DougH

I don't think I can write DVDs. I know I can burn CDs, because I have done that, as a matter of fact I burned one yesterday of some pictures I wanted off my computer to free up some space because I only have 3% free so I can't defrag. I do know too that I can play DVDs because i have watched movies on this computer. NOw what I am wondering is, can this computer read that kind of information off of a DVD on boot up like that. I have not given up on the defender offline. We are headed into town here in a little while and I'm gonna pick up some blank CDs and i'm going to burn one on the other computer and see if it will boot from a CD instead of a DVD. (I might get a flash drive as insurance too) Yes the issue with running the .EXE files has been solved. We took care of that early on. We have brought this computer a long way. Is it a 100%? I can't really say, but to answer your question, yes. I miss the days when I could have 9 tabs open in Mafia wars and run skype at the same time. I think a lot of my problem now is with shockwave. It seems to be the bane of a Zynga gamers existence. Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2012.12.23.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Curtis Lumpkin :: CURTIS [limited] 12/23/2012 12:14:06 PM mbar-log-2012-12-23 (12-14-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26355 Time elapsed: 40 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Non-administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.463000 GHz Memory total: 526434304, free: 85835776 ------------ Kernel report ------------ 12/23/2012 11:30:06 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS intelide.sys viaide.sys aliide.sys pcmcia.sys MountMgr.sys ftdisk.sys ACPIEC.sys \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS PartMgr.sys VolSnap.sys atapi.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys MpFilter.sys PxHelp20.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Serial.sys Mup.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\cpqbttn.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\ialmnt5.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\e100b325.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\pctnullport.sys \SystemRoot\system32\DRIVERS\RimSerial.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\NWADIenum.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\CHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\HSFHWAZL.sys \SystemRoot\system32\DRIVERS\HSF_DPV.sys \SystemRoot\system32\DRIVERS\HSF_CNXT.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\LHidFlt2.Sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LMouFlt2.Sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ialmdnt5.dll \SystemRoot\System32\ialmrnt5.dll \SystemRoot\System32\ialmdev5.DLL \SystemRoot\System32\ialmdd5.DLL \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \??\C:\WINDOWS\system32\drivers\Haspnt.sys \??\C:\WINDOWS\system32\drivers\hardlock.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\Drivers\LVPr2Mon.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\HTTP.sys \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2170AE47-918C-4597-9B87-A01B1D24402D}\MpKsld4850a6d.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8295d9c0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff82990030 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.12.23.06 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8295d9c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8295d798, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8295d9c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff829d1280, DeviceName: \Device\00000085\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff82990030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Upper DeviceData: 0xffffffffe140c650, 0xffffffff8295d9c0, 0xffffffff81c53660 Lower DeviceData: 0xffffffffe2d31d10, 0xffffffff82990030, 0xffffffff81ca02c8 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 4D384D37 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 61303977 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 61320105 Numsec = 16836120 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 40020664320 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)... Done! Performing system, memory and registry scan... Done! Scan finished =======================================

Had no trouble with the combo fix. It did take about 45 minutes to finish though. This computer is running a lot faster now as you can well imagine.

Well I am at a loss. I logged on My Parents computer that I am also working on while I am up here (see [pup.mywebsearch no action taken] in this same forum). The experience here has helped me a lot. Anyhoo, I used there computer and burned a DVD successfully but I can't get the damn thing to boot from the DVD. When I boot up, I press escape and gives me 2 options, and they are to boot from (1)CD or(2)notebook I choose CD of course but then the CD/DVD dealie clicks and hums a little but then windows boots up regularly(after a long delay with a black screen with a cursor blinking in the upper left hand corner). Only once did I get an question. It said press any key to boot from CD (after the CD or notebook option). By the time I realized I had to make a move it was too late. I have tried 15 times. Do you think maybe I can't use a DVD? What do you think I may be doing wrong?

ComboFix 12-12-22.02 - HP_Administrator 08/24/2012 16:01:22.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.137 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\QTSBandwidthCache c:\documents and settings\Default User\WINDOWS c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll c:\documents and settings\HP_Administrator\WINDOWS c:\windows\desktop c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\ps2.bat c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 ))))))))))))))))))))))))))))))) . . 2012-11-02 02:02 . 2012-11-02 02:02 375296 ------w- c:\windows\system32\dllcache\dpnet.dll 2012-10-02 18:04 . 2012-10-02 18:04 58368 ------w- c:\windows\system32\dllcache\synceng.dll 2012-08-24 16:41 . 2012-08-24 16:41 -------- d-----w- C:\b727b27cb15da142c4b56afd8fd337a5 2012-08-24 16:28 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2012-08-24 16:28 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll 2012-08-24 16:28 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2012-08-24 16:28 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll 2012-08-24 16:28 . 2008-05-02 10:49 62976 ------w- c:\windows\system32\dllcache\cdrom.sys 2012-08-24 16:12 . 2012-08-24 16:12 -------- d-----w- C:\597c0cb1455ee7186b76 2012-08-24 02:16 . 2012-08-24 02:16 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2012-08-24 02:16 . 2012-08-24 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-08-24 02:16 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 02:16 . 2012-08-24 02:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-24 02:11 . 2012-08-24 02:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tific . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2004-08-10 19:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-10 19:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02 . 2004-08-10 19:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-10 19:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-10 19:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-10 19:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-10 19:00 385024 ----a-w- c:\windows\system32\html.iec 2012-10-02 18:04 . 2004-08-10 19:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-08-24 13:53 . 2004-08-10 19:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2004-08-04 13:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2004-08-04 12:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-06 13:58 . 2004-08-10 19:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2004-08-10 19:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-09 17:53 . 2012-06-09 17:55 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-09 17:53 . 2012-06-09 17:55 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-09 17:53 . 2008-07-06 00:12 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-05 15:50 . 2008-09-24 02:58 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2004-08-10 19:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-08-10 19:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19 . 2007-12-24 05:31 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2007-12-24 05:31 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2004-08-10 19:00 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2004-08-10 19:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2004-08-10 19:00 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 20:19 . 2007-12-24 05:31 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 20:19 . 2004-08-10 19:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2004-08-10 19:00 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2004-08-10 19:00 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2007-12-24 05:31 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2004-08-10 19:00 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2004-08-10 19:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-01 16:50 . 2004-08-10 19:00 601088 ----a-w- c:\windows\system32\crypt32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-06 198160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-9-28 36903] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "N360"=2 (0x2) "MDM"=2 (0x2) "LightScribeService"=2 (0x2) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "gupdatem"=3 (0x3) "gupdate1c95c85ddc3988b"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "Apple Mobile Device"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [6/9/2012 11:33 AM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [6/9/2012 11:33 AM 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [8/5/2012 9:04 AM 995488] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [6/9/2012 11:33 AM 136312] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/23/2012 9:16 PM 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/23/2012 9:16 PM 676936] R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.2.3\ccsvchst.exe [6/9/2012 11:32 AM 130008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/9/2012 11:30 AM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121221.001\IDSXpx86.sys [8/23/2012 8:50 PM 373728] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/23/2012 9:16 PM 22856] S2 gupdate1c95c85ddc3988b;Google Update Service (gupdate1c95c85ddc3988b);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 1:17 PM 133104] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [4/18/2008 4:28 AM 384608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 08:15] . 2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 08:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.eastex.net/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html Trusted Zone: hp.com\h10025.www1 TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-24 16:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2384) c:\windows\system32\WININET.dll c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\eHome\ehmsas.exe . ************************************************************************** . Completion time: 2012-08-24 16:30:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-24 21:30 . Pre-Run: 172,088,422,400 bytes free Post-Run: 172,046,209,024 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - FDDB846326250E8CDD2875F37B3E88A8

Those driver ssdt? Are they all a problem or is that how they are suppose to read?

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : HP_Administrator [Admin rights] Mode : Remove -- Date : 08/24/2012 14:46:24 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8485B670) SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8485B750) SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8486C318) SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x84859B48) SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x848A83A0) SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x8485A3C8) SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x84859908) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x848DAA80) SSDT[57] : NtDebugActiveProcess @ 0x80643B3E -> HOOKED (Unknown @ 0x84859C58) SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x84ACBBB0) SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x847E4820) SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8485B468) SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8485B548) SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x848DBC88) SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8486D680) SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x8485A308) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x84AE6008) SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x84855A20) SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8485A568) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x84AE2EE8) SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x84859A58) SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8485B868) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8472C1C0) SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8472C2A0) SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (Unknown @ 0x84859D38) SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8485A648) SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8485B948) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x84756338) SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8485BA08) SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x84A2B760) SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x847E4910) S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x847B5530) S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x847291D8) S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x848BAD48) S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8474F1D8) S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x847B37F8) S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x848AF1D0) S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x84A2C1C8) S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x846F6270) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x847B6B70) S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x847B97C0) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3200822AS +++++ --- User --- [MBR] 397b623dbac3e08eb39e69b8f21d1d9d [bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba tatooed MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8205 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16803990 | Size: 182574 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_08242012_02d1446.txt >> RKreport[1]_S_08242012_02d1442.txt ; RKreport[2]_D_08242012_02d1446.txt

# AdwCleaner v2.101 - Logfile created 08/24/2012 at 14:30:02 # Updated 16/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : HP_Administrator - YOUR-B27FB1C401 # Boot Mode : Normal # Running from : C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Program Files\FunWebProducts Folder Deleted : C:\Program Files\MyWebSearch Folder Deleted : C:\Program Files\Viewpoint ***** [Registry] ***** Key Deleted : HKCU\Software\Fun Web Products Key Deleted : HKCU\Software\FunWebProducts Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKCU\Software\MyWebSearch Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} Key Deleted : HKLM\Software\FocusInteractive Key Deleted : HKLM\Software\Fun Web Products Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\Software\MyWebSearch Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [15399 octets] - [24/08/2012 14:30:02] ########## EOF - C:\AdwCleaner[s1].txt - [15460 octets] ##########

Gringo. have another problem also. Maurice has been helping me with it. He has me using the windows defender offline, which has taken me for ever to get to DVD, now I have it but I am not able to get this computer to boot from the DVD . It is a Compaq presario V5000. I have tried about 10 times to boot it, but only one time after I had hit escape and hit enter with CD/DVD did it ask me to hit a key if i wanted to bot from CD, by the time I realized I had to do something it had moved on to windows and I had lost my opportunity. Also does the computer have to be online to run defender offline? I know that sounds like a stupid question but i don't want to take hours when i do get it to boot and make a mistake. If it doesn't need internet then I can lug this one in and work on it. That way I can work on both at the same time.

That is just what I tried to do. I use ISO for a something unrelated, and I tried that, but I may have already had an effect on the CD so it wouldn't take using ISO. I have bummed enough CDs today. will pick up some tomorrow. Might even get a flash drive too. I will read the article and i appreciate the hep you are giving me

I got my hands on a blank CD and it ran all the way to the end of the download, or CD writing as it were and then said it couldn't complete. I will look at the frequently asked questions and see what I can find.

Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Norton 360 Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 35 Java 6 Update 5 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 7 Adobe Reader out of Date! Google Chrome 18.0.1025.152 Google Chrome 18.0.1025.162 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 1% ````````````````````End of Log`````````````````````` DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by HP_Administrator at 6:12:29 on 2012-08-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.93 [GMT -5:00] . AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Enabled* . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.eastex.net/ uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\5.2.2.3\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\5.2.2.3\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\5.2.2.3\coieplg.dll TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\5.2.2.3\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Search - <no file> IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{6072D067-B4B4-4C19-971E-B0DA3E591BDF} : DHCPNameServer = 192.168.1.254 Notify: AtiExtEvent - Ati2evxx.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-6-9 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-6-9 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-8-5 995488] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-6-9 136312] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-8-23 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-23 676936] R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.2.3\ccsvchst.exe [2012-6-9 130008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-9 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20121221.001\IDSXpx86.sys [2012-8-23 373728] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-23 22856] S2 gupdate1c95c85ddc3988b;Google Update Service (gupdate1c95c85ddc3988b);c:\program files\google\update\GoogleUpdate.exe [2008-12-12 133104] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20121221.024\NAVENG.SYS [2012-8-23 92704] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20121221.024\NAVEX15.SYS [2012-8-23 1601184] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-4-18 384608] . =============== Created Last 30 ================ . 2012-11-02 02:02:42 375296 ------w- c:\windows\system32\dllcache\dpnet.dll 2012-10-02 18:04:21 58368 ------w- c:\windows\system32\dllcache\synceng.dll 2012-08-24 02:16:41 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes 2012-08-24 02:16:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-08-24 02:16:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 02:16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-24 02:11:22 -------- d-----w- c:\documents and settings\hp_administrator\application data\Tific . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-09 17:53:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-09 17:53:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-09 17:53:15 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-01 16:50:06 601088 ----a-w- c:\windows\system32\crypt32.dll . ============= FINISH: 6:13:45.51 =============== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by HP_Administrator at 6:12:29 on 2012-08-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.93 [GMT -5:00] . AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Enabled* . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.eastex.net/ uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\5.2.2.3\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\5.2.2.3\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\5.2.2.3\coieplg.dll TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\5.2.2.3\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Search - <no file> IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{6072D067-B4B4-4C19-971E-B0DA3E591BDF} : DHCPNameServer = 192.168.1.254 Notify: AtiExtEvent - Ati2evxx.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-6-9 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-6-9 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-8-5 995488] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-6-9 136312] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-8-23 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-23 676936] R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.2.3\ccsvchst.exe [2012-6-9 130008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-9 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20121221.001\IDSXpx86.sys [2012-8-23 373728] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-23 22856] S2 gupdate1c95c85ddc3988b;Google Update Service (gupdate1c95c85ddc3988b);c:\program files\google\update\GoogleUpdate.exe [2008-12-12 133104] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20121221.024\NAVENG.SYS [2012-8-23 92704] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20121221.024\NAVEX15.SYS [2012-8-23 1601184] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-4-18 384608] . =============== Created Last 30 ================ . 2012-11-02 02:02:42 375296 ------w- c:\windows\system32\dllcache\dpnet.dll 2012-10-02 18:04:21 58368 ------w- c:\windows\system32\dllcache\synceng.dll 2012-08-24 02:16:41 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes 2012-08-24 02:16:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-08-24 02:16:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 02:16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-24 02:11:22 -------- d-----w- c:\documents and settings\hp_administrator\application data\Tific . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-09 17:53:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-09 17:53:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-09 17:53:15 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-01 16:50:06 601088 ----a-w- c:\windows\system32\crypt32.dll . ============= FINISH: 6:13:45.51 ===============

I loaded malwarebytes on my parents computer because is was running very very slow. I mean it was worse than a 28K dial up if your old enough to remember. I found 310 threats. It appears that only a few were quarantined compared to the over all volume of threats. I suspect massive registry damage. the following is a log for your pleasure. I will be here through the Holidays, any help I can get will be appreciated. Also this computer has Norton on it. How could it have not picked up any of this? Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.22.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 HP_Administrator :: YOUR-B27FB1C401 [administrator] Protection: Enabled 8/23/2012 10:02:39 PM mbam-log-2012-08-23 (22-02-39).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 306886 Time elapsed: 1 hour(s), 1 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 138 HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken. HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken. HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken. HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> No action taken. HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully. HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully. HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully. HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully. HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Detected: 12 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶» äG\Ê -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\firefox\ -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUman000 -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 21 C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared\Cache (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\firefox (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\firefox\chrome (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\setups (PUP.MyWebSearch) -> No action taken. Files Detected: 137 C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\firefox\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP1094\A0084441.dll (PUP.FunWebProducts) -> No action taken. C:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken. C:\Program Files\FunWebProducts\ScreenSaver\Images\01011C01.urr (PUP.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (PUP.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (PUP.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\0008BA02 (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\0008BB88 (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\0008BCE0 (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\0008BE86 (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\000D3DC5 (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F2E7E6 (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F2E9AB.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F2F217.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F2F4F5.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F2F7B5.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F2F96A.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F2FB20.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F2FDA0.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F398A8.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\00F39BD4.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\082FD0CF.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\3ECC3E6E.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\3FF98562.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\3FF9F9E6 (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\files.ini (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\firefox\CHROME.MANIFEST (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\firefox\INSTALL.RDF (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\firefox\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\8_step1.gif (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2d.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2r.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3d.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3r.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\logo_ZJ.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\logo_ZR.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtnbg.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtnn1.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtnn2.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtny1.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtny2.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebclose.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut2.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut3.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut3b.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\reb_bg.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\repmidsm.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\shield.png (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> No action taken. C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Trojan.BHO) -> Quarantined and deleted successfully. (end)

OK. I just realized that this computer won't burn DVDs, but it will burn CDs, and I only brought 1 blank CD with me up here to the country. I will try to bum a blank one from a neighbor in the morning and try again. I feel like I am a keystone cop fumbling like this but we have made some strides I believe.

I am just about as aggravated as a man can get. I downloaded the defender Offline and then tried to burn it. (Actually I did burn the download but I did it before I was suppose to) But naturally my burning system (or what ever) isn't good enough and I had to have (IMAPA) v2.0. So I go and find that and the first time it says it doesn't match my Windows system. But I know what I have is right so luckily I do it again and it goes then I commence to educate myself on how to boot from a disc and then try to load it on a DVD well of course now, and behold, after trying several discs it repeatedly says I don't have a disc in the machine. After due diligence and much smoke form my ears I am no closer to having defender Offline. I burn disc's on this computer and they were always good enough up until now. They are Memorex DVD+R 16x 4.7 GB 120 minutes. I am at a loss now.

We have IE working again, and I downloaded several different items to get the appropriate MS stuff. I had done the fireox reset when I got the updates so we are all good there too. The fix it tool only found one issue so i told it to go ahead. I will do the offline defender this evening. when I get to my country home....OK, OK It'smy dads. But I have internet there, I'm afraid it will take too long here and I will have everyone waiting on me.

You know the military tried using cats in guided missiles to bomb ships. On the assumption that since cats don't like water they would natural try to land on the ships. I know it sounds like BS but they did. Problem was, the cats didn't seem to know that the big blue thing coming at them really fast was water. That, and the fact that they would faint half way down kinda scrubbed that idea. They also used Pigeons (much more logical). Lucky for the birds the war ended before they were put into use. I personally think the fact that cats passed out on the way down is hilarious and if i was the military I would have never admitted to trying it in the first place.

I can't believe I actually found something with the search. I found the dds.scr and deleted it

* Let it run 3 times

That DDS start window continues to pop up. I have let in 3 times now. Still popping up

By the way, for your future experience with less than knowledgeable clients like me. i went to the Chrome thingie at the top right of browser page clicked it>settings>advanced settings>downloads> Click Ask where to save each file before downloading. hat is why I didn't have an option to choose desktop, but i do now....i think. lol

I also was not given a chance to save any log or report anywhere.

I had to hard boot to get off my screen. It looked kind of like Safemode except it said Dr. Wb Cure it in all 4 corners of the screen. you wil ahve to spoon feed me as to where and how to get that log.

The Express scan ran on the Dr Web Cure it. The only thing it found was Rkill and adware. I done as it said and removed them. It had my entire desktop blocked and I was not given an opurtumity to do a full scan. took about 20 minutes.

downloaded adware from Xplode and it is on my desktop. But when I double click it it asks to run adn then I get the hour glass for a few seconds, and then nothing. Nothing to ask to "SEARCH". I did go to windowa supplied search an pasted in the string you offered but it found nothing. I looked in all files and folders on C: and D:, and included hidden files and folders.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.1.9 (12.19.2012:1) OS: Microsoft Windows XP x86 Ran by Curtis Lumpkin on Wed 12/19/2012 at 15:30:35.81 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] application updater Successfully deleted: [service] application updater ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\application updater Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure" Successfully deleted: [Folder] "C:\Documents and Settings\Curtis Lumpkin\Application Data\drivercure" Successfully deleted: [Folder] "C:\Documents and Settings\Curtis Lumpkin\Application Data\search settings" Successfully deleted: [Folder] "C:\Program Files\application updater" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 12/19/2012 at 15:39:14.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~