caewe12

Okay. Ran the OTL. Will you be online later? I need to get some work done but this is a huge priority for me. Any idea what the time line for resolution might be? Thanks. CAE OTL logfile created on: 2/19/2012 10:51:33 AM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ekenbarger's\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.50 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 78.06% Memory free 3.09 Gb Paging File | 2.73 Gb Available in Paging File | 88.08% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.58 Gb Total Space | 102.65 Gb Free Space | 70.51% Space Free | Partition Type: NTFS Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 465.76 Gb Total Space | 412.77 Gb Free Space | 88.62% Space Free | Partition Type: NTFS Computer Name: JAM1 | User Name: Ekenbarger's | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011/06/30 16:21:23 | 000,273,544 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe PRC - [2008/05/29 16:18:26 | 000,323,216 | -H-- | M] (Napster) -- C:\Program Files\Napster\napster.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe PRC - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe PRC - [2006/10/23 07:50:35 | 000,046,640 | RH-- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe PRC - [2006/09/25 19:52:48 | 000,050,736 | -H-- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe PRC - [2005/04/25 08:49:52 | 000,086,142 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2005/01/27 01:02:00 | 000,086,016 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe PRC - [2003/08/27 10:29:46 | 000,065,536 | -H-- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe ========== Modules (No Company Name) ========== MOD - [2011/11/01 23:26:32 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2005/06/21 15:22:06 | 000,483,328 | -H-- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll MOD - [2005/06/06 10:58:38 | 000,065,536 | -H-- | M] () -- C:\WINDOWS\system32\dlcccfg.dll MOD - [2005/04/01 11:44:16 | 000,061,440 | -H-- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll MOD - [2005/01/27 01:02:00 | 000,086,016 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus® SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService) SRV - [2007/09/12 18:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006/10/23 07:50:35 | 000,046,640 | RH-- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2005/06/21 15:19:38 | 000,491,520 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device) SRV - [2005/04/25 08:49:52 | 000,086,142 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel® SRV - [2003/08/27 10:29:46 | 000,065,536 | -H-- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) ========== Driver Services (SafeList) ========== DRV - [2009/11/04 16:54:12 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/11/04 16:53:40 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008/04/13 13:56:49 | 000,012,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008/01/19 20:12:42 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008/01/19 19:45:40 | 000,038,112 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount) DRV - [2008/01/19 19:40:16 | 000,015,088 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV - [2007/12/20 17:13:54 | 000,136,416 | -H-- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap) DRV - [2007/04/16 12:28:02 | 000,194,362 | -H-- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2006/01/26 12:21:04 | 000,034,686 | -H-- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2006/01/10 11:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/04/15 02:14:58 | 001,130,496 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/11/02 15:12:14 | 000,019,456 | -H-- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RDPCDD.sy@ -- (RDPCDD) DRV - [2004/06/16 03:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/06/09 17:16:00 | 000,840,960 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17) DRV - [2004/03/24 10:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci) DRV - [2004/03/06 04:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/03/06 04:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/03/06 04:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2003/09/22 13:48:00 | 000,130,192 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2003/09/22 13:47:00 | 000,178,672 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003/09/19 14:47:24 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003/03/05 18:19:00 | 000,015,840 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT) DRV - [2003/01/10 16:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/11/08 19:45:06 | 000,017,217 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [1999/09/27 10:48:42 | 000,034,916 | -H-- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "WinZipBar Customized Web Search" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3106777&SearchSource=13" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0 FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1 FF - prefs.js..extensions.enabledItems: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0 FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/30 16:21:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 18:23:55 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/18 14:12:08 | 000,000,000 | -H-D | M] [2008/12/18 23:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Extensions [2011/12/26 17:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions [2010/06/10 15:38:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/08/11 19:00:55 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64} [2011/12/26 15:55:10 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} [2011/09/03 08:54:55 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\toolbar@shopathome.com [2011/12/16 19:41:06 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\conduit.xml [2011/10/18 15:04:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\CouponAlert_2p.xml [2012/02/17 19:45:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/02/17 19:45:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011/06/30 16:21:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/02/17 19:45:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/13 16:52:56 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/02/17 19:45:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/07/13 16:52:58 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2012/02/18 14:11:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found. O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL () O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe (Support.com, Inc.) O4 - HKCU..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti File not found O4 - HKCU..\Run: [internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O8 - Extra context menu item: &Search - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www6.iepdirect.com/ScriptX_6_5/smsx.cab (MeadCo ScriptX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://e-talk1.whps.org/dwa7W.cab (Domino Web Access 7 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{830D72BE-6132-4A2A-B8DD-7BC8B69A920B}: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/18 14:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sammsoft [2012/02/18 14:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2012 [2012/02/18 14:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2012 [2012/02/18 14:17:58 | 006,716,856 | ---- | C] (Support.com ) -- C:\Documents and Settings\Ekenbarger's\Desktop\ARO2012_tbt.exe [2012/02/18 14:11:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/02/18 13:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012/02/18 13:12:12 | 000,000,000 | ---D | C] -- C:\rsit [2012/02/18 10:13:47 | 000,000,000 | ---D | C] -- C:\ARK [2012/02/18 09:49:52 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe [2012/02/17 20:05:02 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ekenbarger's\Desktop\aswMBR.exe [2012/02/17 19:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Application Data\QuickScan [2012/02/17 19:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/02/17 19:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\AskToolbar [2012/02/17 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/02/17 19:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/02/15 21:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/15 20:07:50 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/02/15 20:01:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/02/15 20:01:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/02/15 20:01:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/02/15 20:01:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/02/15 20:00:37 | 000,000,000 | ---D | C] -- C:\Combo-Fix [2012/02/15 19:59:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/02/15 19:56:46 | 004,404,931 | R--- | C] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\Combo-Fix.exe [2012/02/12 15:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/02/11 20:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\WscsvcXP [2012/02/09 20:18:06 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ekenbarger's\Desktop\mbam--setup-1.60.1.1000.exe [2012/02/09 20:04:12 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/09 19:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/02/09 19:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/02/09 19:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/02/09 19:39:53 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ekenbarger's\Desktop\erunt-setup.exe [2012/02/07 19:06:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr [2012/02/07 19:06:22 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr [2012/02/07 17:33:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Administrative Tools [2012/02/06 20:34:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ekenbarger's\Recent [2012/02/06 19:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2012/02/06 19:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe [2005/09/16 00:27:14 | 000,065,536 | -H-- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/19 10:51:24 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job [2012/02/19 10:51:24 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job [2012/02/19 10:36:46 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job [2012/02/19 10:15:01 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/02/19 09:56:01 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/02/18 22:17:02 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/02/18 16:15:01 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/02/18 14:54:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012/02/18 14:25:33 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Check PC For Errors.lnk [2012/02/18 14:25:33 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk [2012/02/18 14:19:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/18 14:19:42 | 2682,425,344 | -HS- | M] () -- C:\hiberfil.sys [2012/02/18 14:17:57 | 006,716,856 | ---- | M] (Support.com ) -- C:\Documents and Settings\Ekenbarger's\Desktop\ARO2012_tbt.exe [2012/02/18 14:11:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012/02/18 13:11:47 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe [2012/02/18 09:49:58 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe [2012/02/18 09:44:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\MBR.dat [2012/02/18 09:39:28 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ekenbarger's\Desktop\aswMBR.exe [2012/02/15 21:30:54 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2012/02/15 20:08:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/02/15 19:56:57 | 004,404,931 | R--- | M] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\Combo-Fix.exe [2012/02/11 20:12:25 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\WscsvcXP.zip [2012/02/11 14:35:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/02/11 11:34:41 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ekenbarger's\Desktop\mbam--setup-1.60.1.1000.exe [2012/02/11 10:24:45 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\NTREGOPT.lnk [2012/02/11 10:24:45 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\ERUNT.lnk [2012/02/11 10:23:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ekenbarger's\Desktop\erunt-setup.exe [2012/02/07 19:14:21 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe [2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr [2012/02/07 19:06:23 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr [2012/02/07 17:12:06 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe [2012/02/07 16:56:39 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk [2012/02/07 16:47:51 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk [2012/02/06 21:23:09 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk [2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk [2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/02/06 19:39:14 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe [2012/02/06 18:35:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/06 14:52:57 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/18 14:25:33 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Check PC For Errors.lnk [2012/02/18 14:25:33 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk [2012/02/18 13:11:44 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe [2012/02/18 09:44:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\MBR.dat [2012/02/17 19:56:11 | 000,000,248 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/02/15 21:30:54 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2012/02/15 20:08:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/02/15 20:07:54 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/02/15 20:01:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/02/15 20:01:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/02/15 20:01:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/02/15 20:01:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/02/15 20:01:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/02/11 20:12:30 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\WscsvcXP.zip [2012/02/09 19:40:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\NTREGOPT.lnk [2012/02/09 19:40:56 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\ERUNT.lnk [2012/02/07 19:14:17 | 000,879,683 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe [2012/02/07 17:12:05 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe [2012/02/07 16:56:39 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk [2012/02/07 16:47:51 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk [2012/02/07 06:12:36 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Internet Explorer (2).lnk [2012/02/06 21:23:09 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk [2012/02/06 21:19:19 | 2682,425,344 | -HS- | C] () -- C:\hiberfil.sys [2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk [2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/02/06 18:27:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/06 14:52:57 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2011/05/21 09:05:16 | 000,709,456 | -H-- | C] () -- C:\WINDOWS\is-JCNJV.exe [2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k [2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k [2011/05/06 14:29:52 | 000,023,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011/03/13 09:09:42 | 000,638,976 | -H-- | C] () -- C:\WINDOWS\System32\dlccpmui.dll [2011/03/13 09:09:42 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsr.dll [2011/03/13 09:09:41 | 000,372,736 | -H-- | C] () -- C:\WINDOWS\System32\dlccih.exe [2011/03/13 09:09:41 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccins.dll [2011/03/13 09:09:41 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlccvs.dll [2011/03/13 09:09:40 | 000,413,696 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomm.dll [2011/03/13 09:09:40 | 000,368,640 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.exe [2011/03/13 09:09:40 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\dlccpplc.dll [2011/03/13 09:09:39 | 001,134,592 | -H-- | C] () -- C:\WINDOWS\System32\dlccusb1.dll [2011/03/13 09:09:39 | 000,770,048 | -H-- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll [2011/03/13 09:09:39 | 000,483,328 | -H-- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll [2011/03/13 09:09:38 | 000,704,512 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomc.dll [2011/03/13 09:09:38 | 000,491,520 | -H-- | C] () -- C:\WINDOWS\System32\dlcccoms.exe [2011/03/13 09:09:38 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccprox.dll [2011/03/13 09:09:37 | 001,183,744 | -H-- | C] () -- C:\WINDOWS\System32\dlccserv.dll [2011/03/13 09:09:36 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\dlcccur.dll [2011/03/13 09:09:35 | 000,430,080 | -H-- | C] () -- C:\WINDOWS\System32\dlccutil.dll [2011/03/13 09:09:35 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\dlcccu.dll [2011/03/13 09:09:32 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsb.dll [2011/03/13 09:09:32 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dlcccub.dll [2011/03/13 09:09:31 | 000,131,072 | -H-- | C] () -- C:\WINDOWS\System32\dlccjswr.dll [2011/03/13 09:09:25 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.dll [2011/02/17 18:00:30 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys [2010/05/11 06:24:12 | 000,000,222 | -H-- | C] () -- C:\WINDOWS\System32\SunData.ini [2010/05/11 06:22:51 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\TTL3Util.ini [2010/05/11 06:22:37 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\TTL3.ini [2010/01/07 20:19:32 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2008/12/17 20:03:46 | 000,073,984 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008/10/17 08:26:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\FoneSync.INI [2008/09/13 18:00:52 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/07/02 13:55:05 | 000,000,234 | -H-- | C] () -- C:\WINDOWS\TFF32.ini [2007/10/13 10:41:53 | 000,101,824 | -H-- | C] () -- C:\Program Files\MC [2007/08/22 22:41:51 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/05/28 14:39:51 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll [2007/05/28 14:29:32 | 000,000,584 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat [2007/04/14 10:55:37 | 000,000,107 | -H-- | C] () -- C:\WINDOWS\wpd99.drv [2007/04/14 10:55:17 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2007/04/08 19:50:42 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini [2006/11/25 18:38:40 | 000,001,827 | -H-- | C] () -- C:\WINDOWS\cdPlayer.ini [2006/10/01 19:24:21 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\Viewer.ini [2006/05/21 09:25:51 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\qfnonl.ini [2006/05/21 08:02:13 | 000,000,696 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI [2006/05/21 08:02:12 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\intuprof.ini [2006/05/21 08:02:10 | 000,006,838 | -H-- | C] () -- C:\WINDOWS\ICOADB32.DAT [2005/11/03 15:34:18 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/05 18:40:34 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/10/05 18:40:34 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\86307A10A8.sys [2005/09/21 07:41:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\fusioncache.dat [2005/09/20 19:12:22 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JPR.{PB [2005/09/20 19:12:22 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JCM.{PB [2005/09/16 00:58:59 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2005/09/16 00:50:31 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2005/09/16 00:46:43 | 001,048,576 | -H-- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2005/09/16 00:46:43 | 000,000,231 | -H-- | C] () -- C:\WINDOWS\AC3API.INI [2005/09/16 00:46:34 | 000,003,278 | -H-- | C] () -- C:\WINDOWS\System32\LudaP17.ini [2005/09/16 00:46:34 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/09/16 00:46:29 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\SBWIN.INI [2005/09/16 00:27:14 | 000,060,928 | -H-- | C] () -- C:\WINDOWS\System32\P17.dll [2005/09/16 00:27:14 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2005/09/16 00:27:04 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe [2005/09/16 00:27:00 | 000,087,540 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2005/09/16 00:26:34 | 000,000,394 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/01/28 08:08:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 13:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/10 13:02:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 12:57:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/10 12:57:15 | 000,351,384 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/10 12:51:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 12:51:20 | 000,442,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/10 12:51:20 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 12:51:20 | 000,071,732 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/10 12:51:20 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 12:51:18 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/10 12:51:17 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/10 12:51:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/10 12:51:12 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 12:51:11 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 12:51:05 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 12:50:56 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin ========== LOP Check ========== [2012/02/17 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2009/06/24 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs [2011/02/03 14:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2011/12/26 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2008/01/05 19:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2007/04/14 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2008/12/19 21:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2009/06/24 20:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPORE [2008/12/20 00:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2007/03/11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2011/12/26 15:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC [2011/12/26 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/04 08:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/04 14:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011/12/26 12:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\ElevatedDiagnostics [2011/04/10 12:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\gtk-2.0 [2007/01/29 18:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Leadertech [2011/07/31 17:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Nikon [2012/02/17 19:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\QuickScan [2012/02/18 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sammsoft [2007/05/13 06:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SmartDraw [2010/06/16 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SPORE [2007/03/11 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint [2012/02/19 09:56:01 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2012/02/19 10:36:46 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job ========== Purity Check ========== < End of report >

Hi, The ARO scanlog looks like the same information that popped up when I ran the scan. I did a file search and found it. I can tell you how (the pathway retraced) C:/Documents and Settings then Ekenbargers folders then Application Data then Sammsoft folder then ARO folder then Version 2012 folder and then in there were different files including AROscanlog.xml. Will run the OTL now. CAE

Hi, Not sure if this is relevant to anything but woke up this am and found an error message on the computer along with an Apple Update pop up. The Windows error message said "Generic Host Process for Win32 Services has encountered a problem........" it asked if I wanted to send a report. I have the error signature info if you think it is important I'll post it. Thanks. CAE

AROscanlog218.txtHi, Ran a couple of file searches and found the ARO scanlog. It is a xlm file so I saved it into Notepad as a txt file thinking that might work but when I cut and pasted it into my reply the computer froze. I am going to try and send it as an attachment. Thanks. CAE

Hi, Quite frustrated at this point. Ran OTL. See log below. Uninstalled McAfee and downloaded Avira Free. Ran the scan but couldn't seem to find the log or how to save. Export log was the only option. Tried that and it wanted to run Active X which I was unsure about allowing. I know malware uses Active X sometimes. So I didn't allow it but then my computer wasn't responding and I had to close the window. Clicked on the ARO icon "Check PC for errors" and a pop up with a message appeared "Reminder registry errors and tweaks were remaining and your junk status was caution after your last scan. Buy now to repair all and have fewer errors on your PC...yada yada. There are two buttons - Keep these errors or Buy now and also a remove option. I went into the ARO folder via the Program Files folder and there are files but nothing that looks like a log to me. Extensions in the folder are exe, dll, Ini, dat, hta and bmp. Afraid to click on anything. HELP! All processes killed ========== PROCESSES ========== ========== FILES ========== C:\RECYCLER\S-1-5-21-1946173170-350803515-410004273-1006 folder moved successfully. C:\RECYCLER folder moved successfully. recycler not found in D:\ F:\RECYCLER\S-1-5-21-1946173170-350803515-410004273-1006 folder moved successfully. F:\RECYCLER folder moved successfully. File\Folder C:\Program Files\SelectRebates\SelectRebates.exe not found. File\Folder C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe not found. File\Folder C:\Documents and Settings\All Users\Application Data\isecurity.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SelectRebates deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wgjpPXjtqGl.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Security not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Ekenbarger's ->Temp folder emptied: 57072191 bytes ->Temporary Internet Files folder emptied: 8413002 bytes ->Java cache emptied: 182135 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 566 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Google Chrome cache emptied: 0 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 472808 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 49422 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1874 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 63.00 mb Restore point Set: OTL Restore Point (0) [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Ekenbarger's ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService User: Owner Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02182012_141114 Files\Folders moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_1304.dat moved successfully. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1d04.dat not found! Registry entries deleted on Reboot...

Hi, The issue with the McAfee is that I cannot enable it. In Windows Security Center it states "McAfee Antivirus and Antispyware reports that it is turned off". There is a file in the Programs Folder McAfee Security Scan Plus but it is empty so not sure how to get more information about it. It was provided by my internet service provider Cox and I thought it was automatically updated. In the past if prompted to update it I have done so. Honestly as far as a time line.........I don't remember. Sorry. I fear I am pretty inept when it comes to computers, realizing I will need to educate myself a bit. Ran RSIT. Here are the logs. Logfile of random's system information tool 1.09 (written by random/random) Run by Ekenbarger's at 2012-02-18 13:12:12 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 105 GB (71%) free of 149 GB Total RAM: 2558 MB (78% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:12:33 PM, on 2/18/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Napster\napster.exe C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\WINDOWS\system32\dlcccoms.exe C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe C:\Program Files\trend micro\Ekenbarger's.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - (no file) O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [selectRebates] C:\Program Files\SelectRebates\SelectRebates.exe O4 - HKLM\..\Run: [wgjpPXjtqGl.exe] C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti O4 - HKCU\..\Run: [internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www6.iepdirect.com/ScriptX_6_5/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://e-talk1.whps.org/dwa7W.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O19 - User stylesheet: C:\Documents and Settings\Ekenbarger's\Recent\neopets.css.lnk (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10381 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default<p>prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT3106777&SearchSource=13" prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, toolbar@shopathome.com:5.2.0.0, {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1, {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16" prefs.js - "keyword.URL" - "

Hi, Was able to run scan. No log. Message: GMER hasn't found any system modification. Feel like I need to state again that I am unable to do anything to my McAfee. Thanks. CAE

Hi, Was able to run the asw.MBR.exe. The FIX button was not enabled. I downloaded the TDSSKiller but it wouldn't run...exactly like the asw.MBR.exe previously. Am I doing something wrong? YIKES! Please advise. CAE - Thanks aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software Run date: 2012-02-18 09:39:36 ----------------------------- 09:39:36.312 OS Version: Windows 5.1.2600 Service Pack 3 09:39:36.312 Number of processors: 2 586 0x403 09:39:36.312 ComputerName: JAM1 UserName: 09:39:37.109 Initialize success 09:42:09.140 AVAST engine defs: 12021800 09:42:36.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 09:42:36.593 Disk 0 Vendor: Maxtor_6 YAR5 Size: 152587MB BusType: 3 09:42:36.593 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1 09:42:36.593 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 09:42:36.625 Disk 0 MBR read successfully 09:42:36.625 Disk 0 MBR scan 09:42:36.671 Disk 0 unknown MBR code 09:42:36.671 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63 09:42:36.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149071 MB offset 112455 09:42:36.718 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3459 MB offset 305411715 09:42:36.718 Disk 0 scanning sectors +312499984 09:42:36.765 Disk 0 scanning C:\WINDOWS\system32\drivers 09:42:48.109 Service scanning 09:43:09.031 Modules scanning 09:43:13.781 Scan finished successfully 09:44:01.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ekenbarger's\Desktop\MBR.dat" 09:44:01.515 The log file has been saved successfully to "C:\Documents and Settings\Ekenbarger's\Desktop\aswMBR.txt"

Report 2012-02-17 19.58.33.txtHi, I am logged into Windows normal mode and have been the entire time. I meant when I log is as I typically do under my usual user name, I think I have administrator privileges. See attached log. Thank you.

Hi Maurice, Ran into a bit of a snag. Java removal and reinstall completed as well as ran Quickscan (no infections). My desktop did disappear again after the reboot though. Downloaded aswMBR.exe but it will not run. I right clicked, then clicked on Run as but administrator was not an option. I think when I log in normally I have administrator privileges. I have also been unable to activate my McAfee. Think I need to go to website but have not since you advised I refrain from websurfing. Please advise. Thank you. CAE PS Tried to insert log but too long - should I split or is there another way to send it?

Hi, The log per your request. ComboFix 12-02-15.01 - Ekenbarger's 02/15/2012 20:13:14.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1940 [GMT -5:00] Running from: c:\documents and settings\Ekenbarger's\Desktop\Combo-Fix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Ekenbarger's\My Documents\~WRL0003.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL0035.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL1702.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL1764.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL1793.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL1884.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL2298.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL2497.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL2780.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL3446.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL3580.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL3672.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL3807.tmp c:\documents and settings\Ekenbarger's\My Documents\~WRL3842.tmp c:\documents and settings\Ekenbarger's\Start Menu\Programs\System Check c:\documents and settings\Ekenbarger's\Start Menu\Programs\System Check\System Check.lnk c:\documents and settings\Ekenbarger's\Start Menu\Programs\System Check\Uninstall System Check.lnk c:\documents and settings\Ekenbarger's\System c:\documents and settings\Ekenbarger's\System\win_qs8.jqx c:\documents and settings\Ekenbarger's\WINDOWS c:\program files\CouponAlert_2pEI c:\program files\SelectRebates c:\program files\SelectRebates\FFToolbar\chrome.manifest c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js c:\program files\SelectRebates\FFToolbar\install.rdf c:\program files\SelectRebates\SahImages\alert.png c:\program files\SelectRebates\SahImages\check.png c:\program files\SelectRebates\SahImages\close.png c:\program files\SelectRebates\SelectAlerts.dat c:\program files\SelectRebates\SelectRebates.exe c:\program files\SelectRebates\SelectRebates.ini c:\program files\SelectRebates\SelectRebatesA.dat c:\program files\SelectRebates\SelectRebatesApi.exe c:\program files\SelectRebates\SelectRebatesB.dat c:\program files\SelectRebates\SelectRebatesBT.dat c:\program files\SelectRebates\SelectRebatesDownload.exe c:\program files\SelectRebates\SelectRebatesH.dat c:\program files\SelectRebates\SelectRebatesUninstall.exe c:\program files\SelectRebates\SRebates.dll c:\program files\SelectRebates\SRFF3.dll c:\program files\SelectRebates\Toolbar\AddtoList.bmp c:\program files\SelectRebates\Toolbar\basis.xml c:\program files\SelectRebates\Toolbar\Basis.xml.dym c:\program files\SelectRebates\Toolbar\Blank.bmp c:\program files\SelectRebates\Toolbar\CashBack.bmp c:\program files\SelectRebates\Toolbar\Coupons.bmp c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp c:\program files\SelectRebates\Toolbar\i_magnifying.bmp c:\program files\SelectRebates\Toolbar\icons.bmp c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp c:\program files\SelectRebates\Toolbar\logo.bmp c:\program files\SelectRebates\Toolbar\logo_24.bmp c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp c:\program files\SelectRebates\Toolbar\ReviewSite.bmp c:\program files\SelectRebates\Toolbar\RightControls.dym c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp c:\program files\SelectRebates\Toolbar\sahtb-go.bmp c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp c:\program files\SelectRebates\Toolbar\Scissors.bmp c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll c:\program files\Shared c:\program files\Shared\shared.sig c:\windows\settings.reg c:\windows\system32\bszip.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_TDSSSERV.SYS . . ((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 ))))))))))))))))))))))))))))))) . . 2012-02-12 20:12 . 2012-02-12 20:12 -------- d-----w- c:\program files\ESET 2012-02-10 01:04 . 2012-02-10 01:04 -------- d-----w- C:\_OTL 2012-02-10 00:40 . 2012-02-11 15:24 -------- d-----w- c:\program files\ERUNT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-26 20:43 . 2011-05-06 19:29 23624 ---ha-w- c:\windows\system32\drivers\hitmanpro35.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-29 323216] "HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:17 AM 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:17 AM 135664] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WUAUSERV . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2012-02-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:03] . 2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17] . 2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17] . 2012-02-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2012-02-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cox.net/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: microsoft.com\www.update TCP: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12 FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - WinZipBar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com FF - Ext: Coupons.com Community Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - %profile%\extensions\{37153479-1976-43c3-a1ee-557513977b64} FF - Ext: WinZipBar Community Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - %profile%\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-Bomgar Support Reconnect [1297805904] - c:\documents and settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe HKCU-Run-Internet Security - c:\documents and settings\All Users\Application Data\isecurity.exe HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe AddRemove-EADM - c:\program files\Electronic Arts\EADM\EADMUI\EADMUninstall.exe AddRemove-Jimmy Neutron Boy Genius - c:\program files\THQ\Jimmy Neutron\Jimmy Neutron Boy Genius\Uninst.isu AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb AddRemove-{83d96ed0-98aa-4515-8ddc-816f3efdd104} - c:\program files\InstallShield Installation Information\{83d96ed0-98aa-4515-8ddc-816f3efdd104}\setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-15 20:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sy@" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*] "datasecu"=hex:28,72,f8,1c,a1,7f,1f,4b,21,f0,dc,17,10,16,7b,fe,96,08,a1,81,ce, 92,9d,a3,99,2a,90,e3,34,37,f3,c6,11,c1,26,63,01,7c,1c,dd,c0,e4,dc,90,37,34,\ "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1692) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\jscript.dll c:\windows\system32\Macromed\Flash\Flash10v.ocx c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\windows\wanmpsvc.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\msdtc.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2012-02-15 21:12:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-16 02:12 . Pre-Run: 110,561,619,968 bytes free Post-Run: 110,381,297,664 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 4B8A44505CB55A0661A125526156A871 Thanks. CAE

Hi, Here is the log. Thank you. CAE All processes killed ========== PROCESSES ========== ========== FILES ========== C:\RECYCLER\S-1-5-21-1946173170-350803515-410004273-1006 folder moved successfully. C:\RECYCLER folder moved successfully. recycler not found in D:\ F:\RECYCLER\S-1-5-21-1946173170-350803515-410004273-1006 folder moved successfully. F:\RECYCLER folder moved successfully. File\Folder C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe not found. File\Folder C:\Documents and Settings\All Users\Application Data\isecurity.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Security not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2012 not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wgjpPXjtqGl.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Ekenbarger's ->Temp folder emptied: 17746 bytes ->Temporary Internet Files folder emptied: 32905761 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Google Chrome cache emptied: 0 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 730974 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 32.00 mb Restore point Set: OTL Restore Point (0) [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Ekenbarger's ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService User: Owner Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02132012_171011 Files\Folders moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_1eb0.dat moved successfully. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2604.dat not found! Registry entries deleted on Reboot...

OOPS Forgot....I am unable to manage security settings either through the tray icon or control panel. When I try to turn on automatic updates and virus protection through the tray icon I get an error message stating "We're sorry. The Security Center could not change your automatic settings..." It suggests I go through control panel but when I do the pop ups show everything that should (or shouldn't be) checked is yet nothing changes in the Security Center. The firewall is on now. When I go to the start menu to All Programs the McAfee file it is empty as are the majority of the files listed there. Thanks. CAE

Hi, I ran the ESET online scanner. Please see the log below. I am assuming Spybot was off as the link's instructions were followed previously. McAfee is through my ISP. Please advise as to your thoughts/recommendations on anti-virus programs. Greatly appreciate your time. CAE C:\Documents and Settings\Ekenbarger's\My Documents\incredimail_install.exe probably a variant of Win32/Agent.DYVNCLY trojan C:\Documents and Settings\Ekenbarger's\My Documents\My Music\iTunes\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application F:\My Videos\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application

XP Security shows that the firewall is on and McAfee anti-virus and anti-spyware are off. Thanks. CAE

Glad you're back...was worried this was hopeless. Reporting back on the "Services" tab. Did not do anything beyond that yet. Base filtering - not shown Ipsec Policy Agent - shown as ISPEC Services was checked Remote Procedure Call (RPC) Locator - was shown as Remote Procedure Call (...Yes). There were two of them (identical) both checked, one running and one stopped. RPC Endpoint Mapper - not shown Security Center and Windows Firewall both checked. Thank you!!

Please advise. CAE

I completed up to step 5 but could not update Malware. I rec'd messages update failed and access denied. I cannot do anything to McAfee or my firewall. When the computer reboots the icon in the tray show a message states McAfee anti virus off and firewall off but in Windows Security the firewall is on. When I click on it nothing happens. I scanned with Malware but no infected files detected. Help. CAE

Yes, I did everything you requested in your first response yesterday but didn't let Security Check run long enough. I re-ran everything tonight but didn't get a new OTL.extras log. I am sending the one from yesterday. Sorry I sent the wrong logs. No websurfing but I did have to reboot the computer as I could not open Internet Explorer and my desktop file at the same time with OTH. I have McAfee but Windows says it is turned off. The firewall is on. I also have Malwarebytes but it hasn't been scanning like it used to. Thank you for your help. CAE OTL.txt log OTL logfile created on: 2/8/2012 5:47:12 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ekenbarger's\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.50 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 80.77% Memory free 3.09 Gb Paging File | 2.85 Gb Available in Paging File | 92.07% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.58 Gb Total Space | 103.01 Gb Free Space | 70.76% Space Free | Partition Type: NTFS Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 465.76 Gb Total Space | 412.81 Gb Free Space | 88.63% Space Free | Partition Type: NTFS Computer Name: JAM1 | User Name: Ekenbarger's | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr PRC - [2012/02/07 19:06:23 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr PRC - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe PRC - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe ========== Modules (No Company Name) ========== MOD - [2005/06/21 15:22:06 | 000,483,328 | -H-- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll MOD - [2005/06/06 10:58:38 | 000,065,536 | -H-- | M] () -- C:\WINDOWS\system32\dlcccfg.dll MOD - [2005/04/01 11:44:16 | 000,061,440 | -H-- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus® SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2010/01/15 07:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService) SRV - [2007/09/12 18:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006/10/23 07:50:35 | 000,046,640 | RH-- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2005/06/21 15:19:38 | 000,491,520 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device) SRV - [2005/04/25 08:49:52 | 000,086,142 | -H-- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel® SRV - [2003/08/27 10:29:46 | 000,065,536 | -H-- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) ========== Driver Services (SafeList) ========== DRV - [2009/11/04 16:54:12 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/11/04 16:53:40 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008/04/13 13:56:49 | 000,012,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008/01/19 20:12:42 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008/01/19 19:45:40 | 000,038,112 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount) DRV - [2008/01/19 19:40:16 | 000,015,088 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV - [2007/12/20 17:13:54 | 000,136,416 | -H-- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap) DRV - [2007/04/16 12:28:02 | 000,194,362 | -H-- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2006/01/26 12:21:04 | 000,034,686 | -H-- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2006/01/10 11:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/04/15 02:14:58 | 001,130,496 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/11/02 15:12:14 | 000,019,456 | -H-- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RDPCDD.sy@ -- (RDPCDD) DRV - [2004/06/16 03:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/06/09 17:16:00 | 000,840,960 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17) DRV - [2004/03/24 10:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci) DRV - [2004/03/06 04:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/03/06 04:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/03/06 04:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2003/09/22 13:48:00 | 000,130,192 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2003/09/22 13:47:00 | 000,178,672 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003/09/19 14:47:24 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003/03/05 18:19:00 | 000,015,840 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT) DRV - [2003/01/10 16:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/11/08 19:45:06 | 000,017,217 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [1999/09/27 10:48:42 | 000,034,916 | -H-- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "WinZipBar Customized Web Search" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3106777&SearchSource=13" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0 FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1 FF - prefs.js..extensions.enabledItems: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0 FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/30 16:21:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 18:23:55 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/26 18:28:55 | 000,000,000 | -H-D | M] [2008/12/18 23:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Extensions [2011/12/26 17:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions [2010/06/10 15:38:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/08/11 19:00:55 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64} [2011/12/26 15:55:10 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} [2011/09/03 08:54:55 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\toolbar@shopathome.com [2011/12/16 19:41:06 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\conduit.xml [2011/10/18 15:04:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\CouponAlert_2p.xml [2011/10/18 15:04:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/02/15 18:10:28 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/06/30 16:21:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2010/01/08 09:39:45 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/07/13 16:52:56 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2011/02/02 21:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/07/13 16:52:58 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2012/02/06 20:19:02 | 000,441,060 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15164 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL () O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [selectRebates] C:\Program Files\SelectRebates\SelectRebates.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [wgjpPXjtqGl.exe] C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe File not found O4 - HKCU..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti File not found O4 - HKCU..\Run: [internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe File not found O4 - HKCU..\Run: [spybotSD TeaTimer] F:\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O8 - Extra context menu item: &Search - http://tbedits.couponalert.com/one-toolbaredits/menusearch.jhtml?s=100000487&p=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&a=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&n=2011081120 File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www6.iepdirect.com/ScriptX_6_5/smsx.cab (MeadCo ScriptX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://e-talk1.whps.org/dwa7W.cab (Domino Web Access 7 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{830D72BE-6132-4A2A-B8DD-7BC8B69A920B}: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\gebBSLDU) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{33803d90-0df6-11df-977a-00038a000015}\Shell\AutoRun\command - "" = I:\PMB_Portable.exe O33 - MountPoints2\{c9f521f1-80d6-11dd-ae4d-0015966fac46}\Shell\AutoRun\command - "" = H:\PMB_Portable.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/07 19:06:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr [2012/02/07 19:06:22 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr [2012/02/07 19:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\FixPolicies [2012/02/07 17:33:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Administrative Tools [2012/02/07 17:24:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr [2012/02/06 20:34:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ekenbarger's\Recent [2012/02/06 19:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2012/02/06 19:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe [2012/02/06 19:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/06 14:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\System Check [2012/01/11 19:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\pics [2012/01/11 19:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\Cheryl's [2012/01/11 09:32:02 | 000,021,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll [2005/09/16 00:27:14 | 000,065,536 | -H-- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ] [14 C:\Documents and Settings\Ekenbarger's\My Documents\*.tmp files -> C:\Documents and Settings\Ekenbarger's\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/08 17:43:04 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job [2012/02/08 17:43:03 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job [2012/02/08 17:15:01 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/02/08 16:24:21 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job [2012/02/08 16:15:01 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/02/08 14:54:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012/02/07 19:22:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/07 19:22:05 | 2682,425,344 | -HS- | M] () -- C:\hiberfil.sys [2012/02/07 19:14:21 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe [2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr [2012/02/07 19:06:23 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr [2012/02/07 19:01:31 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\FixPolicies.exe [2012/02/07 17:24:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr [2012/02/07 17:12:06 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe [2012/02/07 16:56:39 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk [2012/02/07 16:47:51 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk [2012/02/06 21:23:09 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk [2012/02/06 20:19:02 | 000,441,060 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk [2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/02/06 19:39:14 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe [2012/02/06 18:35:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/06 14:52:57 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2012/02/04 22:17:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/01/11 09:30:44 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ] [14 C:\Documents and Settings\Ekenbarger's\My Documents\*.tmp files -> C:\Documents and Settings\Ekenbarger's\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/07 19:14:17 | 000,879,683 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe [2012/02/07 19:01:30 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\FixPolicies.exe [2012/02/07 17:12:05 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe [2012/02/07 16:56:39 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk [2012/02/07 16:47:51 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk [2012/02/07 06:12:36 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Internet Explorer (2).lnk [2012/02/06 21:23:09 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk [2012/02/06 21:19:19 | 2682,425,344 | -HS- | C] () -- C:\hiberfil.sys [2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk [2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/02/06 18:27:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/06 14:52:57 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2011/05/21 09:05:16 | 000,709,456 | -H-- | C] () -- C:\WINDOWS\is-JCNJV.exe [2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k [2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k [2011/05/06 14:29:52 | 000,023,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011/03/13 09:09:42 | 000,638,976 | -H-- | C] () -- C:\WINDOWS\System32\dlccpmui.dll [2011/03/13 09:09:42 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsr.dll [2011/03/13 09:09:41 | 000,372,736 | -H-- | C] () -- C:\WINDOWS\System32\dlccih.exe [2011/03/13 09:09:41 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccins.dll [2011/03/13 09:09:41 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlccvs.dll [2011/03/13 09:09:40 | 000,413,696 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomm.dll [2011/03/13 09:09:40 | 000,368,640 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.exe [2011/03/13 09:09:40 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\dlccpplc.dll [2011/03/13 09:09:39 | 001,134,592 | -H-- | C] () -- C:\WINDOWS\System32\dlccusb1.dll [2011/03/13 09:09:39 | 000,770,048 | -H-- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll [2011/03/13 09:09:39 | 000,483,328 | -H-- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll [2011/03/13 09:09:38 | 000,704,512 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomc.dll [2011/03/13 09:09:38 | 000,491,520 | -H-- | C] () -- C:\WINDOWS\System32\dlcccoms.exe [2011/03/13 09:09:38 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccprox.dll [2011/03/13 09:09:37 | 001,183,744 | -H-- | C] () -- C:\WINDOWS\System32\dlccserv.dll [2011/03/13 09:09:36 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\dlcccur.dll [2011/03/13 09:09:35 | 000,430,080 | -H-- | C] () -- C:\WINDOWS\System32\dlccutil.dll [2011/03/13 09:09:35 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\dlcccu.dll [2011/03/13 09:09:32 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsb.dll [2011/03/13 09:09:32 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dlcccub.dll [2011/03/13 09:09:31 | 000,131,072 | -H-- | C] () -- C:\WINDOWS\System32\dlccjswr.dll [2011/03/13 09:09:25 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.dll [2011/02/17 18:00:30 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys [2010/05/11 06:24:12 | 000,000,222 | -H-- | C] () -- C:\WINDOWS\System32\SunData.ini [2010/05/11 06:22:51 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\TTL3Util.ini [2010/05/11 06:22:37 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\TTL3.ini [2010/01/07 20:19:32 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2008/12/17 20:03:46 | 000,073,984 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008/10/17 08:26:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\FoneSync.INI [2008/09/13 18:00:52 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/07/02 13:55:05 | 000,000,234 | -H-- | C] () -- C:\WINDOWS\TFF32.ini [2007/10/13 10:41:53 | 000,101,824 | -H-- | C] () -- C:\Program Files\MC [2007/08/22 22:41:51 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/05/28 14:39:51 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll [2007/05/28 14:29:32 | 000,000,584 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat [2007/04/14 10:55:37 | 000,000,107 | -H-- | C] () -- C:\WINDOWS\wpd99.drv [2007/04/14 10:55:17 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2007/04/08 19:50:42 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini [2006/11/25 18:38:40 | 000,001,827 | -H-- | C] () -- C:\WINDOWS\cdPlayer.ini [2006/10/01 19:24:21 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\Viewer.ini [2006/05/21 09:25:51 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\qfnonl.ini [2006/05/21 08:02:13 | 000,000,696 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI [2006/05/21 08:02:12 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\intuprof.ini [2006/05/21 08:02:10 | 000,006,838 | -H-- | C] () -- C:\WINDOWS\ICOADB32.DAT [2005/11/03 15:34:18 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/05 18:40:34 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/10/05 18:40:34 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\86307A10A8.sys [2005/09/21 07:41:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\fusioncache.dat [2005/09/20 19:12:22 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JPR.{PB [2005/09/20 19:12:22 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JCM.{PB [2005/09/16 00:58:59 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2005/09/16 00:50:31 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2005/09/16 00:46:43 | 001,048,576 | -H-- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2005/09/16 00:46:43 | 000,000,231 | -H-- | C] () -- C:\WINDOWS\AC3API.INI [2005/09/16 00:46:34 | 000,003,278 | -H-- | C] () -- C:\WINDOWS\System32\LudaP17.ini [2005/09/16 00:46:34 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/09/16 00:46:29 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\SBWIN.INI [2005/09/16 00:27:14 | 000,060,928 | -H-- | C] () -- C:\WINDOWS\System32\P17.dll [2005/09/16 00:27:14 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2005/09/16 00:27:04 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe [2005/09/16 00:27:00 | 000,087,540 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2005/09/16 00:26:34 | 000,000,394 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/01/28 08:08:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 13:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/10 13:02:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 12:57:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/10 12:57:15 | 000,351,384 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/10 12:51:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 12:51:20 | 000,442,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/10 12:51:20 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 12:51:20 | 000,071,732 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/10 12:51:20 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 12:51:18 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/10 12:51:17 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/10 12:51:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/10 12:51:12 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 12:51:11 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 12:51:05 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 12:50:56 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin ========== LOP Check ========== [2009/06/24 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs [2011/02/03 14:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2011/12/26 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2008/01/05 19:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2007/04/14 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2008/12/19 21:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2009/06/24 20:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPORE [2008/12/20 00:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2007/03/11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2011/12/26 15:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC [2011/12/26 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/04 08:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/04 14:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011/12/26 12:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\ElevatedDiagnostics [2011/04/10 12:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\gtk-2.0 [2007/01/29 18:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Leadertech [2011/07/31 17:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Nikon [2007/05/13 06:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SmartDraw [2010/06/16 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SPORE [2007/03/11 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint [2012/02/08 16:24:21 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job ========== Purity Check ========== < End of report > OTL Extras log OTL Extras logfile created on: 2/7/2012 7:08:43 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ekenbarger's\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.50 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 74.40% Memory free 3.09 Gb Paging File | 2.69 Gb Available in Paging File | 87.01% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.58 Gb Total Space | 103.03 Gb Free Space | 70.77% Space Free | Partition Type: NTFS Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 465.76 Gb Total Space | 412.81 Gb Free Space | 88.63% Space Free | Partition Type: NTFS Computer Name: JAM1 | User Name: Ekenbarger's | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" %* txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "Disable Config" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1 "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition "{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 24 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections "{40A5DF56-329E-433C-8E79-99807E02F90F}" = Rayman Raving Rabbids "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B4F81E0-9150-11D4-A594-0050BAC6946A}" = NickToons Racing "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{6C611DD2-2685-4A76-92B5-ECD237128582}" = Type to Learn 3 "{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{766E4715-B801-46B3-9D91-12288AB88428}" = DB CIF Cam "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet! "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0 "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12 "{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1 "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player "{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0 "{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack "{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en) "ATI Display Driver" = ATI Display Driver "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "DAO 3.5" = DAO 3.5 "Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924 "EADM" = EA Download Manager "FoneSync" = FoneSync "Google Chrome" = Google Chrome "Google Updater" = Google Updater "ie8" = Windows Internet Explorer 8 "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Jimmy Neutron Boy Genius" = Jimmy Neutron Boy Genius "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Pdf995" = Pdf995 "PdfEdit995" = PdfEdit995 "PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11 "Quicken Basic 2000" = Quicken Basic 2000 "RealPlayer 12.0" = RealPlayer "SelectRebatesUninstall" = ShopAtHome.com Toolbar "Shockwave" = Shockwave "TaxCut Basic 2006" = TaxCut Basic 2006 "ViewpointMediaPlayer" = Viewpoint Media Player "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.6 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2001Setup" = Microsoft Works 2001 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/14/2012 2:17:14 PM | Computer Name = JAM1 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19046, fault address 0x000679b8. Error - 1/28/2012 10:17:22 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/28/2012 10:17:24 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 2/2/2012 5:53:02 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2/6/2012 6:32:41 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 7:00:46 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 8:22:43 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 9:21:47 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 9:34:49 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 10:20:01 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 [ System Events ] Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031 Description = The Norton Ghost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031 Description = The SymSnapService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The dlcc_device service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:08:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SymSnapService service, but this action failed with the following error: %%1056 < End of report > Checkup log Results of screen317's Security Check version 0.99.30 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee Security Scan Plus ``````````````````````````````` Anti-malware/Other Utilities Check: MVPS Hosts File Malwarebytes' Anti-Malware Java 6 Update 24 Java 2 Runtime Environment, SE v1.4.2_03 Java version out of date! Adobe Flash Player 10.2.152.26 Flash Player out of Date! Adobe Reader X 10.0.1 Adobe Reader out of Date! Mozilla Firefox (3.6.16) Firefox out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````

Ran Security Check but notepad did not pop up. Couldn't find Checkup logs. Should I run it again? Thanks. CAE . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 9/20/2005 7:58:34 PM System Uptime: 2/6/2012 9:16:35 PM (20 hours ago) . Motherboard: Dell Inc. | | 0X8582 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 146 GiB total, 103.037 GiB free. D: is CDROM (CDFS) E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 412.815 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1053: 11/10/2011 3:43:33 PM - System Checkpoint RP1054: 11/11/2011 4:16:15 PM - System Checkpoint RP1055: 11/12/2011 4:38:30 PM - System Checkpoint RP1056: 11/13/2011 5:01:46 PM - System Checkpoint RP1057: 11/14/2011 5:55:33 PM - System Checkpoint RP1058: 11/15/2011 6:37:23 PM - System Checkpoint RP1059: 11/16/2011 6:42:58 PM - System Checkpoint RP1060: 11/17/2011 6:43:32 PM - System Checkpoint RP1061: 11/18/2011 7:29:00 PM - System Checkpoint RP1062: 11/19/2011 9:13:51 PM - System Checkpoint RP1063: 11/21/2011 3:10:22 PM - System Checkpoint RP1064: 11/22/2011 3:51:46 PM - System Checkpoint RP1065: 11/23/2011 4:46:20 PM - System Checkpoint RP1066: 11/24/2011 5:50:36 PM - System Checkpoint RP1067: 11/25/2011 6:44:05 PM - System Checkpoint RP1068: 11/26/2011 6:47:42 PM - System Checkpoint RP1069: 11/27/2011 7:51:01 PM - System Checkpoint RP1070: 11/28/2011 8:46:52 PM - System Checkpoint RP1071: 11/29/2011 8:57:54 PM - System Checkpoint RP1072: 11/30/2011 9:04:19 PM - System Checkpoint RP1073: 12/1/2011 9:35:17 PM - System Checkpoint RP1074: 12/2/2011 9:36:43 PM - System Checkpoint RP1075: 12/3/2011 10:47:56 PM - System Checkpoint RP1076: 12/5/2011 7:27:06 AM - System Checkpoint RP1077: 12/6/2011 1:25:45 PM - System Checkpoint RP1078: 12/7/2011 1:35:34 PM - System Checkpoint RP1079: 12/8/2011 2:13:08 PM - System Checkpoint RP1080: 12/9/2011 5:10:56 PM - System Checkpoint RP1081: 12/10/2011 6:40:55 PM - System Checkpoint RP1082: 12/12/2011 5:56:36 AM - System Checkpoint RP1083: 12/13/2011 6:30:37 AM - System Checkpoint RP1084: 12/14/2011 7:33:17 AM - System Checkpoint RP1085: 12/15/2011 8:33:17 AM - System Checkpoint RP1086: 12/16/2011 9:33:17 AM - System Checkpoint RP1087: 12/17/2011 9:54:47 AM - System Checkpoint RP1088: 12/18/2011 10:33:17 AM - System Checkpoint RP1089: 12/19/2011 11:33:17 AM - System Checkpoint RP1090: 12/20/2011 12:33:17 PM - System Checkpoint RP1091: 12/21/2011 1:45:20 PM - System Checkpoint RP1092: 12/22/2011 2:33:20 PM - System Checkpoint RP1093: 12/23/2011 3:33:20 PM - System Checkpoint RP1094: 12/24/2011 3:51:20 PM - System Checkpoint RP1095: 12/25/2011 4:32:06 PM - System Checkpoint RP1096: 12/26/2011 12:25:53 PM - Installed %1 %2. RP1097: 12/26/2011 12:28:35 PM - Restore Point before Corrupt Patch Registry keys RP1098: 12/26/2011 12:46:43 PM - Installed Windows XP KB942288-v3. RP1099: 12/26/2011 1:06:41 PM - Removed iTunes RP1100: 12/26/2011 3:05:16 PM - Removed iTunes RP1101: 12/26/2011 3:54:36 PM - Installed WinZip 16.0 RP1102: 12/26/2011 4:32:07 PM - Removed WinZip 16.0 RP1103: 12/26/2011 4:32:55 PM - Removed WinZip Courier RP1104: 12/26/2011 4:33:57 PM - Removed Kaspersky Security Scan RP1105: 12/26/2011 6:23:50 PM - Removed QuickTime RP1106: 12/26/2011 6:28:35 PM - Installed QuickTime RP1107: 12/26/2011 6:46:10 PM - Installed iTunes RP1108: 12/27/2011 7:44:30 PM - System Checkpoint RP1109: 12/28/2011 8:43:59 PM - System Checkpoint RP1110: 12/29/2011 8:45:04 PM - System Checkpoint RP1111: 12/30/2011 9:23:11 PM - System Checkpoint RP1112: 12/31/2011 10:35:40 PM - System Checkpoint RP1113: 1/11/2012 9:52:55 AM - System Checkpoint RP1114: 1/12/2012 10:15:07 AM - System Checkpoint RP1115: 1/13/2012 11:09:37 AM - System Checkpoint RP1116: 1/14/2012 12:17:57 PM - System Checkpoint RP1117: 1/15/2012 1:12:01 PM - System Checkpoint RP1118: 1/16/2012 3:24:39 PM - System Checkpoint RP1119: 1/17/2012 3:48:45 PM - System Checkpoint RP1120: 1/18/2012 4:43:25 PM - System Checkpoint RP1121: 1/19/2012 4:56:34 PM - System Checkpoint RP1122: 1/20/2012 5:35:59 PM - System Checkpoint RP1123: 1/21/2012 6:56:04 PM - System Checkpoint RP1124: 1/22/2012 7:26:15 PM - System Checkpoint RP1125: 1/23/2012 7:28:35 PM - System Checkpoint RP1126: 1/24/2012 8:15:34 PM - System Checkpoint RP1127: 1/25/2012 9:06:56 PM - System Checkpoint RP1128: 1/26/2012 10:03:10 PM - System Checkpoint RP1129: 1/27/2012 10:49:47 PM - System Checkpoint RP1130: 1/28/2012 11:45:06 PM - System Checkpoint RP1131: 1/30/2012 12:38:22 AM - System Checkpoint RP1132: 1/31/2012 1:32:38 AM - System Checkpoint RP1133: 2/1/2012 2:26:58 AM - System Checkpoint RP1134: 2/2/2012 2:57:57 AM - System Checkpoint RP1135: 2/3/2012 3:53:44 AM - System Checkpoint RP1136: 2/4/2012 4:51:44 AM - System Checkpoint RP1137: 2/5/2012 5:45:10 AM - System Checkpoint RP1138: 2/6/2012 6:39:41 AM - System Checkpoint RP1139: 2/6/2012 4:31:41 PM - Restore Operation RP1140: 2/6/2012 4:32:38 PM - Restore Operation RP1141: 2/6/2012 8:29:24 PM - Removed Bonjour . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint Acrobat.com Adobe AIR Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.0.1) AOL Coach Version 1.0(Build:20040229.1 en) AOL Uninstaller (Choose which Products to Remove) AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Software Suite ATI Control Panel ATI Display Driver Compatibility Pack for the 2007 Office system Coupon Printer for Windows Creative MediaSource DAO 3.5 DB CIF Cam Dell Media Experience Dell Photo AIO Printer 924 Dell Picture Studio v3.0 Dell Support 3.2.1 Dell System Restore EA Download Manager EarthLink setup files FoneSync Get High Speed Internet! GIMP 2.6.6 Google Chrome Google Earth Google SketchUp 6 Google Toolbar for Internet Explorer Google Update Helper Google Updater High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel Matrix Storage Manager Intel® 537EP V9x DF PCI Modem Intel® PRO Network Connections Software v9.2.4.11 Intel® PROSafe for Wired Connections Internet Explorer Default Page iTunes Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Java 6 Update 24 Jimmy Neutron Boy Genius LiveUpdate 3.2 (Symantec Corporation) Macromedia Flash Player Malwarebytes' Anti-Malware McAfee Security Scan Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Picture It! Publishing 2001 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Word 2000 SR-1 Microsoft Works 2001 Setup Launcher Microsoft Works 6.0 Microsoft Works Suite Add-in for Microsoft Word MobileMe Control Panel Modem Event Monitor Modem Helper Modem On Hold Move Networks Media Player for Internet Explorer Mozilla Firefox (3.6.16) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB973686) Musicmatch for Windows Media Player Napster Napster Burn Engine NetZeroInstallers NickToons Racing Nikon Message Center Norton Ghost Pdf995 PdfEdit995 Photo Click PictureProject PowerDVD 5.5 QuickBooks Simple Start Special Edition Quicken Basic 2000 QuickTime Rayman Raving Rabbids RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Safari Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shockwave ShopAtHome.com Toolbar Sonic DLA Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sound Blaster Live! 24-bit SPORE™ SPORE™ Galactic Adventures Spybot - Search & Destroy TaxCut Basic 2006 Type to Learn 3 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB972636) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Viewpoint Media Player WebCyberCoach 3.2 Dell WebFldrs XP Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 8 Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 WordPerfect Office 12 Works Suite OS Pack Works Synchronization Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 2/6/2012 8:29:38 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 2/6/2012 4:36:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 2/6/2012 4:31:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm 2/6/2012 4:30:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/1/2012 5:59:11 AM, error: Dhcp [1002] - The IP address lease 68.1.168.30 for the Network Card with network address 00123F758368 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 2/1/2012 5:58:41 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{830D72BE-6132-4A2A-B8DD-7BC8B69A920B} because another computer on the network has the same name. The server could not start. . ==== End Of File =========================== OTL Extras logfile created on: 2/7/2012 7:08:43 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ekenbarger's\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.50 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 74.40% Memory free 3.09 Gb Paging File | 2.69 Gb Available in Paging File | 87.01% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.58 Gb Total Space | 103.03 Gb Free Space | 70.77% Space Free | Partition Type: NTFS Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 465.76 Gb Total Space | 412.81 Gb Free Space | 88.63% Space Free | Partition Type: NTFS Computer Name: JAM1 | User Name: Ekenbarger's | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" %* txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "Disable Config" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1 "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition "{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 24 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections "{40A5DF56-329E-433C-8E79-99807E02F90F}" = Rayman Raving Rabbids "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B4F81E0-9150-11D4-A594-0050BAC6946A}" = NickToons Racing "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{6C611DD2-2685-4A76-92B5-ECD237128582}" = Type to Learn 3 "{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{766E4715-B801-46B3-9D91-12288AB88428}" = DB CIF Cam "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet! "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0 "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12 "{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1 "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player "{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0 "{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack "{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en) "ATI Display Driver" = ATI Display Driver "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "DAO 3.5" = DAO 3.5 "Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924 "EADM" = EA Download Manager "FoneSync" = FoneSync "Google Chrome" = Google Chrome "Google Updater" = Google Updater "ie8" = Windows Internet Explorer 8 "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Jimmy Neutron Boy Genius" = Jimmy Neutron Boy Genius "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Pdf995" = Pdf995 "PdfEdit995" = PdfEdit995 "PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11 "Quicken Basic 2000" = Quicken Basic 2000 "RealPlayer 12.0" = RealPlayer "SelectRebatesUninstall" = ShopAtHome.com Toolbar "Shockwave" = Shockwave "TaxCut Basic 2006" = TaxCut Basic 2006 "ViewpointMediaPlayer" = Viewpoint Media Player "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.6 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2001Setup" = Microsoft Works 2001 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/14/2012 2:17:14 PM | Computer Name = JAM1 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19046, fault address 0x000679b8. Error - 1/28/2012 10:17:22 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/28/2012 10:17:24 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 2/2/2012 5:53:02 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2/6/2012 6:32:41 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 7:00:46 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 8:22:43 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 9:21:47 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 9:34:49 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 2/6/2012 10:20:01 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 [ System Events ] Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031 Description = The Norton Ghost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031 Description = The SymSnapService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034 Description = The dlcc_device service terminated unexpectedly. It has done this 1 time(s). Error - 2/7/2012 8:08:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SymSnapService service, but this action failed with the following error: %%1056 < End of report >

Was infected by System Check. Ran my Malwarebytes disc but wasn't working (in safe mode w/networking). Still in safemode searched for mybleepingcomputer and was redirected. Suddenly Internet Security adware was "running a scan". Tried Malwarebytes disc multiple times it found 6 infected files but wasn't removing them. Downloaded Spybot, ran it, and then found some of the exe files and used File Assassin to delete them. I'm don't think my computer is clean. I'm getting redirected when I use my search engine. My desktop is gone and only some of my programs show up in "All Programs". I only know enough to be dangerous. Help. Thank you. CAE . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by Ekenbarger's at 17:33:30 on 2012-02-07 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1774 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\SelectRebates\SelectRebates.exe C:\Program Files\Napster\napster.exe C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe F:\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\dlcccoms.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.cox.net/ uSearch Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie mURLSearchHooks: H - No File mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\spybot~1\spybot~1\SDHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bomgar Support Reconnect [1297805904]] "c:\documents and settings\all users\application data\bomgar-scc-4d5af24f\bomgar-scc.exe" -nomulti uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [internet Security] c:\documents and settings\all users\application data\isecurity.exe uRun: [spybotSD TeaTimer] f:\spybot - search & destroy\spybot - search & destroy\TeaTimer.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16 mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [selectRebates] c:\program files\selectrebates\SelectRebates.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NapsterShell] c:\program files\napster\napster.exe /systray mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [HostManager] c:\program files\common files\aol\1178326658\ee\AOLSoftware.exe mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [wgjpPXjtqGl.exe] c:\documents and settings\all users\application data\wgjpPXjtqGl.exe uPolicies-explorer: NoDesktop = 1 (0x1) mPolicies-system: DisableTaskMgr = 1 (0x1) IE: &Search - http://tbedits.couponalert.com/one-toolbaredits/menusearch.jhtml?s=100000487&p=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&a=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&n=2011081120 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\spybot~1\spybot~1\SDHelper.dll Trusted Zone: microsoft.com\www.update DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www6.iepdirect.com/ScriptX_6_5/smsx.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://e-talk1.whps.org/dwa7W.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{830D72BE-6132-4A2A-B8DD-7BC8B69A920B} : DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12 Filter: text/html - {ebf6bf89-93f4-4e89-8fc4-7ead60359ba4} - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, LSA: Authentication Packages = msv1_0 c:\windows\system32\gebBSLDU Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - WinZipBar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCore.dll FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko5.dll FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko6.dll FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko7.dll FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko8.dll FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko9.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com FF - Ext: Coupons.com Community Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - %profile%\extensions\{37153479-1976-43c3-a1ee-557513977b64} FF - Ext: WinZipBar Community Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - %profile%\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} . ============= SERVICES / DRIVERS =============== . R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2006-5-21 34916] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-18 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-18 40552] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336] . =============== File Associations =============== . regfile=regedit.exe "%1" %* scrfile="%1" %* . =============== Created Last 30 ================ . 2012-01-11 14:32:02 21504 ---ha-w- c:\windows\system32\hidserv.dll 2012-01-11 14:32:02 21504 ---ha-w- c:\windows\system32\dllcache\hidserv.dll . ==================== Find3M ==================== . 2011-12-26 20:43:04 23624 ---ha-w- c:\windows\system32\drivers\hitmanpro35.sys . ============= FINISH: 17:40:28.14 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 9/20/2005 7:58:34 PM System Uptime: 2/6/2012 9:16:35 PM (20 hours ago) . Motherboard: Dell Inc. | | 0X8582 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 146 GiB total, 103.037 GiB free. D: is CDROM (CDFS) E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 412.815 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1053: 11/10/2011 3:43:33 PM - System Checkpoint RP1054: 11/11/2011 4:16:15 PM - System Checkpoint RP1055: 11/12/2011 4:38:30 PM - System Checkpoint RP1056: 11/13/2011 5:01:46 PM - System Checkpoint RP1057: 11/14/2011 5:55:33 PM - System Checkpoint RP1058: 11/15/2011 6:37:23 PM - System Checkpoint RP1059: 11/16/2011 6:42:58 PM - System Checkpoint RP1060: 11/17/2011 6:43:32 PM - System Checkpoint RP1061: 11/18/2011 7:29:00 PM - System Checkpoint RP1062: 11/19/2011 9:13:51 PM - System Checkpoint RP1063: 11/21/2011 3:10:22 PM - System Checkpoint RP1064: 11/22/2011 3:51:46 PM - System Checkpoint RP1065: 11/23/2011 4:46:20 PM - System Checkpoint RP1066: 11/24/2011 5:50:36 PM - System Checkpoint RP1067: 11/25/2011 6:44:05 PM - System Checkpoint RP1068: 11/26/2011 6:47:42 PM - System Checkpoint RP1069: 11/27/2011 7:51:01 PM - System Checkpoint RP1070: 11/28/2011 8:46:52 PM - System Checkpoint RP1071: 11/29/2011 8:57:54 PM - System Checkpoint RP1072: 11/30/2011 9:04:19 PM - System Checkpoint RP1073: 12/1/2011 9:35:17 PM - System Checkpoint RP1074: 12/2/2011 9:36:43 PM - System Checkpoint RP1075: 12/3/2011 10:47:56 PM - System Checkpoint RP1076: 12/5/2011 7:27:06 AM - System Checkpoint RP1077: 12/6/2011 1:25:45 PM - System Checkpoint RP1078: 12/7/2011 1:35:34 PM - System Checkpoint RP1079: 12/8/2011 2:13:08 PM - System Checkpoint RP1080: 12/9/2011 5:10:56 PM - System Checkpoint RP1081: 12/10/2011 6:40:55 PM - System Checkpoint RP1082: 12/12/2011 5:56:36 AM - System Checkpoint RP1083: 12/13/2011 6:30:37 AM - System Checkpoint RP1084: 12/14/2011 7:33:17 AM - System Checkpoint RP1085: 12/15/2011 8:33:17 AM - System Checkpoint RP1086: 12/16/2011 9:33:17 AM - System Checkpoint RP1087: 12/17/2011 9:54:47 AM - System Checkpoint RP1088: 12/18/2011 10:33:17 AM - System Checkpoint RP1089: 12/19/2011 11:33:17 AM - System Checkpoint RP1090: 12/20/2011 12:33:17 PM - System Checkpoint RP1091: 12/21/2011 1:45:20 PM - System Checkpoint RP1092: 12/22/2011 2:33:20 PM - System Checkpoint RP1093: 12/23/2011 3:33:20 PM - System Checkpoint RP1094: 12/24/2011 3:51:20 PM - System Checkpoint RP1095: 12/25/2011 4:32:06 PM - System Checkpoint RP1096: 12/26/2011 12:25:53 PM - Installed %1 %2. RP1097: 12/26/2011 12:28:35 PM - Restore Point before Corrupt Patch Registry keys RP1098: 12/26/2011 12:46:43 PM - Installed Windows XP KB942288-v3. RP1099: 12/26/2011 1:06:41 PM - Removed iTunes RP1100: 12/26/2011 3:05:16 PM - Removed iTunes RP1101: 12/26/2011 3:54:36 PM - Installed WinZip 16.0 RP1102: 12/26/2011 4:32:07 PM - Removed WinZip 16.0 RP1103: 12/26/2011 4:32:55 PM - Removed WinZip Courier RP1104: 12/26/2011 4:33:57 PM - Removed Kaspersky Security Scan RP1105: 12/26/2011 6:23:50 PM - Removed QuickTime RP1106: 12/26/2011 6:28:35 PM - Installed QuickTime RP1107: 12/26/2011 6:46:10 PM - Installed iTunes RP1108: 12/27/2011 7:44:30 PM - System Checkpoint RP1109: 12/28/2011 8:43:59 PM - System Checkpoint RP1110: 12/29/2011 8:45:04 PM - System Checkpoint RP1111: 12/30/2011 9:23:11 PM - System Checkpoint RP1112: 12/31/2011 10:35:40 PM - System Checkpoint RP1113: 1/11/2012 9:52:55 AM - System Checkpoint RP1114: 1/12/2012 10:15:07 AM - System Checkpoint RP1115: 1/13/2012 11:09:37 AM - System Checkpoint RP1116: 1/14/2012 12:17:57 PM - System Checkpoint RP1117: 1/15/2012 1:12:01 PM - System Checkpoint RP1118: 1/16/2012 3:24:39 PM - System Checkpoint RP1119: 1/17/2012 3:48:45 PM - System Checkpoint RP1120: 1/18/2012 4:43:25 PM - System Checkpoint RP1121: 1/19/2012 4:56:34 PM - System Checkpoint RP1122: 1/20/2012 5:35:59 PM - System Checkpoint RP1123: 1/21/2012 6:56:04 PM - System Checkpoint RP1124: 1/22/2012 7:26:15 PM - System Checkpoint RP1125: 1/23/2012 7:28:35 PM - System Checkpoint RP1126: 1/24/2012 8:15:34 PM - System Checkpoint RP1127: 1/25/2012 9:06:56 PM - System Checkpoint RP1128: 1/26/2012 10:03:10 PM - System Checkpoint RP1129: 1/27/2012 10:49:47 PM - System Checkpoint RP1130: 1/28/2012 11:45:06 PM - System Checkpoint RP1131: 1/30/2012 12:38:22 AM - System Checkpoint RP1132: 1/31/2012 1:32:38 AM - System Checkpoint RP1133: 2/1/2012 2:26:58 AM - System Checkpoint RP1134: 2/2/2012 2:57:57 AM - System Checkpoint RP1135: 2/3/2012 3:53:44 AM - System Checkpoint RP1136: 2/4/2012 4:51:44 AM - System Checkpoint RP1137: 2/5/2012 5:45:10 AM - System Checkpoint RP1138: 2/6/2012 6:39:41 AM - System Checkpoint RP1139: 2/6/2012 4:31:41 PM - Restore Operation RP1140: 2/6/2012 4:32:38 PM - Restore Operation RP1141: 2/6/2012 8:29:24 PM - Removed Bonjour . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint Acrobat.com Adobe AIR Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.0.1) AOL Coach Version 1.0(Build:20040229.1 en) AOL Uninstaller (Choose which Products to Remove) AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Software Suite ATI Control Panel ATI Display Driver Compatibility Pack for the 2007 Office system Coupon Printer for Windows Creative MediaSource DAO 3.5 DB CIF Cam Dell Media Experience Dell Photo AIO Printer 924 Dell Picture Studio v3.0 Dell Support 3.2.1 Dell System Restore EA Download Manager EarthLink setup files FoneSync Get High Speed Internet! GIMP 2.6.6 Google Chrome Google Earth Google SketchUp 6 Google Toolbar for Internet Explorer Google Update Helper Google Updater High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel Matrix Storage Manager Intel® 537EP V9x DF PCI Modem Intel® PRO Network Connections Software v9.2.4.11 Intel® PROSafe for Wired Connections Internet Explorer Default Page iTunes Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Java 6 Update 24 Jimmy Neutron Boy Genius LiveUpdate 3.2 (Symantec Corporation) Macromedia Flash Player Malwarebytes' Anti-Malware McAfee Security Scan Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Picture It! Publishing 2001 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Word 2000 SR-1 Microsoft Works 2001 Setup Launcher Microsoft Works 6.0 Microsoft Works Suite Add-in for Microsoft Word MobileMe Control Panel Modem Event Monitor Modem Helper Modem On Hold Move Networks Media Player for Internet Explorer Mozilla Firefox (3.6.16) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB973686) Musicmatch for Windows Media Player Napster Napster Burn Engine NetZeroInstallers NickToons Racing Nikon Message Center Norton Ghost Pdf995 PdfEdit995 Photo Click PictureProject PowerDVD 5.5 QuickBooks Simple Start Special Edition Quicken Basic 2000 QuickTime Rayman Raving Rabbids RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Safari Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shockwave ShopAtHome.com Toolbar Sonic DLA Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sound Blaster Live! 24-bit SPORE™ SPORE™ Galactic Adventures Spybot - Search & Destroy TaxCut Basic 2006 Type to Learn 3 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB972636) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Viewpoint Media Player WebCyberCoach 3.2 Dell WebFldrs XP Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 8 Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 WordPerfect Office 12 Works Suite OS Pack Works Synchronization Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 2/6/2012 8:29:38 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 2/6/2012 4:36:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 2/6/2012 4:31:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm 2/6/2012 4:30:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/1/2012 5:59:11 AM, error: Dhcp [1002] - The IP address lease 68.1.168.30 for the Network Card with network address 00123F758368 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 2/1/2012 5:58:41 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{830D72BE-6132-4A2A-B8DD-7BC8B69A920B} because another computer on the network has the same name. The server could not start. . ==== End Of File ===========================