26 13:16:47 | 000,003,584 | R--- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe [2008/06/15 00:02:44 | 000,099,704 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe [2008/08/29 16:59:21 | 000,034,064 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Move Networks\ie_bin\Uninst.exe [2012/02/16 17:44:25 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Ekenbarger's\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010/02/13 13:10:38 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010/02/13 13:10:38 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/03 23:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004/08/03 23:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010/02/13 13:10:38 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010/02/13 13:10:38 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys < MD5 for: BEEP.SYS > [2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\i386\beep.sys [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 05:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll [2004/08/04 05:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005/07/08 22:02:00 | 000,871,040 | -H-- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\drivers\STORAGE\SATA\ONBOARD\iaStor.sys [2005/07/08 22:02:00 | 000,871,040 | -H-- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\i386\iaStor.sys [2005/07/08 22:02:00 | 000,871,040 | -H-- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2009/02/06 13:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 13:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2004/08/04 05:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll [2004/08/04 05:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 05:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll [2004/08/04 05:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: THEMEUI.DLL > [2008/04/13 19:12:07 | 000,385,536 | -H-- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\ServicePackFiles\i386\themeui.dll [2008/04/13 19:12:07 | 000,385,536 | -H-- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\system32\themeui.dll [2004/08/04 05:00:00 | 000,385,536 | -H-- | M] (Microsoft Corporation) MD5=E6796D51CED309E46D29C0B787735615 -- C:\i386\themeui.dll [2004/08/04 05:00:00 | 000,385,536 | -H-- | M] (Microsoft Corporation) MD5=E6796D51CED309E46D29C0B787735615 -- C:\WINDOWS\$NtServicePackUninstall$\themeui.dll < MD5 for: USERINIT.EXE > [2004/08/04 05:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe [2004/08/04 05:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2004/08/10 12:56:48 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav [2004/08/10 12:56:46 | 000,634,880 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav [2004/08/10 12:56:46 | 000,872,448 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < %ALLUSERSPROFILE%\Application Data\*. > [2011/02/15 17:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2007/05/04 19:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL [2007/05/19 20:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads [2007/05/19 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP [2007/07/11 15:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2007/07/11 15:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2012/02/17 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2008/12/19 20:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2009/06/24 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs [2011/02/03 14:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2009/01/14 18:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2011/09/25 13:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater [2005/09/16 00:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek [2011/12/26 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2005/09/16 00:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2005/09/16 00:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2012/02/20 14:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/08/22 12:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2008/12/27 08:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com [2011/01/27 08:51:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2008/01/05 19:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2011/02/13 15:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2007/04/14 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2005/09/16 00:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2011/11/22 13:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real [2004/08/10 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/12/27 08:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2008/12/19 21:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2009/06/24 20:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPORE [2012/02/06 19:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/12/20 00:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2011/02/15 18:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2011/02/15 17:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2010/01/18 16:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2007/03/11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/08/25 08:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2011/12/26 15:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC [2008/12/28 17:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [2011/12/26 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/04 08:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/04 14:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe [2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\17804\AcrobatUpdater.exe [2012/01/03 02:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\17804\AdobeARM.exe [2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\17804\AdobeARMHelper.exe [2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\17804\ReaderUpdater.exe [2011/03/30 12:29:02 | 000,319,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\27497\AcrobatUpdater.exe [2011/03/30 12:29:02 | 000,937,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\27497\AdobeARM.exe [2011/03/30 12:29:02 | 000,319,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.0.1\27497\ReaderUpdater.exe [2010/03/24 13:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\7902\AcrobatUpdater.exe [2010/03/24 13:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\7902\AdobeARM.exe [2010/03/24 13:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\7902\ReaderUpdater.exe [2011/01/30 15:44:03 | 000,337,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe [2007/02/27 21:33:56 | 000,166,448 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_4.0.39.3\setup.exe [2007/02/27 21:34:08 | 001,075,936 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_4.0.39.3\toolbar.exe [2007/05/19 20:09:36 | 001,272,304 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\AIMinst.exe [2007/05/19 20:09:55 | 000,481,432 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\AIMLang.exe [2007/05/19 20:09:40 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\alsetup.exe [2007/05/19 20:09:41 | 000,120,368 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\aoldlmgr.exe [2007/05/19 20:09:42 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\migrator.exe [2007/05/19 20:09:51 | 005,312,840 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\ocpinst.exe [2007/05/19 20:09:39 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\postproc.exe [2007/05/19 20:09:39 | 000,169,520 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe [2007/05/19 20:09:53 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\tbsetup.exe [2007/05/19 20:09:54 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\unagi3.exe [2007/05/19 20:10:02 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\Vwpt.exe [2007/05/04 15:02:16 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\DialReg.exe [2006/05/31 19:50:12 | 000,010,752 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptScan.exe [2005/08/09 13:43:04 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\AMP\ampx.exe [2011/12/08 14:51:08 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.2.11\SetupAdmin.exe [2010/02/14 11:15:48 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe [2007/11/13 16:46:00 | 000,135,168 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2011/12/06 13:06:34 | 000,526,512 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe [2008/12/19 20:24:36 | 000,327,437 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\CIP\TransferAgentSetup.exe [2007/02/18 16:58:20 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\HTML\MakeDesktopShortcut.EXE [2007/07/18 20:31:51 | 000,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch7\HTML\item_templ\coach\RunGdp.exe [2007/02/11 17:00:12 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\HTML\MakeDesktopShortcut.EXE [2007/02/11 17:00:12 | 000,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\HTML\fix\DellSupportLauncher.exe [2007/02/11 17:00:12 | 000,072,704 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\HTML\fix\DellSupportODBK.exe [2011/02/13 15:18:49 | 048,536,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\AdbeRdr1001_en_US.exe [2011/02/13 15:18:25 | 000,079,232 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe [2010/04/15 16:03:39 | 001,025,992 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe < %APPDATA%\*. > [2011/02/14 19:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Adobe [2008/08/26 09:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\AdobeUM [2007/04/22 11:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\AOL [2011/12/30 16:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Apple Computer [2010/11/14 18:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\ArcSoft [2006/10/16 22:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Corel [2005/10/30 08:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Creative [2007/05/15 18:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\CyberLink [2011/12/26 12:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\ElevatedDiagnostics [2008/04/29 18:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Google [2007/02/11 17:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Gtek [2011/04/10 12:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\gtk-2.0 [2008/12/28 13:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Help [2004/08/10 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Identities [2008/01/04 21:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\InstallShield [2005/10/30 08:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Jasc Software Inc [2007/01/29 18:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Leadertech [2005/09/20 19:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Macromedia [2012/02/20 14:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Malwarebytes [2011/02/14 19:24:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft [2005/11/03 15:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft Web Folders [2008/08/29 17:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Move Networks [2008/12/18 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla [2011/07/31 17:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Nikon [2012/02/17 19:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\QuickScan [2011/06/30 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Real [2008/01/05 19:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Roxio [2012/02/18 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sammsoft [2008/09/28 13:31:35 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SecuROM [2007/05/13 06:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SmartDraw [2007/01/29 18:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sonic [2010/06/16 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SPORE [2005/09/16 00:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sun [2010/01/18 17:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Symantec [2007/03/11 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint [2008/12/28 16:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Yahoo! < %APPDATA%\*.exe /s > [2008/08/26 09:22:00 | 019,900,192 | ---- | M] ( ) -- C:\Documents and Settings\Ekenbarger's\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe [2008/12/26 13:16:47 | 000,003,584 | R--- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe [2008/06/15 00:02:44 | 000,099,704 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe [2008/08/29 16:59:21 | 000,034,064 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Move Networks\ie_bin\Uninst.exe [2012/02/16 17:44:25 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Ekenbarger's\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010/02/13 13:10:38 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010/02/13 13:10:38 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/03 23:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004/08/03 23:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010/02/13 13:10:38 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010/02/13 13:10:38 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys < MD5 for: BEEP.SYS > [2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\i386\beep.sys [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys < MD5 for: EVENTLOG.DLL >

Hi, 1 of 2 I ran the OTL but it did not produce an Extra.txt only the OTL popped up. I searched but can't find it should I run it again? Thank you. CAE OTL logfile created on: 2/22/2012 6:26:52 PM - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ekenbarger's\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.50 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 78.19% Memory free 3.09 Gb Paging File | 2.74 Gb Available in Paging File | 88.63% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.58 Gb Total Space | 102.36 Gb Free Space | 70.31% Space Free | Partition Type: NTFS Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 465.76 Gb Total Space | 412.75 Gb Free Space | 88.62% Space Free | Partition Type: NTFS Computer Name: JAM1 | User Name: Ekenbarger's | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr PRC - [2011/06/30 16:21:23 | 000,273,544 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe PRC - [2008/05/29 16:18:26 | 000,323,216 | -H-- | M] (Napster) -- C:\Program Files\Napster\napster.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe PRC - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe PRC - [2006/10/23 07:50:35 | 000,046,640 | RH-- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe PRC - [2006/09/25 19:52:48 | 000,050,736 | -H-- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe PRC - [2005/04/25 08:49:52 | 000,086,142 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2005/01/27 01:02:00 | 000,086,016 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe PRC - [2003/08/27 10:29:46 | 000,065,536 | -H-- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe ========== Modules (No Company Name) ========== MOD - [2011/11/01 23:26:32 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2005/06/21 15:22:06 | 000,483,328 | -H-- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll MOD - [2005/06/06 10:58:38 | 000,065,536 | -H-- | M] () -- C:\WINDOWS\system32\dlcccfg.dll MOD - [2005/04/01 11:44:16 | 000,061,440 | -H-- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll MOD - [2005/01/27 01:02:00 | 000,086,016 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus® SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService) SRV - [2007/09/12 18:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006/10/23 07:50:35 | 000,046,640 | RH-- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2005/06/21 15:19:38 | 000,491,520 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device) SRV - [2005/04/25 08:49:52 | 000,086,142 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel® SRV - [2003/08/27 10:29:46 | 000,065,536 | -H-- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) ========== Driver Services (SafeList) ========== DRV - [2009/11/04 16:54:12 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/11/04 16:53:40 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008/04/13 13:56:49 | 000,012,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008/01/19 20:12:42 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008/01/19 19:45:40 | 000,038,112 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount) DRV - [2008/01/19 19:40:16 | 000,015,088 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV - [2007/12/20 17:13:54 | 000,136,416 | -H-- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap) DRV - [2007/04/16 12:28:02 | 000,194,362 | -H-- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2006/01/26 12:21:04 | 000,034,686 | -H-- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2006/01/10 11:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/04/15 02:14:58 | 001,130,496 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/11/02 15:12:14 | 000,019,456 | -H-- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RDPCDD.sy@ -- (RDPCDD) DRV - [2004/06/16 03:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/06/09 17:16:00 | 000,840,960 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17) DRV - [2004/03/24 10:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci) DRV - [2004/03/06 04:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/03/06 04:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/03/06 04:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2003/09/22 13:48:00 | 000,130,192 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2003/09/22 13:47:00 | 000,178,672 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003/09/19 14:47:24 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003/03/05 18:19:00 | 000,015,840 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT) DRV - [2003/01/10 16:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/11/08 19:45:06 | 000,017,217 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [1999/09/27 10:48:42 | 000,034,916 | -H-- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3106777&SearchSource=13" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0 FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1 FF - prefs.js..extensions.enabledItems: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0 FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/30 16:21:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 18:23:55 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/18 14:12:08 | 000,000,000 | -H-D | M] [2008/12/18 23:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Extensions [2011/12/26 17:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions [2010/06/10 15:38:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/08/11 19:00:55 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64} [2011/12/26 15:55:10 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} [2011/09/03 08:54:55 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\toolbar@shopathome.com [2011/12/16 19:41:06 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\conduit.xml [2011/10/18 15:04:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\CouponAlert_2p.xml [2012/02/17 19:45:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/02/17 19:45:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011/07/13 16:52:56 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/02/17 19:45:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/07/13 16:52:58 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2012/02/21 15:19:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL () O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe (Support.com, Inc.) O4 - HKCU..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www6.iepdirect.com/ScriptX_6_5/smsx.cab (MeadCo ScriptX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://e-talk1.whps.org/dwa7W.cab (Domino Web Access 7 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{830D72BE-6132-4A2A-B8DD-7BC8B69A920B}: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: hitmanpro35 - Reg Error: Value error. SafeBootNet: hitmanpro35.sys - Reg Error: Value error. SafeBootNet: HitmanPro35Crusader - Reg Error: Value error. SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdpcdd.sys - C:\WINDOWS\system32\drivers\RDPCDD.sy@ (Microsoft Corporation) SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0 ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8AD33C5C-9B70-434C-A412-9AD6EFB50373} - Microsoft Silverlight 2.0 ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{0CD71F12-53B7-4AAB-9324-AB16F6484AC2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: hitmanpro35 - Reg Error: Value error. SafeBootNet: hitmanpro35.sys - Reg Error: Value error. SafeBootNet: HitmanPro35Crusader - Reg Error: Value error. SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdpcdd.sys - C:\WINDOWS\system32\drivers\RDPCDD.sy@ (Microsoft Corporation) SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0 ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8AD33C5C-9B70-434C-A412-9AD6EFB50373} - Microsoft Silverlight 2.0 ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{0CD71F12-53B7-4AAB-9324-AB16F6484AC2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/21 14:54:35 | 000,000,000 | ---D | C] -- C:\Combo-Fix9424C [2012/02/20 18:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\FixPolicies [2012/02/20 18:54:33 | 000,000,000 | ---D | C] -- C:\fixpoliciestool [2012/02/20 18:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\My Documents\New Folder [2012/02/20 14:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Application Data\Malwarebytes [2012/02/20 14:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/02/20 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/02/20 13:55:56 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Ekenbarger's\Desktop\mbam-clean.exe [2012/02/19 17:45:15 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012/02/19 17:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012/02/19 17:41:36 | 009,129,024 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Ekenbarger's\Desktop\stinger.exe [2012/02/19 13:43:02 | 014,839,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ekenbarger's\Desktop\windows-kb890830-v4.5.exe [2012/02/18 14:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sammsoft [2012/02/18 14:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2012 [2012/02/18 14:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2012 [2012/02/18 14:17:58 | 006,716,856 | ---- | C] (Support.com ) -- C:\Documents and Settings\Ekenbarger's\Desktop\ARO2012_tbt.exe [2012/02/18 13:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012/02/18 13:12:12 | 000,000,000 | ---D | C] -- C:\rsit [2012/02/18 10:13:47 | 000,000,000 | ---D | C] -- C:\ARK [2012/02/18 09:49:52 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe [2012/02/17 20:05:02 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ekenbarger's\Desktop\aswMBR.exe [2012/02/17 19:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Application Data\QuickScan [2012/02/17 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/02/17 19:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/02/17 19:45:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012/02/17 19:45:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012/02/17 19:45:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012/02/17 19:45:41 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012/02/17 19:34:14 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ekenbarger's\Desktop\jre-6u31-windows-i586-iftw.exe [2012/02/15 21:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/15 20:07:50 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/02/15 20:01:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/02/15 20:01:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/02/15 20:01:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/02/15 20:01:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/02/15 20:00:37 | 000,000,000 | ---D | C] -- C:\Combo-Fix [2012/02/15 19:59:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/02/15 19:56:46 | 004,404,931 | R--- | C] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\Combo-Fix.exe [2012/02/12 15:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/02/11 20:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\WscsvcXP [2012/02/09 20:18:06 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ekenbarger's\Desktop\mbam--setup-1.60.1.1000.exe [2012/02/09 20:04:12 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/09 19:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/02/09 19:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/02/09 19:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/02/09 19:39:53 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ekenbarger's\Desktop\erunt-setup.exe [2012/02/07 19:06:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr [2012/02/07 19:06:22 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr [2012/02/07 17:33:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Administrative Tools [2012/02/06 20:34:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ekenbarger's\Recent [2012/02/06 19:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2012/02/06 19:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe [2005/09/16 00:27:14 | 000,065,536 | -H-- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/22 18:26:46 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job [2012/02/22 18:26:46 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job [2012/02/22 18:15:01 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/02/22 17:58:24 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job [2012/02/22 16:15:01 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/02/22 14:54:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012/02/21 16:32:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/21 16:32:31 | 2682,425,344 | -HS- | M] () -- C:\hiberfil.sys [2012/02/21 15:19:31 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Get Live PC Help Now.lnk [2012/02/21 15:19:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/02/20 16:13:34 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\FixPolicies.exe [2012/02/20 14:03:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/20 12:58:47 | 082,885,256 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\avira_free_antivirus_en.exe [2012/02/20 12:46:58 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ekenbarger's\Desktop\mbam--setup-1.60.1.1000.exe [2012/02/20 12:45:00 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Ekenbarger's\Desktop\mbam-clean.exe [2012/02/19 17:55:25 | 000,000,063 | RH-- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\stinger.opt [2012/02/19 17:45:15 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012/02/19 17:41:36 | 009,129,024 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Ekenbarger's\Desktop\stinger.exe [2012/02/19 13:43:02 | 014,839,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ekenbarger's\Desktop\windows-kb890830-v4.5.exe [2012/02/18 22:17:02 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/02/18 14:25:33 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Check PC For Errors.lnk [2012/02/18 14:25:33 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk [2012/02/18 14:17:57 | 006,716,856 | ---- | M] (Support.com ) -- C:\Documents and Settings\Ekenbarger's\Desktop\ARO2012_tbt.exe [2012/02/18 13:11:47 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe [2012/02/18 09:49:58 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe [2012/02/18 09:44:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\MBR.dat [2012/02/18 09:39:28 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ekenbarger's\Desktop\aswMBR.exe [2012/02/17 19:45:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012/02/17 19:45:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012/02/17 19:45:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012/02/17 19:45:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012/02/17 19:34:16 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ekenbarger's\Desktop\jre-6u31-windows-i586-iftw.exe [2012/02/15 20:08:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/02/15 19:56:57 | 004,404,931 | R--- | M] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\Combo-Fix.exe [2012/02/11 20:12:25 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\WscsvcXP.zip [2012/02/11 14:35:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/02/11 10:24:45 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\NTREGOPT.lnk [2012/02/11 10:24:45 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\ERUNT.lnk [2012/02/11 10:23:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ekenbarger's\Desktop\erunt-setup.exe [2012/02/07 19:14:21 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe [2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr [2012/02/07 19:06:23 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr [2012/02/07 17:12:06 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe [2012/02/07 16:56:39 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk [2012/02/07 16:47:51 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk [2012/02/06 21:23:09 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk [2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk [2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/02/06 19:39:14 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe [2012/02/06 18:35:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/06 14:52:57 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/21 16:32:31 | 2682,425,344 | -HS- | C] () -- C:\hiberfil.sys [2012/02/21 15:19:31 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Get Live PC Help Now.lnk [2012/02/20 18:55:19 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\FixPolicies.exe [2012/02/20 14:03:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/20 12:58:47 | 082,885,256 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\avira_free_antivirus_en.exe [2012/02/19 17:55:25 | 000,000,063 | RH-- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\stinger.opt [2012/02/18 14:25:33 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Check PC For Errors.lnk [2012/02/18 14:25:33 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk [2012/02/18 13:11:44 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe [2012/02/18 09:44:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\MBR.dat [2012/02/15 20:08:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/02/15 20:07:54 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/02/15 20:01:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/02/15 20:01:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/02/15 20:01:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/02/15 20:01:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/02/15 20:01:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/02/11 20:12:30 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\WscsvcXP.zip [2012/02/09 19:40:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\NTREGOPT.lnk [2012/02/09 19:40:56 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\ERUNT.lnk [2012/02/07 19:14:17 | 000,879,683 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe [2012/02/07 17:12:05 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe [2012/02/07 16:56:39 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk [2012/02/07 16:47:51 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk [2012/02/07 06:12:36 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Internet Explorer (2).lnk [2012/02/06 21:23:09 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk [2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk [2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/02/06 18:27:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/06 14:52:57 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2011/05/21 09:05:16 | 000,709,456 | -H-- | C] () -- C:\WINDOWS\is-JCNJV.exe [2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k [2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k [2011/05/06 14:29:52 | 000,023,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011/03/13 09:09:42 | 000,638,976 | -H-- | C] () -- C:\WINDOWS\System32\dlccpmui.dll [2011/03/13 09:09:42 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsr.dll [2011/03/13 09:09:41 | 000,372,736 | -H-- | C] () -- C:\WINDOWS\System32\dlccih.exe [2011/03/13 09:09:41 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccins.dll [2011/03/13 09:09:41 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlccvs.dll [2011/03/13 09:09:40 | 000,413,696 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomm.dll [2011/03/13 09:09:40 | 000,368,640 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.exe [2011/03/13 09:09:40 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\dlccpplc.dll [2011/03/13 09:09:39 | 001,134,592 | -H-- | C] () -- C:\WINDOWS\System32\dlccusb1.dll [2011/03/13 09:09:39 | 000,770,048 | -H-- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll [2011/03/13 09:09:39 | 000,483,328 | -H-- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll [2011/03/13 09:09:38 | 000,704,512 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomc.dll [2011/03/13 09:09:38 | 000,491,520 | -H-- | C] () -- C:\WINDOWS\System32\dlcccoms.exe [2011/03/13 09:09:38 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccprox.dll [2011/03/13 09:09:37 | 001,183,744 | -H-- | C] () -- C:\WINDOWS\System32\dlccserv.dll [2011/03/13 09:09:36 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\dlcccur.dll [2011/03/13 09:09:35 | 000,430,080 | -H-- | C] () -- C:\WINDOWS\System32\dlccutil.dll [2011/03/13 09:09:35 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\dlcccu.dll [2011/03/13 09:09:32 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsb.dll [2011/03/13 09:09:32 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dlcccub.dll [2011/03/13 09:09:31 | 000,131,072 | -H-- | C] () -- C:\WINDOWS\System32\dlccjswr.dll [2011/03/13 09:09:25 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.dll [2011/02/17 18:00:30 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys [2010/05/11 06:24:12 | 000,000,222 | -H-- | C] () -- C:\WINDOWS\System32\SunData.ini [2010/05/11 06:22:51 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\TTL3Util.ini [2010/05/11 06:22:37 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\TTL3.ini [2010/01/07 20:19:32 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2008/12/17 20:03:46 | 000,073,984 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008/10/17 08:26:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\FoneSync.INI [2008/09/13 18:00:52 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/07/02 13:55:05 | 000,000,234 | -H-- | C] () -- C:\WINDOWS\TFF32.ini [2007/10/13 10:41:53 | 000,101,824 | -H-- | C] () -- C:\Program Files\MC [2007/08/22 22:41:51 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/05/28 14:39:51 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll [2007/05/28 14:29:32 | 000,000,584 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat [2007/04/14 10:55:37 | 000,000,107 | -H-- | C] () -- C:\WINDOWS\wpd99.drv [2007/04/14 10:55:17 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2007/04/08 19:50:42 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini [2006/11/25 18:38:40 | 000,001,827 | -H-- | C] () -- C:\WINDOWS\cdPlayer.ini [2006/10/01 19:24:21 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\Viewer.ini [2006/05/21 09:25:51 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\qfnonl.ini [2006/05/21 08:02:13 | 000,000,696 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI [2006/05/21 08:02:12 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\intuprof.ini [2006/05/21 08:02:10 | 000,006,838 | -H-- | C] () -- C:\WINDOWS\ICOADB32.DAT [2005/11/03 15:34:18 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/05 18:40:34 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/10/05 18:40:34 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\86307A10A8.sys [2005/09/21 07:41:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\fusioncache.dat [2005/09/20 19:12:22 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JPR.{PB [2005/09/20 19:12:22 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JCM.{PB [2005/09/16 00:58:59 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2005/09/16 00:50:31 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2005/09/16 00:46:43 | 001,048,576 | -H-- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2005/09/16 00:46:43 | 000,000,231 | -H-- | C] () -- C:\WINDOWS\AC3API.INI [2005/09/16 00:46:34 | 000,003,278 | -H-- | C] () -- C:\WINDOWS\System32\LudaP17.ini [2005/09/16 00:46:34 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/09/16 00:46:29 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\SBWIN.INI [2005/09/16 00:27:14 | 000,060,928 | -H-- | C] () -- C:\WINDOWS\System32\P17.dll [2005/09/16 00:27:14 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2005/09/16 00:27:04 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe [2005/09/16 00:27:00 | 000,087,540 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2005/09/16 00:26:34 | 000,000,394 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/01/28 08:08:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 13:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/10 13:02:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 12:57:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/10 12:57:15 | 000,351,384 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/10 12:51:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 12:51:20 | 000,442,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/10 12:51:20 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 12:51:20 | 000,071,732 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/10 12:51:20 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 12:51:18 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/10 12:51:17 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/10 12:51:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/10 12:51:12 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 12:51:11 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 12:51:05 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 12:50:56 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin ========== Custom Scans ========== [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 05:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll [2004/08/04 05:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005/07/08 22:02:00 | 000,871,040 | -H-- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\drivers\STORAGE\SATA\ONBOARD\iaStor.sys [2005/07/08 22:02:00 | 000,871,040 | -H-- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\i386\iaStor.sys [2005/07/08 22:02:00 | 000,871,040 | -H-- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2009/02/06 13:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 13:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2004/08/04 05:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll [2004/08/04 05:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 05:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll [2004/08/04 05:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: THEMEUI.DLL > [2008/04/13 19:12:07 | 000,385,536 | -H-- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\ServicePackFiles\i386\themeui.dll [2008/04/13 19:12:07 | 000,385,536 | -H-- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\system32\themeui.dll [2004/08/04 05:00:00 | 000,385,536 | -H-- | M] (Microsoft Corporation) MD5=E6796D51CED309E46D29C0B787735615 -- C:\i386\themeui.dll [2004/08/04 05:00:00 | 000,385,536 | -H-- | M] (Microsoft Corporation) MD5=E6796D51CED309E46D29C0B787735615 -- C:\WINDOWS\$NtServicePackUninstall$\themeui.dll < MD5 for: USERINIT.EXE > [2004/08/04 05:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe [2004/08/04 05:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2004/08/10 12:56:48 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav [2004/08/10 12:56:46 | 000,634,880 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav [2004/08/10 12:56:46 | 000,872,448 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report >

Hi, Ran both. Here are the logs. I was able uninstall the Ask toolbar. As far as my system goes my files are "missing" so when I go to All programs and click on Microsoft or ITUNES it says Empty. When I click on them now nothing happens. YIKES! CAE Logfile of random's system information tool 1.09 (written by random/random) Run by Ekenbarger's at 2012-02-21 17:17:34 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 105 GB (70%) free of 149 GB Total RAM: 2558 MB (81% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:17:48 PM, on 2/21/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Napster\napster.exe C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe C:\Program Files\trend micro\Ekenbarger's.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe -rem O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www6.iepdirect.com/ScriptX_6_5/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://e-talk1.whps.org/dwa7W.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O19 - User stylesheet: C:\Documents and Settings\Ekenbarger's\Recent\neopets.css.lnk (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9381 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default<p>prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT3106777&SearchSource=13" prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, toolbar@shopathome.com:5.2.0.0, {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1, {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16" prefs.js - "keyword.URL" - "

Hi, Ran Combofix and MBAM. Combofix did prompt me that it was outdated but my only option was to run it in Reduced Functionality Mode. Please advise if I should disconnect from internet. Thanks. CAE ComboFix 12-02-15.01 - Ekenbarger's 02/21/2012 15:12:07.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1826 [GMT -5:00] Running from: c:\documents and settings\Ekenbarger's\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Ekenbarger's\Desktop\CFscript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} . - REDUCED FUNCTIONALITY MODE - . FILE :: "c:\documents and settings\All Users\Application Data\isecurity.exe" "C:\RECYCLER" . . ((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 ))))))))))))))))))))))))))))))) . . 2012-02-20 23:54 . 2012-02-20 23:54 -------- d-----w- C:\fixpoliciestool 2012-02-20 19:03 . 2012-02-20 19:03 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Malwarebytes 2012-02-20 19:03 . 2012-02-20 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-02-20 19:02 . 2012-02-20 19:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-19 22:45 . 2012-02-19 22:45 14664 ----a-w- c:\windows\stinger.sys 2012-02-19 22:43 . 2012-02-19 22:55 -------- d-----w- c:\program files\stinger 2012-02-18 19:25 . 2012-02-18 19:25 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Sammsoft 2012-02-18 19:25 . 2012-02-18 19:25 -------- d-----w- c:\program files\ARO 2012 2012-02-18 18:12 . 2012-02-21 00:15 -------- d-----w- c:\program files\trend micro 2012-02-18 18:12 . 2012-02-21 00:16 -------- d-----w- C:\rsit 2012-02-18 15:13 . 2012-02-18 15:16 -------- d-----w- C:\ARK 2012-02-18 00:58 . 2012-02-18 00:58 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\QuickScan 2012-02-18 00:56 . 2012-02-19 15:56 -------- d-----w- c:\program files\Ask.com 2012-02-18 00:56 . 2012-02-20 20:49 -------- d-----w- c:\documents and settings\Ekenbarger's\Local Settings\Application Data\AskToolbar 2012-02-18 00:46 . 2012-02-18 00:46 -------- d-----w- c:\program files\Common Files\Java 2012-02-18 00:45 . 2012-02-18 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask 2012-02-18 00:45 . 2012-02-18 00:45 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-02-16 01:00 . 2012-02-16 02:13 -------- d-----w- C:\Combo-Fix 2012-02-12 20:12 . 2012-02-12 20:12 -------- d-----w- c:\program files\ESET 2012-02-10 01:04 . 2012-02-10 01:04 -------- d-----w- C:\_OTL 2012-02-10 00:40 . 2012-02-11 15:24 -------- d-----w- c:\program files\ERUNT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-26 20:43 . 2011-05-06 19:29 23624 ---ha-w- c:\windows\system32\drivers\hitmanpro35.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-02-16_01.54.03 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-21 20:18 . 2012-02-21 20:18 16384 c:\windows\Temp\Perflib_Perfdata_890.dat + 2012-02-21 20:18 . 2012-02-21 20:18 16384 c:\windows\Temp\Perflib_Perfdata_7dc.dat + 2012-02-21 20:10 . 2012-02-21 20:10 16384 c:\windows\Temp\Perflib_Perfdata_139c.dat - 2011-02-15 23:10 . 2011-02-03 02:40 157472 c:\windows\system32\javaws.exe + 2012-02-18 00:45 . 2012-02-18 00:45 157472 c:\windows\system32\javaws.exe + 2012-02-18 00:45 . 2012-02-18 00:45 149280 c:\windows\system32\javaw.exe + 2012-02-18 00:45 . 2012-02-18 00:45 149280 c:\windows\system32\java.exe + 2012-02-18 00:46 . 2012-02-18 00:46 203776 c:\windows\Installer\32890.msi + 2012-02-18 00:45 . 2012-02-18 00:45 901120 c:\windows\Installer\3287c.msi + 2012-02-18 00:56 . 2012-02-19 15:56 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe + 2012-01-27 22:15 . 2012-01-27 22:15 728344 c:\windows\Downloaded Program Files\qsax.dll + 2012-02-19 15:56 . 2012-02-19 15:56 2283520 c:\windows\Installer\4705915.msi - 2005-11-20 04:58 . 2011-05-12 00:00 42829768 c:\windows\system32\MRT.exe + 2005-11-20 04:58 . 2012-02-21 01:00 42829768 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 21:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856] "Bomgar Support Reconnect [1297805904]"="c:\documents and settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" [bU] "AROReminder"="c:\program files\ARO 2012\ARO.exe" [2012-01-06 2552688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-29 323216] "HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= . R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:17 AM 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:17 AM 135664] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2012-02-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:03] . 2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17] . 2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17] . 2012-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2012-02-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2012-02-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-01-03 21:31] . 2012-02-21 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cox.net/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: microsoft.com\www.update FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com FF - Ext: Coupons.com Community Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - %profile%\extensions\{37153479-1976-43c3-a1ee-557513977b64} FF - Ext: WinZipBar Community Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - %profile%\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-21 15:19 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sy@" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*] "datasecu"=hex:28,72,f8,1c,a1,7f,1f,4b,21,f0,dc,17,10,16,7b,fe,96,08,a1,81,ce, 92,9d,a3,99,2a,90,e3,34,37,f3,c6,11,c1,26,63,01,7c,1c,dd,c0,e4,dc,90,37,34,\ "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3340) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\windows\wanmpsvc.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\msdtc.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2012-02-21 15:37:10 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-21 20:36 ComboFix2.txt 2012-02-16 02:12 . Pre-Run: 109,900,771,328 bytes free Post-Run: 109,892,284,416 bytes free . - - End Of File - - A25DB3384A6A4B128374D9C7245585E5 Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.21.05 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 Ekenbarger's :: JAM1 [administrator] 2/21/2012 3:46:01 PM mbam-log-2012-02-21 (15-46-01).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 311633 Time elapsed: 38 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1141\A0405733.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1141\A0405780.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. (end)

Hi, Here are logs. CAE Logfile of random's system information tool 1.09 (written by random/random) Run by Ekenbarger's at 2012-02-20 19:15:08 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 105 GB (70%) free of 149 GB Total RAM: 2558 MB (77% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:15:17 PM, on 2/20/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Napster\napster.exe C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dlcccoms.exe C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe C:\Program Files\trend micro\Ekenbarger's.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - (no file) O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti O4 - HKCU\..\Run: [internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe -rem O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www6.iepdirect.com/ScriptX_6_5/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://e-talk1.whps.org/dwa7W.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O19 - User stylesheet: C:\Documents and Settings\Ekenbarger's\Recent\neopets.css.lnk (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10258 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT3106777&SearchSource=13" prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, toolbar@shopathome.com:5.2.0.0, {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1, {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16" prefs.js - "keyword.URL" - "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=" "{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99] "Description"=getPlus+® "Path"=C:\Program Files\NOS\bin\np_gp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14] "Description"=Google Updater "Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647] "Description"=RealPlayer LiveConnect-Enabled Plug-In "Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647] "Description"=RealJukebox Netscape Plugin "Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652] "Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In "Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652] "Description"=RealPlayer HTML5VideoShim Plug-In "Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647] "Description"=12.0.1.647 "Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP] "Description"=Viewpoint Media Player for Mozilla "Path"=C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ browser.xpt browserdirprovider.dll brwsrcmp.dll components.list FeedConverter.js FeedProcessor.js FeedWriter.js fuelApplication.js GPSDGeolocationProvider.js jsconsole-clhandler.js NetworkGeolocationProvider.js npCouponPrinter.xpt nppl3260.xpt nsAddonRepository.js nsBadCertHandler.js nsBlocklistService.js nsBrowserContentHandler.js nsBrowserGlue.js nsContentDispatchChooser.js nsContentPrefService.js nsDefaultCLH.js nsDownloadManagerUI.js nsExtensionManager.js nsFormAutoComplete.js nsHandlerService.js nsHelperAppDlg.js nsINIProcessor.js nsIQTScriptablePlugin.xpt nsjsrealplayerplugin.xpt nsLivemarkService.js nsLoginInfo.js nsLoginManager.js nsLoginManagerPrompter.js nsMicrosummaryService.js nsPlacesAutoComplete.js nsPlacesDBFlush.js nsPlacesTransactionsService.js nsPrivateBrowsingService.js nsProxyAutoConfig.js nsSafebrowsingApplication.js nsSearchService.js nsSearchSuggestions.js nsSessionStartup.js nsSessionStore.js nsSetDefaultBrowser.js nsSidebar.js nsTaggingService.js nsTryToClose.js nsUpdateService.js nsUpdateServiceStub.js nsUpdateTimerManager.js nsUrlClassifierLib.js nsUrlClassifierListManager.js nsURLFormatter.js nsWebHandlerApp.js pluginGlue.js storage-Legacy.js storage-mozStorage.js txEXSLTRegExFunctions.js WebContentConverter.js C:\Program Files\Mozilla Firefox\plugins\ npCouponPrinter.dll npdeployJava1.dll npMozCouponPrinter.dll npnul32.dll nppdf32.dll nppl3260.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll nprjplug.dll nprpjplug.dll np_gp.dll QuickTimePlugin.class C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml answers.xml creativecommons.xml eBay.xml google.xml wikipedia.xml yahoo.xml C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\ toolbar@shopathome.com {20a82645-c095-46ed-80e3-08825760534b} {37153479-1976-43c3-a1ee-557513977b64} {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\ conduit.xml CouponAlert_2p.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-06-30 386264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-17 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-11 1003576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-17 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Upromise TurboSaver - C:\Program Files\Upromise\upromisetoolbar.dll [] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128] {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-14 344064] "DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 [] "TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2011-06-30 273544] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "NapsterShell"=C:\Program Files\Napster\napster.exe [2008-05-29 323216] "HostManager"=C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe [2006-09-25 50736] "DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] "AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-12-08 421736] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] ""= [] "ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-01-03 1391272] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-28 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Bomgar Support Reconnect [1297805904]"=C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe -nomulti [] "Internet Security"=C:\Documents and Settings\All Users\Application Data\isecurity.exe [] "AROReminder"=C:\Program Files\ARO 2012\ARO.exe [2012-01-06 2552688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDesktop"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe:*:Enabled:AOL Services" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave1"=serwvdrv.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "MSVideo8"=VfWWDM32.dll ======File associations====== .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 month====== 2012-02-20 18:54:33 ----D---- C:\fixpoliciestool 2012-02-20 14:03:11 ----D---- C:\Documents and Settings\Ekenbarger's\Application Data\Malwarebytes 2012-02-20 14:03:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-02-20 14:02:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-02-19 17:45:15 ----A---- C:\WINDOWS\stinger.sys 2012-02-19 17:43:31 ----D---- C:\Program Files\stinger 2012-02-18 14:25:44 ----D---- C:\Documents and Settings\Ekenbarger's\Application Data\Sammsoft 2012-02-18 14:25:28 ----D---- C:\Program Files\ARO 2012 2012-02-18 14:11:21 ----SHD---- C:\RECYCLER 2012-02-18 13:12:13 ----D---- C:\Program Files\trend micro 2012-02-18 13:12:12 ----D---- C:\rsit 2012-02-18 10:13:47 ----D---- C:\ARK 2012-02-17 19:58:27 ----D---- C:\Documents and Settings\Ekenbarger's\Application Data\QuickScan 2012-02-17 19:56:10 ----D---- C:\Program Files\Ask.com 2012-02-17 19:46:06 ----D---- C:\Program Files\Common Files\Java 2012-02-17 19:45:55 ----D---- C:\Documents and Settings\All Users\Application Data\Ask 2012-02-17 19:45:41 ----A---- C:\WINDOWS\system32\javaws.exe 2012-02-17 19:45:41 ----A---- C:\WINDOWS\system32\javaw.exe 2012-02-17 19:45:41 ----A---- C:\WINDOWS\system32\java.exe 2012-02-15 21:12:49 ----A---- C:\ComboFix.txt 2012-02-15 20:08:05 ----A---- C:\Boot.bak 2012-02-15 20:07:50 ----RASHD---- C:\cmdcons 2012-02-15 20:01:58 ----A---- C:\WINDOWS\zip.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\SWXCACLS.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\SWSC.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\SWREG.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\sed.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\PEV.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\NIRCMD.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\MBR.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\grep.exe 2012-02-15 20:00:37 ----D---- C:\Combo-Fix 2012-02-15 19:59:32 ----D---- C:\Qoobox 2012-02-12 15:12:36 ----D---- C:\Program Files\ESET 2012-02-09 20:04:12 ----D---- C:\_OTL 2012-02-09 19:42:02 ----D---- C:\WINDOWS\ERDNT 2012-02-09 19:40:56 ----D---- C:\Program Files\ERUNT 2012-02-06 21:19:19 ----ASH---- C:\hiberfil.sys 2012-02-06 18:27:27 ----A---- C:\WINDOWS\system32\d3d9caps.dat ======List of files/folders modified in the last 1 month====== 2012-02-20 19:01:59 ----HD---- C:\WINDOWS\Prefetch 2012-02-20 18:45:00 ----AH---- C:\WINDOWS\SchedLgU.Txt 2012-02-20 15:48:54 ----SD---- C:\WINDOWS\Tasks 2012-02-20 15:41:29 ----HD---- C:\WINDOWS\Temp 2012-02-20 15:41:29 ----HD---- C:\Program Files\Dl_cats 2012-02-20 14:59:39 ----HD---- C:\WINDOWS\system32\drivers 2012-02-20 14:58:47 ----HD---- C:\WINDOWS\Registration 2012-02-20 14:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ 2012-02-20 14:02:59 ----RD---- C:\Program Files 2012-02-20 14:00:23 ----HD---- C:\WINDOWS\system32 2012-02-19 17:45:15 ----D---- C:\WINDOWS 2012-02-19 17:45:06 ----HD---- C:\WINDOWS\system32\CatRoot2 2012-02-19 10:56:29 ----SHD---- C:\WINDOWS\Installer 2012-02-19 10:56:07 ----D---- C:\Config.Msi 2012-02-18 14:11:16 ----HD---- C:\WINDOWS\system32\drivers\etc 2012-02-17 19:58:27 ----SD---- C:\WINDOWS\Downloaded Program Files 2012-02-17 19:46:06 ----HD---- C:\Program Files\Common Files 2012-02-17 14:30:45 ----HD---- C:\WINDOWS\system32\NtmsData 2012-02-15 20:54:05 ----A---- C:\WINDOWS\system.ini 2012-02-15 20:53:46 ----HD---- C:\WINDOWS\system32\config 2012-02-15 20:28:56 ----HD---- C:\WINDOWS\AppPatch 2012-02-15 20:08:07 ----RASH---- C:\boot.ini 2012-02-06 21:15:32 ----AH---- C:\WINDOWS\ntbtlog.txt 2012-02-06 19:42:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2012-02-06 19:40:12 ----HD---- C:\Program Files\Spybot - Search & Destroy 2012-02-06 16:10:37 ----AH---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-12-01 87488] R0 iastor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iastor.sys [2005-07-08 871040] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-26 43872] R0 symsnap;Symantec Volume Snap Shot Driver; C:\WINDOWS\system32\DRIVERS\symsnap.sys [2007-12-20 136416] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [1999-09-27 34916] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-15 1130496] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648] R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-01-19 15664] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525] R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929] R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672] R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2004-03-24 4272] S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-08-02 42496] S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088] S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104] S3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2006-10-23 46640] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-15 364544] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032] R2 IAANTMon;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142] R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-01-19 4388192] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120] R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536] R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 dlcc_device;dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [2005-06-21 491520] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-12-08 821608] R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-26 194104] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664] S3 nosGetPlusHelper;getPlus® Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Logfile of random's system information tool 1.09 (written by random/random) Run by Ekenbarger's at 2012-02-20 19:01:48 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 105 GB (70%) free of 149 GB Total RAM: 2558 MB (78% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:02:00 PM, on 2/20/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Napster\napster.exe C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dlcccoms.exe C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe C:\Program Files\trend micro\Ekenbarger's.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - (no file) O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti O4 - HKCU\..\Run: [internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe -rem O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www6.iepdirect.com/ScriptX_6_5/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://e-talk1.whps.org/dwa7W.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O19 - User stylesheet: C:\Documents and Settings\Ekenbarger's\Recent\neopets.css.lnk (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10258 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT3106777&SearchSource=13" prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, toolbar@shopathome.com:5.2.0.0, {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1, {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16" prefs.js - "keyword.URL" - "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=" "{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99] "Description"=getPlus+® "Path"=C:\Program Files\NOS\bin\np_gp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14] "Description"=Google Updater "Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647] "Description"=RealPlayer LiveConnect-Enabled Plug-In "Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647] "Description"=RealJukebox Netscape Plugin "Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652] "Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In "Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652] "Description"=RealPlayer HTML5VideoShim Plug-In "Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647] "Description"=12.0.1.647 "Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP] "Description"=Viewpoint Media Player for Mozilla "Path"=C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ browser.xpt browserdirprovider.dll brwsrcmp.dll components.list FeedConverter.js FeedProcessor.js FeedWriter.js fuelApplication.js GPSDGeolocationProvider.js jsconsole-clhandler.js NetworkGeolocationProvider.js npCouponPrinter.xpt nppl3260.xpt nsAddonRepository.js nsBadCertHandler.js nsBlocklistService.js nsBrowserContentHandler.js nsBrowserGlue.js nsContentDispatchChooser.js nsContentPrefService.js nsDefaultCLH.js nsDownloadManagerUI.js nsExtensionManager.js nsFormAutoComplete.js nsHandlerService.js nsHelperAppDlg.js nsINIProcessor.js nsIQTScriptablePlugin.xpt nsjsrealplayerplugin.xpt nsLivemarkService.js nsLoginInfo.js nsLoginManager.js nsLoginManagerPrompter.js nsMicrosummaryService.js nsPlacesAutoComplete.js nsPlacesDBFlush.js nsPlacesTransactionsService.js nsPrivateBrowsingService.js nsProxyAutoConfig.js nsSafebrowsingApplication.js nsSearchService.js nsSearchSuggestions.js nsSessionStartup.js nsSessionStore.js nsSetDefaultBrowser.js nsSidebar.js nsTaggingService.js nsTryToClose.js nsUpdateService.js nsUpdateServiceStub.js nsUpdateTimerManager.js nsUrlClassifierLib.js nsUrlClassifierListManager.js nsURLFormatter.js nsWebHandlerApp.js pluginGlue.js storage-Legacy.js storage-mozStorage.js txEXSLTRegExFunctions.js WebContentConverter.js C:\Program Files\Mozilla Firefox\plugins\ npCouponPrinter.dll npdeployJava1.dll npMozCouponPrinter.dll npnul32.dll nppdf32.dll nppl3260.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll nprjplug.dll nprpjplug.dll np_gp.dll QuickTimePlugin.class C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml answers.xml creativecommons.xml eBay.xml google.xml wikipedia.xml yahoo.xml C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\ toolbar@shopathome.com {20a82645-c095-46ed-80e3-08825760534b} {37153479-1976-43c3-a1ee-557513977b64} {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\ conduit.xml CouponAlert_2p.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-06-30 386264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-17 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-11 1003576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-17 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Upromise TurboSaver - C:\Program Files\Upromise\upromisetoolbar.dll [] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128] {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-14 344064] "DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 [] "TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2011-06-30 273544] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "NapsterShell"=C:\Program Files\Napster\napster.exe [2008-05-29 323216] "HostManager"=C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe [2006-09-25 50736] "DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] "AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-12-08 421736] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] ""= [] "ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-01-03 1391272] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-28 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Bomgar Support Reconnect [1297805904]"=C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe -nomulti [] "Internet Security"=C:\Documents and Settings\All Users\Application Data\isecurity.exe [] "AROReminder"=C:\Program Files\ARO 2012\ARO.exe [2012-01-06 2552688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDesktop"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe:*:Enabled:AOL Services" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave1"=serwvdrv.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "MSVideo8"=VfWWDM32.dll ======File associations====== .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 month====== 2012-02-20 18:54:33 ----D---- C:\fixpoliciestool 2012-02-20 14:03:11 ----D---- C:\Documents and Settings\Ekenbarger's\Application Data\Malwarebytes 2012-02-20 14:03:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-02-20 14:02:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-02-19 17:45:15 ----A---- C:\WINDOWS\stinger.sys 2012-02-19 17:43:31 ----D---- C:\Program Files\stinger 2012-02-18 14:25:44 ----D---- C:\Documents and Settings\Ekenbarger's\Application Data\Sammsoft 2012-02-18 14:25:28 ----D---- C:\Program Files\ARO 2012 2012-02-18 14:11:21 ----SHD---- C:\RECYCLER 2012-02-18 13:12:13 ----D---- C:\Program Files\trend micro 2012-02-18 13:12:12 ----D---- C:\rsit 2012-02-18 10:13:47 ----D---- C:\ARK 2012-02-17 19:58:27 ----D---- C:\Documents and Settings\Ekenbarger's\Application Data\QuickScan 2012-02-17 19:56:10 ----D---- C:\Program Files\Ask.com 2012-02-17 19:46:06 ----D---- C:\Program Files\Common Files\Java 2012-02-17 19:45:55 ----D---- C:\Documents and Settings\All Users\Application Data\Ask 2012-02-17 19:45:41 ----A---- C:\WINDOWS\system32\javaws.exe 2012-02-17 19:45:41 ----A---- C:\WINDOWS\system32\javaw.exe 2012-02-17 19:45:41 ----A---- C:\WINDOWS\system32\java.exe 2012-02-15 21:12:49 ----A---- C:\ComboFix.txt 2012-02-15 20:08:05 ----A---- C:\Boot.bak 2012-02-15 20:07:50 ----RASHD---- C:\cmdcons 2012-02-15 20:01:58 ----A---- C:\WINDOWS\zip.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\SWXCACLS.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\SWSC.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\SWREG.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\sed.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\PEV.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\NIRCMD.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\MBR.exe 2012-02-15 20:01:58 ----A---- C:\WINDOWS\grep.exe 2012-02-15 20:00:37 ----D---- C:\Combo-Fix 2012-02-15 19:59:32 ----D---- C:\Qoobox 2012-02-12 15:12:36 ----D---- C:\Program Files\ESET 2012-02-09 20:04:12 ----D---- C:\_OTL 2012-02-09 19:42:02 ----D---- C:\WINDOWS\ERDNT 2012-02-09 19:40:56 ----D---- C:\Program Files\ERUNT 2012-02-06 21:19:19 ----ASH---- C:\hiberfil.sys 2012-02-06 18:27:27 ----A---- C:\WINDOWS\system32\d3d9caps.dat ======List of files/folders modified in the last 1 month====== 2012-02-20 19:01:52 ----HD---- C:\WINDOWS\Prefetch 2012-02-20 18:45:00 ----AH---- C:\WINDOWS\SchedLgU.Txt 2012-02-20 15:48:54 ----SD---- C:\WINDOWS\Tasks 2012-02-20 15:41:29 ----HD---- C:\Program Files\Dl_cats 2012-02-20 15:41:12 ----HD---- C:\WINDOWS\Temp 2012-02-20 14:59:39 ----HD---- C:\WINDOWS\system32\drivers 2012-02-20 14:58:47 ----HD---- C:\WINDOWS\Registration 2012-02-20 14:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ 2012-02-20 14:02:59 ----RD---- C:\Program Files 2012-02-20 14:00:23 ----HD---- C:\WINDOWS\system32 2012-02-19 17:45:15 ----D---- C:\WINDOWS 2012-02-19 17:45:06 ----HD---- C:\WINDOWS\system32\CatRoot2 2012-02-19 10:56:29 ----SHD---- C:\WINDOWS\Installer 2012-02-19 10:56:07 ----D---- C:\Config.Msi 2012-02-18 14:11:16 ----HD---- C:\WINDOWS\system32\drivers\etc 2012-02-17 19:58:27 ----SD---- C:\WINDOWS\Downloaded Program Files 2012-02-17 19:46:06 ----HD---- C:\Program Files\Common Files 2012-02-17 14:30:45 ----HD---- C:\WINDOWS\system32\NtmsData 2012-02-15 20:54:05 ----A---- C:\WINDOWS\system.ini 2012-02-15 20:53:46 ----HD---- C:\WINDOWS\system32\config 2012-02-15 20:28:56 ----HD---- C:\WINDOWS\AppPatch 2012-02-15 20:08:07 ----RASH---- C:\boot.ini 2012-02-06 21:15:32 ----AH---- C:\WINDOWS\ntbtlog.txt 2012-02-06 19:42:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2012-02-06 19:40:12 ----HD---- C:\Program Files\Spybot - Search & Destroy 2012-02-06 16:10:37 ----AH---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-12-01 87488] R0 iastor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iastor.sys [2005-07-08 871040] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-26 43872] R0 symsnap;Symantec Volume Snap Shot Driver; C:\WINDOWS\system32\DRIVERS\symsnap.sys [2007-12-20 136416] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [1999-09-27 34916] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-15 1130496] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648] R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-01-19 15664] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525] R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929] R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672] R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2004-03-24 4272] S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-08-02 42496] S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088] S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104] S3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2006-10-23 46640] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-15 364544] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032] R2 IAANTMon;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142] R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-01-19 4388192] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120] R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536] R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 dlcc_device;dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [2005-06-21 491520] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-12-08 821608] R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-26 194104] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664] S3 nosGetPlusHelper;getPlus® Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Ok. I think I inadvertently deleted the Fixpolicies tool. Can you provide me with link? CAE

Hi, I reconnected to the internet. Is that okay while I run these? CAE

Hi, MBAM detected and removed 36 Files. My desktop is back. Here is the log. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.01.13.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Ekenbarger's :: JAM1 [administrator] 2/20/2012 2:09:27 PM mbam-log-2012-02-20 (14-09-27).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 297822 Time elapsed: 45 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 36 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397180.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397198.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397175.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397176.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397177.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397178.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397179.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397181.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397182.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397183.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397184.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397185.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397186.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397187.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397188.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397189.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397190.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397191.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397192.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397193.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397194.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397195.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397196.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397222.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397223.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397224.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397225.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397226.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397227.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397228.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397229.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1110\A0397482.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1140\A0404570.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1141\A0405734.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1141\A0405769.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1141\A0405781.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully. (end)

Thanks will do. I knew MBAM was old because I could only reinstall using my old disc. What should I do about my lack of anti-virus?? CAE

Yes.

Hi, I thought I downloaded Avira but at this point I realize I did not. I used the link you provided and clicked on download (for the Avira free version) which I think brought me to download.com. Honestly I wasn't paying close attention just sort of followed the prompts as I thought it was all safe. I must have been redirected at some point. It did ask if I wanted ASK to be my default search which I did think was odd. I answered no but it did change my toolbar. It downloaded a file to my desktop (ARO2012_tbt.exe) which I thought was an acronym for Avira. I installed it and ran the scan. Apparently I am a rogueware magnet. I did everything in your previous post. Ran the full scan from Microsoft. It did not detect any infections but I could not find a log nor did it prompt me to save the information. Nothing found by McAfee either. MBAM cannot be updated. I get an error message stating Access denied check firewall and internet connection. My firewall allows Malwarebytes.org. Before I contacted you I tried to download and update MBAM from the website but got the same message Access denied. I know my version is old there are no sub tabs in settings. I ran it anyway but nothing was found. Please advise on whether I should try the other links you provided for anti-virus as I have none currently. Here are the logs. Thanks. CAE McAfee® Labs Stinger Version 10.2.0.512 built on Feb 17 2012 Copyright © 2011 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Feb 17 2012. Ready to scan for 4070 viruses, trojans and variants. Scan initiated on Sun Feb 19 17:44:57 2012 Rootkit scan result : Not Scanned Master Boot Record(s):....2 Possibly Infected:.............0 Boot Sector(s):.................2 Possibly Infected: ............0 Number of clean files: 41305 Malwarebytes' Anti-Malware 1.18 Database version: 870 9:41:13 AM 2/20/2012 mbam-log-2-20-2012 (09-41-13).txt Scan type: Full Scan (C:\|E:\|F:\|) Objects scanned: 148348 Time elapsed: 30 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Hi, Not sure how that happened!!!! I am very appreciative of your efforts and I have followed your directions exactly as you have stated. I have only used internet explorer to go to this forum or download from the links you have provided. I never knowingly downloaded anything from Sammsoft! I did click on the Avira link you provided and downloaded their antivirus software and ran the scan. Please let me assure you that I do not even know what a registry cleaners is. I have opened a couple of old word documents because I needed some information but that is all I have done on this computer. My son accesses the WiFi for his IPOD. Should I tell him to stop? I was not planning to do my work on this computer just wondering if I should hang out here rather than go work. Also I do not have a back up of this system but at this point if I could just recover some of my word documents I would be happy. I can access another system but not in the house. I am living by smartphone alone. Again thank you for your help. CAE