jd28

I was not able to download the free Malwarebytes Antimalware to my desktop. I tried to download it on my laptop and save it to a flash drive then install on my desktop but keep getting a runtime error '372' - Failed to load control 'WebBrowser' from ieframe.dll Your version of ieframe.dll may be outdated. Make sure you are using the version of the control that was provided with your application. I've pasted the AdwCleaner search log below. # AdwCleaner v2.104 - Logfile created 12/29/2012 at 23:00:37 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Jim - D9LRKL81 # Boot Mode : Normal # Running from : C:\Documents and Settings\Jim\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Found : C:\Documents and Settings\All Users\Application Data\WeCareReminder Folder Found : C:\Documents and Settings\Jim\Application Data\DefaultTab Folder Found : C:\Documents and Settings\Jim\Application Data\Viewpoint Folder Found : C:\Program Files\Viewpoint Folder Found : C:\Program Files\Yontoo ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\DefaultTab Key Found : HKCU\Software\DefaultTab Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\wecarereminder Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Found : HKLM\Software\Default Tab Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Found : HKLM\Software\MetaStream Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found : HKLM\Software\Viewpoint ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [4641 octets] - [29/12/2012 23:00:37] ########## EOF - C:\AdwCleaner[R1].txt - [4701 octets] ##########

combofix log below ComboFix 12-12-29.02 - Jim 12/29/2012 21:44:02.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.193 [GMT -5:00] Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\addon.ico c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\amazon_ie.ico c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DT.ico c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DT_IE.exe c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DTUpdate.exe c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\facebook_ie.ico c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\imdb_ie.ico c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\search_here_ie.ico c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\searchhere.ico c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\twitter_ie.ico c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\uninstalldt.exe c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico c:\documents and settings\Jim\WINDOWS c:\program files\MyWaySA c:\program files\Setup.exe c:\program files\Shared c:\program files\Shared\lib.sig C:\Thumbs.db c:\windows\system32\bszip.dll c:\windows\system32\twain.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\win.ini c:\windows\system32\wininit.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 ))))))))))))))))))))))))))))))) . . 2012-12-30 02:23 . 2012-12-30 02:23 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-12-30 02:23 . 2012-12-30 02:23 -------- d-----w- c:\program files\W3i 2012-12-30 02:23 . 2012-12-30 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i 2012-12-30 02:23 . 2012-12-30 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder 2012-12-30 02:23 . 2012-12-30 02:58 -------- d-----w- c:\documents and settings\Jim\Application Data\DefaultTab 2012-12-30 02:23 . 2012-12-30 02:23 -------- d-----w- c:\program files\Yontoo 2012-12-30 02:22 . 2012-12-30 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2012-12-29 23:08 . 2012-12-29 23:08 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F51E25F-97CC-4828-9228-4D9F18F8C630}\offreg.dll 2012-12-29 22:52 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F51E25F-97CC-4828-9228-4D9F18F8C630}\mpengine.dll 2012-12-29 22:31 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-29 20:34 . 2012-12-29 20:34 -------- d-----w- C:\_OTL 2012-12-26 19:24 . 2012-12-26 19:24 -------- d-----w- c:\documents and settings\Administrator . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2004-08-10 17:50 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-10 17:51 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02 . 2004-08-10 17:50 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec 2012-10-02 18:04 . 2004-08-10 17:51 58368 ----a-w- c:\windows\system32\synceng.dll 2009-11-05 03:10 . 2009-11-05 03:10 9034488 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-xp.exe 2008-06-08 02:25 . 2008-06-08 02:25 9722720 ----a-w- c:\program files\spybotsd152.exe 2007-01-28 17:20 . 2007-01-28 17:20 36808256 ----a-w- c:\program files\iTunesSetup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-04 26112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "BuildBU"="c:\dell\bldbubg.exe" [2005-10-04 61440] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ dlbcserv.lnk - [N/A] Kodak EasyShare software.lnk - [N/A] Microsoft Find Fast.lnk - [N/A] Office Startup.lnk - [N/A] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service . S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . 2012-12-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228" IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227" IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: malwarebytes.org Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll AddRemove-DefaultTab - c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\uninstalldt.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-29 22:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-12-29 22:04:09 ComboFix-quarantined-files.txt 2012-12-30 03:04 . Pre-Run: 48,561,700,864 bytes free Post-Run: 49,187,033,088 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - C43953AE4C6F31B4508349BCF16CC62C

Yes, though I didn't change the BIOS settings. Do I need to reset them? Any remaining steps to complete?

Thanks - here is the log. ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found. Registry key HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found. Registry key HKEY_USERS\Jim_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2C0A5F28-48D8-408B-9172-9C6121025BCE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C0A5F28-48D8-408B-9172-9C6121025BCE}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry key HKEY_USERS\Jim_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Jim\Application Data\Snxtvfntrm deleted successfully. C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe moved successfully. C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe moved successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe moved successfully. C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe moved successfully. C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe moved successfully. File C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe not found. File C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe not found. File C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe not found. File C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe not found. File C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe not found. File C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe not found. OTLPE by OldTimer - Version 3.1.48.0 log created on 12292012_153430

Hi Mr. C - It did work after several tries - thanks. I've posted the text file below. OTL logfile created on: 12/29/2012 12:56:07 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 58.00% Memory free 454.00 Mb Paging File | 334.00 Mb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.10 Gb Total Space | 45.44 Gb Free Space | 63.91% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet004 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (LVUVC) Logitech QuickCam S5500(UVC) DRV - File not found [Kernel | On_Demand] -- -- (LVUSBSta) DRV - File not found [Kernel | On_Demand] -- -- (LVRS) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand] -- -- (FilterService) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2009/03/25 10:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/03/25 10:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/03/25 10:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/03/25 10:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/03/25 10:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/10/04 15:50:19 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM) DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K) DRV - [2004/06/02 13:17:56 | 000,151,985 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit) DRV - [2004/05/20 08:45:20 | 000,068,950 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP) DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint) DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps) DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam) DRV - [2004/03/24 10:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci) DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway IE - HKU\Administrator_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Backup = http://rhodeisland.cox.net/cci/home IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\Jim_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found IE - HKU\Jim_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Jim_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () O1 HOSTS File: ([2008/09/03 21:41:28 | 000,263,142 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 9128 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found. O2 - BHO: (no name) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - No CLSID value found. O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKU\Jim_ON_C\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found. O4 - HKLM..\Run: [buildBU] C:\dell\bldbubg.exe () O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKU\Jim_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKU\Jim_ON_C..\Run: [EPSON Stylus NX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFA.EXE (SEIKO EPSON CORPORATION) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Jim_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Jim_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Jim\Application Data\Snxtvfntrm) - C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe (Yrutaza) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - lvcodec2.dll File not found Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2012/12/26 15:51:41 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe [2012/12/26 14:24:49 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe [2012/12/26 14:24:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2012/12/26 14:24:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data [2012/12/26 14:24:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies [2012/12/26 14:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun [2012/12/26 14:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc [2012/12/26 14:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities [2012/12/26 14:24:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2012/12/26 14:24:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup [2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures [2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music [2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents [2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites [2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories [2012/12/26 14:24:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2012/12/26 14:24:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates [2012/12/26 14:24:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2012/12/26 14:24:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood [2012/12/26 14:24:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help [2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories [2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dell [2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CCWin [2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory [2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030} [2012/12/26 14:11:28 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe [2012/12/26 14:05:03 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe [2012/12/26 14:05:02 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe [2009/11/04 22:10:23 | 009,034,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mssefullinstall-x86fre-en-us-xp.exe [2008/06/07 21:25:28 | 009,722,720 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd152.exe [2007/01/28 12:20:37 | 036,808,256 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\iTunesSetup.exe [2005/11/26 23:56:22 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jim\MSSSerif120.fon [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/29 12:14:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/29 12:13:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/29 12:12:39 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe [2012/12/29 12:12:38 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe [2012/12/29 12:12:27 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys [2012/12/28 18:59:25 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe [2012/12/26 15:51:43 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe [2012/12/26 15:51:41 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe [2012/12/26 03:31:49 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/12/26 03:21:26 | 001,016,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/21 12:34:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012/12/12 03:11:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/28 18:14:39 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys [2012/12/26 14:24:41 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk [2012/12/26 14:24:41 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2012/12/26 14:24:41 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/12/26 14:24:41 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk [2012/12/26 14:24:41 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2012/12/26 14:24:33 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk [2012/12/26 14:24:33 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk [2012/12/26 14:24:33 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk [2012/02/16 02:25:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2009/12/25 09:07:04 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi [2009/11/04 07:32:18 | 000,000,822 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll [2009/05/16 20:18:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/03/07 09:11:02 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2009/03/07 09:11:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/03/07 09:11:01 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2009/03/07 09:11:01 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2009/03/07 09:11:01 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2009/03/07 09:11:01 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2009/03/07 09:11:01 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2009/03/07 09:11:01 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2009/03/07 09:11:01 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2009/03/07 09:11:01 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2009/03/07 09:11:01 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2009/03/07 09:11:01 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2009/03/07 09:11:01 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2009/03/07 09:11:01 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2009/03/07 09:11:01 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2009/03/07 09:11:01 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2009/03/07 09:03:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\EPSNX200.ini [2008/09/24 19:44:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\msacc30.ini [2008/09/24 19:44:19 | 000,000,220 | ---- | C] () -- C:\WINDOWS\repl9.ini [2008/07/01 21:00:56 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI [2008/03/08 12:55:38 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/08 12:28:52 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2007/02/13 19:41:41 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/03/21 20:04:34 | 000,458,761 | ---- | C] () -- C:\Program Files\setup.exe [2006/02/19 11:29:45 | 000,001,042 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/02/19 11:29:39 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL [2006/02/19 11:29:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL [2006/02/19 11:29:39 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL [2006/02/19 11:29:29 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL [2005/11/18 19:58:41 | 000,000,504 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2005/11/01 17:41:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Jim.ini [2005/10/25 12:52:35 | 000,010,264 | ---- | C] () -- C:\WINDOWS\extend.dat [2005/10/18 22:03:32 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/17 20:18:13 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2005/10/12 20:22:59 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\fusioncache.dat [2005/10/10 15:14:54 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005/10/04 15:58:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/10/04 15:52:16 | 000,000,291 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/10/04 15:49:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005/10/04 15:21:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe [2005/10/04 15:21:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/01/28 08:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 12:57:52 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/10 12:57:15 | 001,016,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 12:51:20 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll [2004/08/10 12:51:20 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll [2004/08/10 12:51:20 | 000,384,904 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 12:51:20 | 000,054,396 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/10 12:51:13 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll [2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 12:50:56 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll [2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll [1997/07/10 23:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE [1997/07/10 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1997/07/10 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997/07/10 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== LOP Check ========== [2009/03/29 12:02:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore [2005/10/10 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech [2009/04/19 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\MyPublisher [2006/11/25 14:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Snapfish [2007/03/16 20:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Viewpoint [2008/10/18 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Wal-Mart [2008/10/18 16:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Wal-Mart Digital Photo Manager [2007/05/13 15:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Wal-Mart Digital Photo Viewer [2008/11/04 16:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2006/09/05 19:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC [2006/09/05 15:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software [2009/03/07 09:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2006/09/05 20:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited [2008/02/02 11:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/03/07 09:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2007/03/16 20:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/10/18 16:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart [2008/12/11 23:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2008/08/11 15:45:20 | 000,086,712 | ---- | M] () -- C:\080811.pdf [2006/04/17 19:01:59 | 001,279,267 | ---- | M] () -- C:\1_jack01.JPG [2006/04/17 19:02:04 | 001,374,992 | ---- | M] () -- C:\1_jack02.JPG [2006/04/17 19:02:06 | 001,238,813 | ---- | M] () -- C:\1_jack_03.JPG [2008/01/01 17:58:10 | 000,057,856 | ---- | M] () -- C:\2007BowlPool.xls [2007/09/02 22:17:42 | 000,136,704 | ---- | M] () -- C:\2007MMT081307.xls [2007/09/17 09:28:40 | 000,137,216 | ---- | M] () -- C:\2007MMT20082707.xls [2008/05/15 20:04:27 | 000,142,848 | ---- | M] () -- C:\2008MMT2008_5_15.xls [2009/03/18 19:36:02 | 000,057,344 | ---- | M] () -- C:\2009 Entry Form_GlennK.xls [2009/03/18 20:00:43 | 000,057,344 | ---- | M] () -- C:\2009 Entry Form_Jack.xls [2009/03/18 20:00:25 | 000,057,344 | ---- | M] () -- C:\2009 Entry Form_JD.xls [2009/04/03 18:54:04 | 000,034,816 | ---- | M] () -- C:\2009depth charts.xls [2007/09/24 20:47:47 | 000,086,528 | ---- | M] () -- C:\aa_78h.xls [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/06/12 21:51:44 | 000,036,864 | ---- | M] () -- C:\BEST BET.doc [2008/12/24 10:22:12 | 000,143,360 | ---- | M] () -- C:\BG Loan Amortization.xls [2007/08/29 19:46:38 | 003,670,168 | ---- | M] (Bodog Poker ) -- C:\BodogPokerClient.exe [2009/06/06 11:22:36 | 000,024,576 | ---- | M] () -- C:\Book1.xls [2005/10/10 14:31:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2008/10/28 19:38:29 | 002,912,256 | ---- | M] () -- C:\Brown DOF.mdb [2008/04/10 22:09:59 | 000,016,384 | ---- | M] () -- C:\brown questions.xls [2008/10/28 19:32:54 | 016,338,944 | ---- | M] () -- C:\Budget17.mdb [2008/10/13 14:49:04 | 008,146,944 | ---- | M] () -- C:\Budget17pm.123 [2008/10/13 14:25:33 | 008,146,944 | ---- | M] () -- C:\Budget17pm.mdb [2008/10/13 14:19:49 | 016,105,472 | ---- | M] () -- C:\Budget17_Backup.mdb [2006/06/06 07:36:55 | 000,666,112 | ---- | M] () -- C:\business.biz [2006/06/06 07:42:27 | 000,666,112 | ---- | M] () -- C:\businesscard.biz [2009/11/14 15:40:50 | 000,026,112 | ---- | M] () -- C:\CALDER RACE COURSE.doc [2007/05/21 21:29:52 | 000,016,384 | ---- | M] () -- C:\cap.xls [2007/05/21 21:47:00 | 000,035,328 | ---- | M] () -- C:\CAP2.doc [2008/09/22 19:09:05 | 000,015,360 | ---- | M] () -- C:\Cape golf.xls [2011/01/12 22:30:07 | 001,043,890 | ---- | M] () -- C:\cc_20110112_2226.reg [2011/09/08 18:27:02 | 000,281,992 | ---- | M] () -- C:\cc_20110908_1926.reg [2009/03/19 22:41:40 | 000,088,576 | ---- | M] () -- C:\cfbl draft 2009.xls [2008/09/14 08:23:59 | 000,020,992 | ---- | M] () -- C:\cfbl standings.xls [2009/12/24 16:20:11 | 000,120,056 | ---- | M] () -- C:\chantal41.jpg [2005/12/21 17:59:45 | 000,001,059 | ---- | M] () -- C:\color ties Jack.htm [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/01/18 22:50:49 | 000,024,576 | ---- | M] () -- C:\Contact Us credit.doc [2008/08/14 21:31:28 | 000,016,896 | ---- | M] () -- C:\CS_overpayment.xls [2009/09/28 18:32:44 | 000,021,220 | ---- | M] () -- C:\DAILY ADMISSIONS.ods [2005/10/04 15:25:52 | 000,005,875 | RH-- | M] () -- C:\dell.sdr [2009/12/03 10:03:19 | 000,046,896 | ---- | M] () -- C:\DEPARTMENT GROWTH REPORT 2009.doc [2009/12/03 10:02:08 | 000,011,716 | ---- | M] () -- C:\Departmental Growth Report.xlsx [2008/04/02 21:52:43 | 000,220,672 | ---- | M] () -- C:\depthchart.xls [2008/04/05 20:37:25 | 000,186,368 | ---- | M] () -- C:\depthchart_final.xls [2008/05/05 21:02:47 | 000,029,696 | ---- | M] () -- C:\derby.xls [2004/11/09 17:29:38 | 000,012,862 | ---- | M] () -- C:\desktop.ico [2010/03/29 19:46:06 | 000,040,448 | ---- | M] () -- C:\DMV Web site.doc [2009/10/27 20:21:27 | 000,055,236 | ---- | M] () -- C:\DOF FY11 URC Salary Presentation.xlsx [2008/04/18 18:57:42 | 000,042,309 | ---- | M] () -- C:\downing_james_dof.pdf [2009/11/13 21:48:43 | 000,031,866 | ---- | M] () -- C:\drf_analysis1113.pdf [2006/12/03 15:37:21 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log [2009/04/21 21:50:20 | 000,044,377 | ---- | M] () -- C:\EasyShare.dmp [2007/09/11 19:40:33 | 000,021,504 | ---- | M] () -- C:\Ellen resume.doc [2006/06/06 07:42:27 | 000,950,784 | ---- | M] () -- C:\ellenbrochure.bro [2007/03/24 22:02:25 | 000,066,048 | ---- | M] () -- C:\EntrySummary.xls [2009/03/07 16:01:14 | 001,048,409 | ---- | M] () -- C:\fb2.JPG [2004/08/28 01:51:15 | 001,507,080 | ---- | M] () -- C:\FB_ED.JPG [2008/09/13 17:12:31 | 004,575,930 | ---- | M] () -- C:\FB_J1.jpg [2009/12/17 23:07:13 | 024,556,086 | ---- | M] () -- C:\FB_J3.BMP [2008/09/10 16:13:10 | 004,302,731 | ---- | M] () -- C:\FB_J3.jpg [2008/09/10 15:45:30 | 005,924,386 | ---- | M] () -- C:\FD_J2.jpg [2006/04/11 20:09:21 | 000,004,930 | -HS- | M] () -- C:\ffastun.ffa [2006/04/11 20:09:20 | 000,516,096 | -HS- | M] () -- C:\ffastun.ffl [2006/04/11 20:09:21 | 000,659,456 | -H-- | M] () -- C:\ffastun.ffo [2006/04/11 20:09:20 | 000,872,448 | -HS- | M] () -- C:\ffastun0.ffx [2006/04/12 22:56:40 | 000,516,096 | ---- | M] () -- C:\ffastunT.ffl [2009/01/02 13:34:58 | 000,030,720 | ---- | M] () -- C:\Fidelity_Child & Family.doc [2006/12/16 21:41:24 | 000,003,950 | ---- | M] () -- C:\fred.jpg [2008/09/06 21:37:11 | 000,715,776 | ---- | M] () -- C:\FRS.xls [2006/10/18 23:28:07 | 000,601,600 | ---- | M] () -- C:\FTP Tourney.doc [2005/11/01 17:33:58 | 007,687,705 | ---- | M] (InstallShield Software Corporation) -- C:\FullTiltSetup.exe [2008/10/08 14:36:20 | 000,083,456 | ---- | M] () -- C:\Fund Transfer Smart Plan.doc [2008/02/12 22:55:39 | 000,045,056 | ---- | M] () -- C:\FY08%20EPRS%20LLee_Stage%20B[1].doc [2009/04/22 21:02:19 | 001,176,213 | ---- | M] () -- C:\FY10 Temp. Teaching Detail.xlsx [2009/03/29 17:47:29 | 000,109,056 | ---- | M] () -- C:\Globetrotters.doc [2006/07/05 21:33:17 | 000,026,299 | ---- | M] () -- C:\golf_115.jpeg [2012/12/02 10:41:38 | 000,029,184 | ---- | M] () -- C:\Gulfstream Park.doc [2009/06/04 21:36:15 | 000,025,088 | ---- | M] () -- C:\handicaps.xls [2008/05/10 10:46:17 | 000,017,408 | ---- | M] () -- C:\handicaps_bill_d.xls [2012/12/29 12:12:27 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys [2009/12/03 16:31:13 | 000,027,362 | ---- | M] () -- C:\HOL1pg1203.pdf [2009/12/06 19:20:26 | 000,030,499 | ---- | M] () -- C:\HOL1pg1206.pdf [2009/12/20 18:45:03 | 000,032,952 | ---- | M] () -- C:\HOL1pg1220.pdf [2006/03/13 22:11:49 | 000,017,408 | ---- | M] () -- C:\HOME EQUITY.xls [2006/05/15 14:08:39 | 000,018,944 | ---- | M] () -- C:\HOME EQUITY2.xls [2009/11/29 15:50:32 | 000,434,040 | ---- | M] () -- C:\IMG00005-20090903-1219.jpg [2005/11/18 19:56:35 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1 [2008/09/06 20:08:07 | 535,261,532 | ---- | M] () -- C:\install_office2003.exe [2009/04/21 21:17:22 | 534,834,027 | ---- | M] () -- C:\install_office2007.exe [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2005/10/04 15:50:36 | 000,000,829 | -H-- | M] () -- C:\IPH.PH [2008/12/11 23:42:04 | 068,756,776 | ---- | M] (Apple Inc.) -- C:\iTunesSetup.exe [2005/12/11 18:21:48 | 000,640,214 | ---- | M] () -- C:\Jack Christmas card 2005.jpg [2005/12/21 18:00:29 | 000,001,088 | ---- | M] () -- C:\jack with pumpkins color.htm [2005/12/21 17:54:11 | 000,001,056 | ---- | M] () -- C:\jack with ties.htm [2005/11/24 21:53:37 | 000,656,607 | ---- | M] () -- C:\jack.jpg [2005/11/24 21:58:12 | 000,432,347 | ---- | M] () -- C:\jack10.jpg [2005/11/24 21:58:28 | 000,410,025 | ---- | M] () -- C:\jack11.jpg [2005/11/24 21:58:54 | 000,534,989 | ---- | M] () -- C:\jack12.jpg [2005/11/24 21:59:21 | 000,376,310 | ---- | M] () -- C:\jack13.jpg [2005/11/24 21:59:44 | 000,293,820 | ---- | M] () -- C:\jack14.jpg [2005/11/24 21:59:58 | 000,503,891 | ---- | M] () -- C:\jack15.jpg [2005/11/24 22:00:23 | 000,695,684 | ---- | M] () -- C:\jack16.jpg [2005/11/24 22:00:37 | 000,722,919 | ---- | M] () -- C:\jack17.jpg [2005/11/24 22:00:53 | 000,687,359 | ---- | M] () -- C:\jack18.jpg [2005/11/24 22:01:38 | 000,484,766 | ---- | M] () -- C:\jack19.jpg [2005/11/24 21:54:22 | 000,661,698 | ---- | M] () -- C:\jack2.jpg [2005/11/24 22:02:03 | 001,029,399 | ---- | M] () -- C:\jack20.jpg [2005/11/24 22:02:21 | 001,224,127 | ---- | M] () -- C:\jack21.jpg [2005/11/24 22:02:38 | 001,017,575 | ---- | M] () -- C:\jack22.jpg [2005/11/24 22:03:09 | 000,576,311 | ---- | M] () -- C:\jack23.jpg [2005/11/24 22:03:28 | 000,627,316 | ---- | M] () -- C:\jack24.jpg [2005/11/24 22:03:57 | 000,812,395 | ---- | M] () -- C:\jack25.jpg [2005/11/24 22:06:07 | 000,605,375 | ---- | M] () -- C:\jack26.jpg [2005/11/24 22:07:28 | 000,619,959 | ---- | M] () -- C:\jack27.jpg [2005/11/24 21:54:58 | 000,654,806 | ---- | M] () -- C:\jack3.jpg [2005/11/24 21:55:23 | 000,254,640 | ---- | M] () -- C:\jack4.jpg [2005/11/24 21:55:51 | 000,185,094 | ---- | M] () -- C:\jack5.jpg [2005/11/24 21:56:17 | 000,475,861 | ---- | M] () -- C:\jack6.jpg [2005/11/24 21:56:44 | 001,050,942 | ---- | M] () -- C:\jack7.jpg [2005/11/24 21:57:14 | 000,996,109 | ---- | M] () -- C:\jack8.jpg [2005/11/24 21:57:35 | 000,339,543 | ---- | M] () -- C:\jack9.jpg [2009/03/18 20:25:09 | 000,642,048 | ---- | M] () -- C:\JDLoanAmortization.xls [2008/01/18 23:10:26 | 000,135,168 | ---- | M] () -- C:\jim credit report.doc [2012/10/22 19:28:02 | 000,055,808 | ---- | M] () -- C:\John the Baptist portrait.doc [2012/10/21 09:22:24 | 000,055,296 | ---- | M] () -- C:\John the Baptist.doc [2006/08/19 09:15:23 | 000,023,552 | ---- | M] () -- C:\johnnie.xls [2007/12/07 21:40:27 | 000,001,816 | ---- | M] () -- C:\Magazines_Cancellation info.htm [2007/12/07 21:40:57 | 000,098,816 | ---- | M] () -- C:\magazine_cancellation info2.doc [2008/04/03 22:31:30 | 000,019,456 | ---- | M] () -- C:\mcafee.doc [2005/11/02 20:43:08 | 000,011,152 | ---- | M] () -- C:\MemberST - Receipt.htm [2012/10/28 12:40:20 | 005,688,414 | ---- | M] () -- C:\mike crop.BMP [2012/10/28 12:38:49 | 000,790,367 | ---- | M] () -- C:\mike crop.JPG [2008/10/01 23:18:26 | 000,009,372 | ---- | M] () -- C:\Mike.jpg [2012/10/28 12:55:35 | 000,830,464 | ---- | M] () -- C:\mikea arnold saint project.doc [2012/10/28 12:54:27 | 000,830,464 | ---- | M] () -- C:\mikea arnold.doc [2008/08/05 21:40:03 | 000,146,944 | ---- | M] () -- C:\MMT Rosters 8_1_08.xls [2009/06/12 18:31:46 | 000,018,432 | ---- | M] () -- C:\mmt standingd before trade.xls [2007/07/08 21:45:06 | 000,015,872 | ---- | M] () -- C:\mmt trade ideas.xls [2007/07/15 08:40:14 | 000,033,280 | ---- | M] () -- C:\mmt trade ideas7_15.xls [2006/05/19 22:30:52 | 000,034,304 | ---- | M] () -- C:\mmt trades.xls [2006/05/21 17:14:19 | 000,014,336 | ---- | M] () -- C:\mmt trades2.xls [2008/07/27 17:56:39 | 000,186,880 | ---- | M] () -- C:\mmt values 7.27.08.xls [2008/08/05 21:39:58 | 000,191,488 | ---- | M] () -- C:\mmt values 8.4.08.xls [2009/03/29 17:53:25 | 002,242,560 | ---- | M] () -- C:\mmt2009.mdb [2009/04/03 23:26:18 | 000,799,232 | ---- | M] () -- C:\MMT2009.xls [2006/08/13 20:59:13 | 000,215,040 | ---- | M] () -- C:\MMTRosters61906.xls [2007/02/19 10:13:52 | 000,927,232 | ---- | M] () -- C:\mmt_tracking draft.xls [2007/12/03 12:47:05 | 000,034,304 | ---- | M] () -- C:\MORTGAGE(1).xls [2009/03/01 10:27:59 | 000,034,816 | ---- | M] () -- C:\MORTGAGE_George.xls [2009/11/29 23:30:15 | 000,026,624 | ---- | M] () -- C:\MORTGAGE_ZINGA.xls [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2008/03/30 17:07:48 | 000,198,144 | ---- | M] () -- C:\ncaa2008summary.xls [2009/05/31 06:49:45 | 000,030,720 | ---- | M] () -- C:\newportfed passwords.doc [2007/08/28 07:40:00 | 000,020,992 | ---- | M] () -- C:\Newsletter for Social Services.doc [2007/08/10 17:18:50 | 000,020,480 | ---- | M] () -- C:\nh directions.doc [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/08/23 21:08:50 | 000,250,048 | RHS- | M] () -- C:\ntldr [2008/04/27 09:08:50 | 000,033,482 | ---- | M] () -- C:\nyy.csv [2006/02/05 13:00:30 | 000,917,765 | ---- | M] () -- C:\olivia.jpg [2012/12/29 12:12:26 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys [2005/12/11 17:27:50 | 000,045,888 | ---- | M] () -- C:\Photo Center Add or Claim Photos.htm [2008/09/06 21:43:39 | 000,742,400 | ---- | M] () -- C:\Pillar.xls [2008/02/01 20:31:40 | 000,201,901 | ---- | M] () -- C:\props_2008.pdf [2009/03/29 20:05:03 | 000,101,888 | ---- | M] () -- C:\Rd1 Update.xls [2009/09/12 20:49:01 | 000,001,736 | ---- | M] () -- C:\RE-%20temp%20teaching%20funds [2008/07/26 16:57:20 | 000,019,456 | ---- | M] () -- C:\REGISTRATION COMPLETE donotcall.doc [2008/09/24 19:39:59 | 002,038,784 | ---- | M] () -- C:\repl9.exe [2008/03/01 17:25:57 | 000,020,480 | ---- | M] () -- C:\SA 4th.doc [2010/03/21 16:17:59 | 000,037,662 | ---- | M] () -- C:\SA1pg0321.pdf [2009/02/01 10:00:48 | 000,140,800 | ---- | M] () -- C:\sb_prop#1.doc [2009/02/01 10:00:00 | 000,199,168 | ---- | M] () -- C:\sb_prop#2.doc [2006/05/14 18:35:57 | 000,832,810 | ---- | M] () -- C:\septic handbook.pdf [2008/06/08 20:37:48 | 000,022,528 | ---- | M] () -- C:\sesame.xls [2008/04/13 21:25:48 | 003,564,544 | ---- | M] () -- C:\Sick Leave Scenarios.xls [2008/09/06 19:42:23 | 000,712,704 | ---- | M] () -- C:\sickleave.mdb [2008/10/09 19:12:17 | 000,018,432 | ---- | M] () -- C:\sign in sheet.xls [2008/09/17 22:57:54 | 000,067,584 | ---- | M] () -- C:\start up 8.17 night.xls [2008/09/17 23:06:15 | 000,559,104 | ---- | M] () -- C:\startup.123.mdb [2008/09/16 22:01:55 | 002,213,888 | ---- | M] () -- C:\StartUpAnalysis.xls [2008/09/17 19:58:21 | 001,875,968 | ---- | M] () -- C:\StartUpnogood.accdb [2005/10/04 15:50:45 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini [2009/09/12 20:46:28 | 000,000,595 | ---- | M] () -- C:\temp%20teaching%20funds [2008/09/13 21:53:07 | 000,217,088 | ---- | M] () -- C:\test.mdb [2009/01/01 22:05:41 | 000,135,680 | -HS- | M] () -- C:\Thumbs.db [2008/08/07 21:24:59 | 000,280,576 | ---- | M] () -- C:\verizon.xls [2007/12/17 23:47:30 | 000,059,392 | ---- | M] () -- C:\Week 15.doc [2007/10/21 19:32:04 | 000,034,816 | ---- | M] () -- C:\week7.xls [2008/08/18 20:21:47 | 000,230,400 | ---- | M] () -- C:\yahoo.xls [2008/08/18 20:49:36 | 000,144,384 | ---- | M] () -- C:\yahoo2.xls [2007/10/29 21:57:17 | 000,026,112 | ---- | M] () -- C:\Your order has been placed and received by Fidelity.doc [2009/01/31 14:37:21 | 000,000,162 | -H-- | M] () -- C:\~$_prop#1.doc < MD5 for: EXPLORER.EXE > [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe < MD5 for: SERVICES.EXE > [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe [2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe < MD5 for: USERINIT.EXE > [2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < End of report >

Hi Mr C - I was able to download OTLPE and burn to a CD. I changed the BIOS on my desktop to boot from a CD. I've tried to boot the machine three times and each time it appears to be working for about 40 seconds as the REATOGO-X-PE desktop appears to be going through a system initialization but then it seems to hang up and I get a light blue screen with no icons. The CD burn confirmed the process was completed successfully. Does it take more than 2 minutes for the REATOGO-X-PE desktop to load? thanks, JD

Hello, Thanks for taking the time to read my problem. My Windows XP desk top has been infected by this FBI Moneypak virus. I'm able to use F8 during boot up but any option selected (Safe Mode, Safe Mode with Command Prompt, etc) all ultimately run through the boot process and result back to the FBI virus screen and the PC is locked/unresponsive to any other commands. Is there anything you can recommend that I try? with thanks, JD