frogpants

I'm not sure about some of these files. I just looked back over what you said to do and I forgot to reboot into safe mode. It seemed to run just fine this time. Should I redo it in safe mode? Also, I don't remember deleting that file from MB but it's not showing up now? Unless that's one of the ones that showed up in the AdwCleaner log. # AdwCleaner v3.022 - Report created 18/03/2014 at 12:14:06# Updated 13/03/2014 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : THE Administrator - DESKTOP# Running from : C:\Documents and Settings\THE Administrator\Desktop\adwcleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Documents and Settings\THE Administrator\Application Data\Mozilla\Firefox\Profiles\3g0cs3i8.default\searchplugins\conduit-search.xmlFile Found : C:\ENDFile Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\adawaretb.xmlFolder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\Free Ride GamesFolder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Optimizer ProFolder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminderFolder Found C:\Documents and Settings\THE Administrator\Local Settings\Application Data\SearchProtectFolder Found C:\Program Files\Freeze.comFolder Found C:\Program Files\StumbleUponFolder Found C:\Program Files\Watch Football TV ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\Freeze.comKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar CleanerKey Found : HKLM\Software\SearchProtect ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Documents and Settings\THE Administrator\Application Data\Mozilla\Firefox\Profiles\3g0cs3i8.default\prefs.js ] -\\ Google Chrome v33.0.1750.154 [ File : C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\THE Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3325 octets] - [18/03/2014 12:14:06] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3385 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.03.18.07 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702THE Administrator :: DESKTOP [administrator] 3/18/2014 12:29:09 PMmbam-log-2014-03-18 (12-29-09).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 404264Time elapsed: 5 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)

I deleted AdwCleaner and went to download it again but is something up with the Terms of Service? It says it's the English version but the I Accept and I Refuse buttons are in French. ?? They weren't like that when I downloaded it the first time.

Thanks for the info about Chrome. I downloaded and ran AdAware. It came up with no infected files or whatever and didn't create a log. I searched for AdwCleaner[R0].txt and the other one but nothing. Should I run it again? I probably clicked on the wrong thing. I've been at this all day and I'm tired. You guys are freakin life savers. I'm gonna get off here for awhile and maybe even feed my family then I'll be back Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.15.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 THE Administrator :: DESKTOP [administrator] 3/15/2014 4:10:47 PM MBAM-log-2014-03-15 (16-18-07)post.txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 403619 Time elapsed: 5 minute(s), 50 second(s) Memory Processes Detected: 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe (PUP.Optional.SearchProtection.A) -> 3880 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Search Protection (PUP.Optional.SearchProtection.A) -> Data: C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe (PUP.Optional.SearchProtection.A) -> No action taken. (end)

Ok, will do. Here's Combofix's log. I discovered with this one that saving to and running from the desktop is different than sending a shortcut to the desktop. I use Chrome and I don't know how to do it so I used IE for this one. I hope I didn't mess the other scans up. If this even makes sense. ComboFix 14-03-13.01 - THE Administrator 03/15/2014 13:33:31.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2395 [GMT -5:00]Running from: c:\documents and settings\THE Administrator\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Admin\Application Data\Toolbar4c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\cache\7ada0fe3c0c81a1cea0a3ab5fa188623c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football News.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Rumors.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Scores.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Tickets.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Videos.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Joobers_20pxH.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Live Football TV.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Apparel.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Jersey.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Picks.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Players.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Predictions.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Schedule.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Search.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Settings.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Watch Live Football.pngc:\documents and settings\Administrator.KREIZENB-46F189\Application Data\Roamingc:\documents and settings\Administrator.KREIZENB-46F189\Application Data\Toolbar4c:\documents and settings\All Users.WINDOWS\Application Data\AMMYYc:\documents and settings\All Users.WINDOWS\Application Data\AMMYY\hrc:\documents and settings\All Users.WINDOWS\Application Data\AMMYY\settings.binc:\documents and settings\All Users.WINDOWS\Application Data\l_0_00_re.padc:\documents and settings\All Users\SPLDF.tmpc:\documents and settings\THE Administrator\Application Data\Toolbar4c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\cache\7ada0fe3c0c81a1cea0a3ab5fa188623c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football News.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Rumors.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Scores.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Tickets.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Videos.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Joobers_20pxH.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Live Football TV.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Apparel.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Jersey.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Picks.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Players.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Predictions.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Schedule.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Search.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Settings.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Watch Live Football.pngc:\program files\Internet Explorer\SETAD.tmpc:\program files\Internet Explorer\SETAE.tmpc:\windows\system32\SETB5.tmpc:\windows\system32\SETB6.tmpc:\windows\system32\SETB7.tmpc:\windows\system32\SETB8.tmpc:\windows\system32\SETB9.tmpc:\windows\system32\SETBA.tmpc:\windows\system32\SETBB.tmpc:\windows\system32\SETBC.tmpc:\windows\system32\SETBD.tmpc:\windows\system32\SETBE.tmpc:\windows\system32\SETBF.tmpc:\windows\system32\SETC0.tmpc:\windows\system32\SETC1.tmpc:\windows\system32\SETC2.tmpc:\windows\system32\SETC4.tmpc:\windows\system32\SETC5.tmpc:\windows\system32\SETC6.tmpc:\windows\system32\SETC7.tmpc:\windows\system32\SETC8.tmpc:\windows\system32\SETC9.tmpc:\windows\system32\SETCA.tmpc:\windows\system32\SETCB.tmpc:\windows\system32\SETCC.tmpc:\windows\system32\SETCD.tmpc:\windows\system32\SETCE.tmpc:\windows\system32\SETCF.tmpc:\windows\system32\SETD0.tmpc:\windows\system32\SETD1.tmpc:\windows\system32\SETD2.tmpc:\windows\system32\SETD3.tmpc:\windows\system32\SETD4.tmpc:\windows\system32\SETD5.tmpc:\windows\system32\SETD6.tmpc:\windows\system32\SETD7.tmpc:\windows\system32\SETD8.tmpc:\windows\system32\SETD9.tmp..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_PCCMSERVICE-------\Service_pcCMService..((((((((((((((((((((((((( Files Created from 2014-02-15 to 2014-03-15 )))))))))))))))))))))))))))))))..2014-03-15 16:29 . 2014-03-15 16:29 -------- d-----w- c:\program files\CCleaner2014-03-14 08:19 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe2014-03-14 08:19 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe2014-03-12 17:44 . 2014-03-12 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-03-12 17:44 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-12 15:38 . 2014-03-12 15:38 -------- d-----w- c:\documents and settings\Admin2014-03-04 01:30 . 2014-03-04 01:30 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJEGV...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-24 11:46 . 2008-04-13 23:00 920064 ----a-w- c:\windows\system32\wininet.dll2014-02-24 11:45 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll2014-02-24 11:45 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2014-02-24 11:45 . 2008-04-13 23:00 18944 ------w- c:\windows\system32\corpol.dll2014-02-24 10:54 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec2014-02-07 02:01 . 2008-04-13 23:00 1879040 ----a-w- c:\windows\system32\win32k.sys2014-02-05 17:04 . 2013-03-28 03:32 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys2014-02-05 08:55 . 2008-04-13 23:00 562688 ----a-w- c:\windows\system32\qedit.dll2014-02-02 17:03 . 2013-03-28 03:32 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-02-02 17:03 . 2011-06-27 00:46 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-02-02 17:03 . 2010-12-08 23:52 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys2014-02-02 17:03 . 2010-12-08 23:52 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys2014-02-02 17:03 . 2013-03-28 03:32 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-02-02 17:03 . 2011-01-19 02:25 43152 ----a-w- c:\windows\avastSS.scr2014-02-02 17:03 . 2010-12-08 23:52 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys2014-02-02 17:03 . 2010-12-08 23:51 270240 ----a-w- c:\windows\system32\aswBoot.exe2014-01-04 03:13 . 2008-04-13 23:00 420864 ------w- c:\windows\system32\vbscript.dll2013-12-18 17:31 . 2012-06-30 18:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-12-18 17:31 . 2012-06-30 18:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2003-03-19 02:20 . 2014-01-10 04:41 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll2003-02-21 09:42 . 2014-01-10 04:41 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-02-02 17:03 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-02-20 4505368].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-18 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-18 178712]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-18 150040]"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-02-02 3767096].c:\documents and settings\Kreizenbeck\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].c:\documents and settings\THE Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 277920].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\WINDOWS\\system32\\dlcxcoms.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"135:TCP"= 135:TCP:TCP Port 135"5000:TCP"= 5000:TCP:TCP Port 5000"5001:TCP"= 5001:TCP:TCP Port 5001"5002:TCP"= 5002:TCP:TCP Port 5002"5003:TCP"= 5003:TCP:TCP Port 5003"5004:TCP"= 5004:TCP:TCP Port 5004"5005:TCP"= 5005:TCP:TCP Port 5005"5006:TCP"= 5006:TCP:TCP Port 5006"5007:TCP"= 5007:TCP:TCP Port 5007"5008:TCP"= 5008:TCP:TCP Port 5008"5009:TCP"= 5009:TCP:TCP Port 5009"5010:TCP"= 5010:TCP:TCP Port 5010"5011:TCP"= 5011:TCP:TCP Port 5011"5012:TCP"= 5012:TCP:TCP Port 5012"5013:TCP"= 5013:TCP:TCP Port 5013"5014:TCP"= 5014:TCP:TCP Port 5014"5015:TCP"= 5015:TCP:TCP Port 5015"5016:TCP"= 5016:TCP:TCP Port 5016"5017:TCP"= 5017:TCP:TCP Port 5017"5018:TCP"= 5018:TCP:TCP Port 5018"5019:TCP"= 5019:TCP:TCP Port 5019"5020:TCP"= 5020:TCP:TCP Port 5020"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009.R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3/27/2013 10:32 PM 21576]R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/27/2013 10:32 PM 49944]R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/27/2013 10:32 PM 180248]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/26/2011 7:46 PM 775952]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2010 6:52 PM 410784]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3/27/2013 10:32 PM 67824]R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [8/22/2011 10:16 PM 104880]S0 cerc6;cerc6; [x]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [1/15/2014 7:39 PM 235696].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 16:47 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 17:31].2014-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57].2014-03-15 c:\windows\Tasks\avast! Emergency Update.job- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-03-28 17:03].2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf2cc85af9d4fc.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 23:52].2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf2cc85bc21a84.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 23:52].2014-03-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job- c:\windows\system32\xp_eos.exe [2014-03-14 01:59].2014-03-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]..------- Supplementary Scan -------.uStart Page = www.bing.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000Trusted Zone: $talisma_url$TCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\THE Administrator\Application Data\Mozilla\Firefox\Profiles\3g0cs3i8.default\FF - prefs.js: browser.search.selectedEngine - SecureSearchFF - prefs.js: browser.startup.homepage - www.google.com.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)WebBrowser-{618413C5-0C8D-4D0F-9600-7CED876FA3DF} - (no file)HKCU-Run-ATT-SST - c:\program files\ATT-SST\pcBrowser.exec:\documents and settings\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrunSafeBoot-75627731.sysAddRemove-EpicPlay - c:\program files\EpicPlay\epicRemoval.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-03-15 13:44Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,7b,f3,c8,86,91,9a,4c,8a,71,fd,\"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,7b,f3,c8,86,91,9a,4c,8a,71,fd,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(928)c:\windows\system32\WININET.dllc:\progra~1\mcafee\SITEAD~1\saHook.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.------------------------ Other Running Processes ------------------------.c:\program files\Alwil Software\Avast5\AvastSvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\system32\dlcxcoms.exec:\program files\Canon\IJPLM\IJPLMSVC.EXEc:\program files\Java\jre7\bin\jqs.exec:\windows\system32\wdfmgr.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\system32\rundll32.exec:\windows\system32\wscntfy.exec:\windows\system32\igfxsrvc.exec:\windows\RTHDCPL.EXEc:\program files\iPod\bin\iPodService.exec:\windows\system32\wbem\unsecapp.exec:\program files\Microsoft Office\Office12\ONENOTEM.EXE.**************************************************************************.Completion time: 2014-03-15 13:47:42 - machine was rebootedComboFix-quarantined-files.txt 2014-03-15 18:47.Pre-Run: 279,332,569,088 bytes freePost-Run: 279,864,668,160 bytes free.- - End Of File - - B8249419385BDC54D753F25DB73EBA2F8F558EB6672622401DA993E1E865C861

Ugh, I hope I'm not repeating this. I didn't get this window to attach and had to go out and come back in. Ok here are the logs.... 11:43:52.0953 0x0ce0 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:0211:44:24.0968 0x0ce0 ============================================================11:44:24.0968 0x0ce0 Current date / time: 2014/03/15 11:44:24.096811:44:24.0968 0x0ce0 SystemInfo:11:44:24.0968 0x0ce0 11:44:24.0968 0x0ce0 OS Version: 5.1.2600 ServicePack: 3.011:44:24.0968 0x0ce0 Product type: Workstation11:44:24.0968 0x0ce0 ComputerName: DESKTOP11:44:24.0968 0x0ce0 UserName: THE Administrator11:44:24.0968 0x0ce0 Windows directory: C:\WINDOWS11:44:24.0968 0x0ce0 System windows directory: C:\WINDOWS11:44:24.0968 0x0ce0 Processor architecture: Intel x8611:44:24.0968 0x0ce0 Number of processors: 211:44:24.0968 0x0ce0 Page size: 0x100011:44:24.0968 0x0ce0 Boot type: Normal boot11:44:24.0968 0x0ce0 ============================================================11:44:27.0656 0x0ce0 KLMD registered as C:\WINDOWS\system32\drivers\51986175.sys11:44:27.0953 0x0ce0 System UUID: {54B00AF1-4765-2A95-C834-42642E288F07}11:44:28.0453 0x0ce0 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005411:44:28.0453 0x0ce0 ============================================================11:44:28.0453 0x0ce0 \Device\Harddisk0\DR0:11:44:28.0453 0x0ce0 MBR partitions:11:44:28.0453 0x0ce0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x240922A811:44:28.0453 0x0ce0 ============================================================11:44:28.0500 0x0ce0 C: <-> \Device\Harddisk0\DR0\Partition111:44:28.0500 0x0ce0 ============================================================11:44:28.0500 0x0ce0 Initialize success11:44:28.0500 0x0ce0 ============================================================11:46:11.0187 0x0c8c Deinitialize success 11:46:27.0578 0x0ce0 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:0211:46:31.0781 0x0ce0 ============================================================11:46:31.0781 0x0ce0 Current date / time: 2014/03/15 11:46:31.078111:46:31.0781 0x0ce0 SystemInfo:11:46:31.0781 0x0ce0 11:46:31.0781 0x0ce0 OS Version: 5.1.2600 ServicePack: 3.011:46:31.0781 0x0ce0 Product type: Workstation11:46:31.0781 0x0ce0 ComputerName: DESKTOP11:46:31.0781 0x0ce0 UserName: THE Administrator11:46:31.0781 0x0ce0 Windows directory: C:\WINDOWS11:46:31.0781 0x0ce0 System windows directory: C:\WINDOWS11:46:31.0781 0x0ce0 Processor architecture: Intel x8611:46:31.0781 0x0ce0 Number of processors: 211:46:31.0781 0x0ce0 Page size: 0x100011:46:31.0781 0x0ce0 Boot type: Normal boot11:46:31.0781 0x0ce0 ============================================================11:46:35.0140 0x0ce0 KLMD registered as C:\WINDOWS\system32\drivers\16497572.sys11:46:35.0375 0x0ce0 System UUID: {54B00AF1-4765-2A95-C834-42642E288F07}11:46:35.0921 0x0ce0 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005411:46:35.0921 0x0ce0 ============================================================11:46:35.0921 0x0ce0 \Device\Harddisk0\DR0:11:46:35.0921 0x0ce0 MBR partitions:11:46:35.0921 0x0ce0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x240922A811:46:35.0921 0x0ce0 ============================================================11:46:35.0953 0x0ce0 C: <-> \Device\Harddisk0\DR0\Partition111:46:35.0953 0x0ce0 ============================================================11:46:35.0953 0x0ce0 Initialize success11:46:35.0953 0x0ce0 ============================================================12:02:12.0703 0x0d04 KLMD registered as C:\WINDOWS\system32\drivers\31147184.sys12:02:14.0265 0x0d04 Deinitialize success TDSSKiller.3.0.0.25_15.03.2014_12.04.42_log.txt

Hi, I guess you posted this last night but I didn't get an email. i did the first time. Did I accidentally unclick something in here??

Hopefully I did all that right. Also, I don't know if it matters but that one file I found, pccmservice.exe, I had stopped it in Services. Anyway thanks again

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : THE Administrator [Admin rights] Mode : Scan -- Date : 03/14/2014 19:00:40 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3320613AS +++++ --- User --- [MBR] 05edda639f6e72a3e039701199aff3f5 [bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 295204 Mo 2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 604670535 | Size: 9993 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_03142014_190040.txt >>

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 12/7/2010 5:20:26 PM System Uptime: 3/14/2014 3:16:40 AM (15 hours ago) . Motherboard: Dell Inc. | | 0U880P Processor: Intel Pentium III Xeon processor | CPU 1 | 2493/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 288 GiB total, 257.95 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP653: 12/15/2013 5:35:48 AM - System Checkpoint RP654: 12/16/2013 6:35:48 AM - System Checkpoint RP655: 12/17/2013 7:35:48 AM - System Checkpoint RP656: 12/18/2013 8:35:49 AM - System Checkpoint RP657: 12/19/2013 3:00:14 AM - Software Distribution Service 3.0 RP658: 12/20/2013 3:35:48 AM - System Checkpoint RP659: 12/21/2013 4:35:40 AM - System Checkpoint RP660: 12/22/2013 5:35:40 AM - System Checkpoint RP661: 12/23/2013 6:35:40 AM - System Checkpoint RP662: 12/24/2013 7:35:40 AM - System Checkpoint RP663: 12/25/2013 8:35:40 AM - System Checkpoint RP664: 12/26/2013 9:35:40 AM - System Checkpoint RP665: 12/27/2013 10:35:40 AM - System Checkpoint RP666: 12/28/2013 11:35:40 AM - System Checkpoint RP667: 12/29/2013 12:35:06 PM - System Checkpoint RP668: 12/30/2013 12:35:40 PM - System Checkpoint RP669: 12/31/2013 1:42:30 PM - System Checkpoint RP670: 1/1/2014 2:35:30 PM - System Checkpoint RP671: 1/2/2014 3:35:30 PM - System Checkpoint RP672: 1/3/2014 4:35:30 PM - System Checkpoint RP673: 1/4/2014 5:35:30 PM - System Checkpoint RP674: 1/5/2014 6:35:30 PM - System Checkpoint RP675: 1/6/2014 7:35:30 PM - System Checkpoint RP676: 1/7/2014 8:35:24 PM - System Checkpoint RP677: 1/8/2014 9:35:24 PM - System Checkpoint RP678: 1/9/2014 10:35:27 PM - System Checkpoint RP679: 1/10/2014 11:35:30 PM - System Checkpoint RP680: 1/12/2014 12:35:26 AM - System Checkpoint RP681: 1/13/2014 1:35:26 AM - System Checkpoint RP682: 1/14/2014 2:35:26 AM - System Checkpoint RP683: 1/15/2014 3:35:26 AM - System Checkpoint RP684: 1/16/2014 3:00:19 AM - Software Distribution Service 3.0 RP685: 1/17/2014 3:19:31 AM - System Checkpoint RP686: 1/18/2014 4:18:19 AM - System Checkpoint RP687: 1/19/2014 5:18:19 AM - System Checkpoint RP688: 1/20/2014 6:18:19 AM - System Checkpoint RP689: 1/21/2014 7:18:19 AM - System Checkpoint RP690: 1/22/2014 8:18:19 AM - System Checkpoint RP691: 1/23/2014 9:17:24 AM - System Checkpoint RP692: 1/24/2014 10:17:24 AM - System Checkpoint RP693: 1/25/2014 11:17:24 AM - System Checkpoint RP694: 1/26/2014 12:17:24 PM - System Checkpoint RP695: 1/27/2014 1:30:15 PM - System Checkpoint RP696: 1/28/2014 6:38:44 PM - System Checkpoint RP697: 1/29/2014 7:17:18 PM - System Checkpoint RP698: 1/30/2014 7:43:42 PM - System Checkpoint RP699: 1/31/2014 2:03:21 PM - Installed Windows XP KB942288-v3. RP700: 1/31/2014 2:03:49 PM - AA11 RP701: 2/1/2014 2:29:18 PM - System Checkpoint RP702: 2/2/2014 10:59:14 AM - avast! antivirus system restore point RP703: 2/2/2014 12:30:40 PM - Removed ABBYY FineReader 6.0 Sprint RP704: 2/2/2014 12:31:12 PM - AA11 RP705: 2/3/2014 12:46:59 PM - System Checkpoint RP706: 2/4/2014 1:11:25 PM - System Checkpoint RP707: 2/5/2014 2:43:32 PM - System Checkpoint RP708: 2/6/2014 3:24:49 PM - System Checkpoint RP709: 2/7/2014 4:11:22 PM - System Checkpoint RP710: 2/8/2014 7:39:09 PM - System Checkpoint RP711: 2/9/2014 8:11:20 PM - System Checkpoint RP712: 2/10/2014 8:30:29 PM - System Checkpoint RP713: 2/11/2014 9:11:22 PM - System Checkpoint RP714: 2/12/2014 10:11:13 PM - System Checkpoint RP715: 2/13/2014 3:00:23 AM - Software Distribution Service 3.0 RP716: 2/14/2014 3:41:57 AM - System Checkpoint RP717: 2/15/2014 4:34:26 AM - System Checkpoint RP718: 2/16/2014 5:46:26 AM - System Checkpoint RP719: 2/17/2014 6:34:27 AM - System Checkpoint RP720: 2/18/2014 6:46:27 AM - System Checkpoint RP721: 2/19/2014 7:46:27 AM - System Checkpoint RP722: 2/20/2014 8:33:58 AM - System Checkpoint RP723: 2/21/2014 9:45:58 AM - System Checkpoint RP724: 2/22/2014 10:33:58 AM - System Checkpoint RP725: 2/23/2014 11:33:58 AM - System Checkpoint RP726: 2/24/2014 1:51:43 PM - System Checkpoint RP727: 2/25/2014 3:31:35 PM - System Checkpoint RP728: 2/26/2014 3:57:50 PM - System Checkpoint RP729: 2/27/2014 4:33:53 PM - System Checkpoint RP730: 2/28/2014 4:45:53 PM - System Checkpoint RP731: 3/1/2014 5:45:53 PM - System Checkpoint RP732: 3/2/2014 6:33:53 PM - System Checkpoint RP733: 3/3/2014 6:45:53 PM - System Checkpoint RP734: 3/4/2014 7:45:53 PM - System Checkpoint RP735: 3/5/2014 7:59:11 PM - System Checkpoint RP736: 3/6/2014 8:45:47 PM - System Checkpoint RP737: 3/7/2014 9:57:13 PM - System Checkpoint RP738: 3/8/2014 11:45:47 PM - System Checkpoint RP739: 3/10/2014 12:45:46 AM - System Checkpoint RP740: 3/11/2014 1:33:49 AM - System Checkpoint RP741: 3/12/2014 2:33:46 AM - System Checkpoint RP742: 3/13/2014 3:00:19 AM - System Checkpoint RP743: 3/14/2014 3:00:15 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.9) Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus Bonjour Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 4.0 Canon MP495 series MP Drivers Canon MP495 series User Registration Canon My Printer Canon Solution Menu EX Dell PC Fax Dell Photo AIO Printer 926 Dell Resource CD EpicPlay Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) IBM Forms Viewer 4.0.0 Intel® Graphics Media Accelerator Driver iTunes Java 7 Update 25 Java Auto Updater Java 6 Update 26 Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Security Scan Plus McAfee SiteAdvisor Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetAssistant QuickTime REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB2888505) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Internet Explorer 8 (KB2909210) Security Update for Windows Internet Explorer 8 (KB2909921) Security Update for Windows Internet Explorer 8 (KB2925418) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834902-v2) Security Update for Windows Media Player (KB2834902) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2862152) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868626) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2876331) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB2892075) Security Update for Windows XP (KB2893294) Security Update for Windows XP (KB2893984) Security Update for Windows XP (KB2898715) Security Update for Windows XP (KB2900986) Security Update for Windows XP (KB2914368) Security Update for Windows XP (KB2916036) Security Update for Windows XP (KB2929961) Security Update for Windows XP (KB2930275) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) SUPERAntiSpyware Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2863058) Update for Windows XP (KB2904266) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 0.9.2 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 8 Windows Media Format Runtime Yahoo! Install Manager Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 3/14/2014 3:18:22 AM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005). 3/13/2014 10:56:56 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 3/12/2014 12:15:54 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/12/2014 11:56:35 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/12/2014 11:10:18 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/12/2014 10:52:45 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 3 time(s). 3/12/2014 10:52:30 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/12/2014 10:45:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/12/2014 10:42:12 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/12/2014 10:39:52 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/12/2014 10:39:30 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 2 time(s). 3/11/2014 2:24:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/10/2014 2:40:27 PM, error: Service Control Manager [7034] - The pcCMService service terminated unexpectedly. It has done this 1 time(s). 3/10/2014 1:27:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/10/2014 1:04:14 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by THE Administrator at 18:37:31 on 2014-03-14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2070 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* . ============== Running Processes ================ . C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre7\bin\jqs.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\McAfee\SiteAdvisor\McChHost.exe c:\PROGRA~1\mcafee\SITEAD~1\saui.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = www.bing.com uWindow Title = Windows Internet Explorer provided by MSN & Bing uSearch Bar = www.bing.com uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - c:\program files\ibm\lotus forms\viewer\4.0\PEhelper.dll BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\alwil software\avast5\aswWebRepIE.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16 mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MemoryCardManager] c:\program files\dell photo aio printer 926\memcard.exe mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui StartupFolder: c:\docume~1\theadm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: $talisma_url$ DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Notify: igfxcui - igfxdev.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\the administrator\application data\mozilla\firefox\profiles\3g0cs3i8.default\ FF - prefs.js: browser.search.selectedEngine - SecureSearch FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\epicplay\npEpicHost.dll FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-27 21576] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-27 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-27 180248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-26 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-8 410784] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-3-27 67824] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-31 50344] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-8-22 104880] S0 cerc6;cerc6; [x] S2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2013-4-27 369152] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-15 235696] . =============== Created Last 30 ================ . 2014-03-12 17:44:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-12 17:44:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2014-03-04 01:30:31 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJEGV . ==================== Find3M ==================== . 2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45:58 43520 ------w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45:57 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45:42 18944 ------w- c:\windows\system32\corpol.dll 2014-02-24 10:54:21 385024 ------w- c:\windows\system32\html.iec 2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 17:04:00 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys 2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll 2014-02-02 17:03:41 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-02-02 17:03:41 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-02-02 17:03:40 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-02-02 17:03:40 43152 ----a-w- c:\windows\avastSS.scr 2014-01-04 03:13:05 420864 ------w- c:\windows\system32\vbscript.dll 2013-12-18 17:31:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-18 17:31:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 18:38:06.39 ===============

Hi, thanks so much for the response! Hopefully this is what you meant... Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.03.14.07 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702THE Administrator :: DESKTOP [administrator] 3/14/2014 3:36:57 PMmbam-log-2014-03-14 (15-36-57).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 407071Time elapsed: 9 minute(s), 14 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)

I could barely access this forum for a few minutes and now I'm fine again. I had an issue with paypal and they said my account had been accessed all over the world and to change my password using my iphone. I'm on my desktop and it's the only pc I used to access my paypal. I've run Malwarebytes a few times now, it removed around 20 pups. I guess that's what you call them. Anyway now it says I'm clean but I'm still intermittently super sluggish... like it slows down so much it's unusable. I looked thru my task manager and the only thing I could come up with is pccmservice.exe. I guess it's a bug and hitched a ride on motive?? Our internet sucks and I was half joking that maybe somebody was jacking it so I tried to change the password but I can't. I type in the address and get nothing. Chrome and IE. We went to buy new AV software yesterday but which of them even works well?? We've got avast on here but I'm not sure it's doing much. I downloaded and ran the dds.scr but wasn't sure if I was supposed to post it here. I tried clicking on other threads to see if others are but they wouldn't load. They might now... *this* page finally loaded. Anyway I've got work I need to get done online and this has taken out two days so far. I'm so thankful that I found you guys. I have no idea what's safe to download online anymore and AV software feels like a crapshoot.