[RESOLVED] Can't install Security Update Office 2003 KB2597112 and KB2598253
Page 1 of 2 12 LastLast
Results 1 to 15 of 19

Thread: [RESOLVED] Can't install Security Update Office 2003 KB2597112 and KB2598253

  1. #1
    Join Date
    Jul 2012
    Posts
    12

    Resolved [RESOLVED] Can't install Security Update Office 2003 KB2597112 and KB2598253

    Any assistance you can provide will be greatly appreciated. I ran the four checks you suggested. The logs are attached.

    Thanks
    Attached Files Attached Files

  2. #2
    photolady's Avatar
    photolady is offline Lifetime Friend of Site Staff
    Join Date
    Mar 2002
    Location
    At my computer, cruising VDR and watching your back
    Posts
    23,412
    You need to post the logs, not attach them. No one is going to download from an infected computer.

    Please do NOT post any logs as an attachment. They will be - regrettably - IGNORED. Our members don't need long files downloaded to their computers; and if your computer IS infected, we SURE aren't going to download your files

  3. #3
    Join Date
    Jul 2012
    Posts
    12

    Logs

    Sorry about posting the logs as attachments. Here they are, but it will require two posts to get them all.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.07.06

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Administrator :: DELL4700 [administrator]

    7/7/2012 12:01:38 PM
    mbam-log-2012-07-07 (12-01-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 386856
    Time elapsed: 37 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\WINDOWS\ex23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.

    (end)

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-07 16:25:02
    -----------------------------
    16:25:02.171 OS Version: Windows 5.1.2600 Service Pack 3
    16:25:02.171 Number of processors: 1 586 0x304
    16:25:02.171 ComputerName: DELL4700 UserName:
    16:25:04.343 Initialize success
    16:25:06.937 AVAST engine defs: 12070700
    16:25:10.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6
    16:25:10.562 Disk 0 Vendor: ST340014AS 8.05 Size: 38146MB BusType: 3
    16:25:10.578 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e
    16:25:10.593 Disk 1 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476940MB BusType: 3
    16:25:10.703 Disk 0 MBR read successfully
    16:25:10.718 Disk 0 MBR scan
    16:25:11.406 Disk 0 unknown MBR code
    16:25:11.468 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
    16:25:12.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34506 MB offset 96390
    16:25:12.578 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 70766325
    16:25:12.875 Disk 0 scanning sectors +78108030
    16:25:13.531 Disk 0 scanning C:\WINDOWS\system32\drivers
    16:26:53.734 Service scanning
    16:27:32.765 Modules scanning
    16:29:07.500 Disk 0 trace - called modules:
    16:29:07.609 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    16:29:07.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f739c0]
    16:29:07.703 3 CLASSPNP.SYS[f86c4fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-6[0x82f83030]
    16:29:08.171 AVAST engine scan C:\WINDOWS
    16:31:14.625 AVAST engine scan C:\WINDOWS\system32
    16:44:23.218 AVAST engine scan C:\WINDOWS\system32\drivers
    16:45:47.515 AVAST engine scan C:\Documents and Settings\Administrator.DELL4700.002
    16:47:59.703 AVAST engine scan C:\Documents and Settings\All Users
    16:56:15.875 Scan finished successfully
    17:06:54.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.DELL4700.002\Desktop\MBR.dat"
    17:06:54.046 The log file has been saved successfully to "C:\Documents and Settings\Administrator.DELL4700.002\Desktop\aswMBR.txt"

    ---------------------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-07 16:23:55
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6 ST340014AS rev.8.05
    Running: 0qeshmsm.exe; Driver: C:\DOCUME~1\ADMINI~1.002\LOCALS~1\Temp\kwlyapod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\DOCUME~1\ADMINI~1.002\LOCALS~1\Temp\kwlyapob.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Office12\WINWORD.EXE[200] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 326050B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
    .text C:\Program Files\Office12\WINWORD.EXE[200] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 330CEAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\.inl\PersistentHandler@ {5e941d80-bf96-11cd-b579-08002b30bfeb}
    Reg HKLM\SOFTWARE\Classes\Software\Magic_Modules\Buddy_API\Modules@\32Ì 7407390

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Join Date
    Jul 2012
    Posts
    12

    Final two logs

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 17:08:06 on 2012-07-07
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.174 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall Plus *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://xfinity.comcast.net/
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\docume~1\melissa\desktop\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Knology Toolbar: {4bcf5499-6888-4165-b14e-69700e604e05} - c:\program files\knologytoolbar\knologytoolbarDx.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - No File
    BHO: {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No File
    BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
    {d824f0de-3d60-4f57-9eb1-66033ecd8abb}
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - No File
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\docume~1\melissa\desktop\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
    TB: !{99079a25-328f-4bd4-be04-00955acaa0a7} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [SpybotDeletingB1008] command.com /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\iqu.ini"
    uRunOnce: [SpybotDeletingD8633] cmd.exe /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\iqu.ini"
    uRunOnce: [SpybotDeletingB5654] command.com /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\updater.log"
    uRunOnce: [SpybotDeletingD5899] cmd.exe /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\updater.log"
    uRunOnce: [SpybotDeletingB2842] command.com /c del "c:\program files\free offers from freeze.com\control.txt"
    uRunOnce: [SpybotDeletingD7573] cmd.exe /c del "c:\program files\free offers from freeze.com\control.txt"
    uRunOnce: [SpybotDeletingB3782] command.com /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
    uRunOnce: [SpybotDeletingD1264] cmd.exe /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
    uRunOnce: [SpybotDeletingB5637] command.com /c del "c:\program files\w3i\installiqupdater\iqu.xsl"
    uRunOnce: [SpybotDeletingD599] cmd.exe /c del "c:\program files\w3i\installiqupdater\iqu.xsl"
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ePrint Util] c:\windows\system32\LPEML12N.EXE
    mRun: [zzz_ImInstaller_IncrediMail] "c:\documents and settings\hammonds family\local settings\temp\iminstaller\incredimail\incredimail_install.exe" -startup -product IncrediMail
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_30.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office12\REFIEBAR.DLL
    IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://help.bellsouth.net/sdccommon/download/tgctlcm.cab
    DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
    DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
    DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} - hxxps://secure.adrentech.com/PCConfigtool/PCConfigTool.CAB
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134}
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxps://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
    DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130936969687
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
    DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} - hxxp://hammondsfamily.myphotoalbum.com/ImageUploader4.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
    TCP: Interfaces\{41894A97-63D9-48DF-9B8B-F577421509D5} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-6 721000]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-6 353688]
    S1 MpKsl0e9500c7;MpKsl0e9500c7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{514ccf7d-70d8-492d-8a3e-2cbb64ae8388}\mpksl0e9500c7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{514ccf7d-70d8-492d-8a3e-2cbb64ae8388}\MpKsl0e9500c7.sys [?]
    S1 MpKsl0fe8f914;MpKsl0fe8f914;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe5fde39-574a-44cb-9030-25516f7279b6}\mpksl0fe8f914.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe5fde39-574a-44cb-9030-25516f7279b6}\MpKsl0fe8f914.sys [?]
    S1 MpKsl93168c6a;MpKsl93168c6a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e80c38b-493f-4e26-ad5d-b6e09d5f186f}\mpksl93168c6a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e80c38b-493f-4e26-ad5d-b6e09d5f186f}\MpKsl93168c6a.sys [?]
    S1 MpKsl970fe360;MpKsl970fe360;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4409cf86-5960-4b50-90a7-9b0f008c2374}\mpksl970fe360.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4409cf86-5960-4b50-90a7-9b0f008c2374}\MpKsl970fe360.sys [?]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-6 21256]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-6 44808]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-7 136176]
    S3 cpuz134;cpuz134;\??\c:\docume~1\hammon~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\hammon~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-7 136176]
    S3 Nccidx86;Nonccid DFU detach 32 bit Driver;c:\windows\system32\drivers\Nccidx86.sys [2011-2-16 6656]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
    S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [2011-2-17 7680]
    .
    =============== Created Last 30 ================
    .
    2012-07-07 17:53:35 -------- d-----w- c:\documents and settings\administrator.dell4700.002\application data\Office Genuine Advantage
    2012-07-07 17:49:09 54016 ----a-w- c:\windows\system32\drivers\feardq.sys
    2012-07-07 16:57:35 -------- d-----w- c:\documents and settings\administrator.dell4700.002\application data\Malwarebytes
    2012-07-07 16:57:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-07 16:57:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-07 16:41:05 -------- d-sh--w- c:\documents and settings\administrator.dell4700.002\PrivacIE
    2012-07-06 23:08:58 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-06 23:07:03 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-06 23:06:03 -------- d-----w- c:\program files\AVAST Software
    2012-07-06 23:06:03 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2012-07-05 18:29:00 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2012-07-05 18:29:00 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
    2012-07-01 20:17:53 -------- d-sh--w- c:\documents and settings\administrator.dell4700.002\IETldCache
    2012-06-12 23:56:52 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    .
    ==================== Find3M ====================
    .
    2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
    2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2005-04-12 18:33:26 3903888 -c--a-w- c:\program files\xlviewer.exe
    2004-12-01 05:07:09 2636408 -c--a-w- c:\program files\aawsepersonal.exe
    2004-11-28 19:44:26 1955528 ----a-w- c:\program files\ppviewer.exe
    .
    ============= FINISH: 17:10:42.65 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/23/2006 10:36:36 PM
    System Uptime: 7/7/2012 11:39:50 AM (6 hours ago)
    .
    Motherboard: Dell Inc. | | 0M3918
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 34 GiB total, 6.608 GiB free.
    E: is FIXED (NTFS) - 466 GiB total, 443.598 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP155: 7/5/2012 1:05:01 PM - Removed ASPCA TriMini Reminder by We-Care.com v5.0.5.1
    RP156: 7/6/2012 6:24:11 AM - Software Distribution Service 3.0
    RP157: 7/6/2012 12:08:16 PM - Revo Uninstaller's restore point - Dell Media Experience
    RP158: 7/6/2012 12:14:22 PM - Revo Uninstaller's restore point - InstallIQ Updater
    RP159: 7/6/2012 12:18:59 PM - Revo Uninstaller's restore point - Nikon Message Center
    RP160: 7/6/2012 12:24:02 PM - Revo Uninstaller's restore point - Nikon Transfer
    RP161: 7/6/2012 12:28:08 PM - Revo Uninstaller's restore point - Nikon Message Center
    RP162: 7/6/2012 12:42:22 PM - Revo Uninstaller's restore point - Polar Bowler from Dell Media Experience (remove only)
    RP163: 7/6/2012 3:24:54 PM - Revo Uninstaller's restore point - PC Tools Spyware Doctor with AntiVirus 9.0
    RP164: 7/6/2012 3:42:30 PM - Revo Uninstaller's restore point - Symantec AntiVirus
    RP165: 7/6/2012 3:56:19 PM - Removed Symantec AntiVirus
    RP166: 7/6/2012 4:08:51 PM - Removed Symantec AntiVirus
    RP167: 7/6/2012 4:57:46 PM - Removed Symantec AntiVirus
    RP168: 7/6/2012 6:06:03 PM - avast! Free Antivirus Setup
    RP169: 7/6/2012 6:32:37 PM - Software Distribution Service 3.0
    RP170: 7/7/2012 12:15:20 AM - Software Distribution Service 3.0
    RP171: 7/7/2012 6:00:42 AM - Software Distribution Service 3.0
    RP172: 7/7/2012 9:58:30 AM - Removed Symantec Technical Support Web Controls
    RP173: 7/7/2012 10:38:21 AM - Software Distribution Service 3.0
    RP174: 7/7/2012 11:05:58 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    Acrobat.com
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.3)
    Adobe® Photoshop® Album Starter Edition 3.2
    Apple Software Update
    avast! Free Antivirus
    Banctec Service Agreement
    BroadJump Client Foundation
    Brother MFL-Pro Suite
    CCScore
    Conexant D850 56K V.9x DFVc Modem
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    DellSupport
    Digital Line Detect
    Docudesk GPL Ghostscript 8.15
    eKEY
    eKEYCDi
    eNeighborhoods ()
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    getPlus(R)
    Google Toolbar for Internet Explorer
    Google Update Helper
    Handmark Solitaire for Palm OS
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    Java Auto Updater
    Java(TM) 6 Update 30
    Kodak EasyShare software
    LEADTOOLS ePrint
    Learn2 Player (Uninstall Only)
    LiveUpdate 2.6 (Symantec Corporation)
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mapopolis
    Microsoft .NET Compact Framework 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Converter Pack
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office FrontPage 2003
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Media Content
    Microsoft Picture It! Photo Premium 9
    Microsoft Plus! Digital Media Edition
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Streets and Trips 2004
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works 2004 Setup Launcher
    Modem Helper
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    netbrdg
    NetWaiting
    OfotoXMI
    OGA Notifier 2.0.0048.0
    Palm Desktop
    PaperPort
    PDF Download for Internet Explorer
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Revo Uninstaller 1.93
    Rhapsody Player Engine
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SHASTA
    Shockwave
    skin0001
    SKINXSDK
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    Spybot - Search & Destroy
    staticcr
    Tweak UI
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VistaPrint Electronic Business Card
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VPRINTOL
    WebFldrs XP
    Windows Desktop Search 3.01
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Safety Scanner
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Mobile eKEY
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WIRELESS
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/7/2012 12:56:55 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    7/7/2012 12:53:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    7/7/2012 11:41:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm SbcpHid
    7/6/2012 4:15:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    7/6/2012 4:13:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    7/6/2012 12:07:04 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    7/6/2012 11:09:12 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).
    7/6/2012 10:57:45 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    7/6/2012 10:37:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
    7/6/2012 10:37:50 AM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/6/2012 1:59:03 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 4 time(s).
    7/6/2012 1:45:08 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 3 time(s).
    7/5/2012 5:18:51 PM, error: Print [6161] - The document EXCLUSIVE%20AGENCY%20LISTING%20 owned by Melissa failed to print on printer Brother MFC-7420 USB Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 227052. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DELL4700. Win32 error code returned by the print processor: 8 (0x8).
    7/5/2012 5:16:52 PM, error: Print [6161] - The document EXCLUSIVE%20AGENCY%20LISTING%20 owned by Melissa failed to print on printer Brother MFC-7420 USB Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 226932. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DELL4700. Win32 error code returned by the print processor: 13 (0xd).
    7/5/2012 5:16:43 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: Error Message is unavailable .
    7/5/2012 5:16:43 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: Error Message is unavailable .
    7/5/2012 5:03:06 PM, error: DCOM [10001] - Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} as /. The error: "%1450" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
    7/5/2012 4:02:59 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    7/5/2012 11:08:40 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    7/5/2012 10:09:59 AM, error: PCTCore [280] -
    7/5/2012 1:54:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the sdCoreService service.
    7/1/2012 9:13:05 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    7/1/2012 8:17:01 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2003 (KB2598253).
    7/1/2012 8:17:01 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2003 (KB2597112).
    7/1/2012 7:33:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/1/2012 4:31:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SAVRT SAVRTPEL SbcpHid SYMTDI
    7/1/2012 4:21:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    7/1/2012 4:21:00 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/1/2012 4:14:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    7/1/2012 3:43:14 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    7/1/2012 12:13:09 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    7/1/2012 10:13:06 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    .
    ==== End Of File ===========================

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ============================================

    You're running two AV programs, Avast and McAfee.
    One of them has to go.
    If McAfee use this tool: http://majorgeeks.com/McAfee_Consume...ool_d5420.html

    Next....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

  6. #6
    Join Date
    Jul 2012
    Posts
    12

    Combo Fix

    Here is the text from the Combofix log:

    ComboFix 12-07-08.01 - Administrator 07/09/2012 2:27.1.1 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.301 [GMT -5:00]
    Running from: c:\documents and settings\Administrator.DELL4700.002\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\program files\Windows Searchqu Toolbar
    c:\program files\Windows Searchqu Toolbar\sysid.ini
    c:\program files\Windows Searchqu Toolbar\uninstall.exe
    c:\windows\Fonts\hatten.ttf
    c:\windows\Fonts\minies__.ttf
    c:\windows\Fonts\miniesb_.ttf
    c:\windows\Fonts\miniesbi.ttf
    c:\windows\Fonts\miniesi_.ttf
    c:\windows\Fonts\vcrscs__.ttf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MYWEBSEARCHSERVICE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-07 17:53 . 2012-07-07 17:53 -------- d-----w- c:\documents and settings\Administrator.DELL4700.002\Application Data\Office Genuine Advantage
    2012-07-07 16:57 . 2012-07-07 16:57 -------- d-----w- c:\documents and settings\Administrator.DELL4700.002\Application Data\Malwarebytes
    2012-07-07 16:41 . 2012-07-07 16:41 -------- d-sh--w- c:\documents and settings\Administrator.DELL4700.002\PrivacIE
    2012-07-06 23:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-06 23:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-06 23:09 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-07-06 23:09 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-06 23:08 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-06 23:08 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-07-06 23:08 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-07-06 23:08 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-07-06 23:07 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-06 23:07 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-07-06 23:06 . 2012-07-06 23:06 -------- d-----w- c:\program files\AVAST Software
    2012-07-06 23:06 . 2012-07-06 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2012-07-05 18:29 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
    2012-07-05 15:21 . 2012-07-05 15:21 -------- d-----w- c:\documents and settings\Hammonds Family\Local Settings\Application Data\PackageAware
    2012-07-05 14:43 . 2012-07-05 14:45 -------- d-----w- c:\documents and settings\Hammonds Family\Application Data\GetRightToGo
    2012-07-01 21:26 . 2012-07-01 21:26 -------- d-----w- c:\documents and settings\Hammonds Family\AppData
    2012-07-01 21:25 . 2012-07-01 21:25 -------- d-----w- c:\documents and settings\Hammonds Family\Application Data\searchquband
    2012-07-01 20:17 . 2012-07-01 20:17 -------- d-sh--w- c:\documents and settings\Administrator.DELL4700.002\IETldCache
    2012-06-12 23:56 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-02 20:19 . 2007-05-30 19:04 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2007-05-30 19:04 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2004-08-04 11:00 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2004-08-04 11:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2004-08-04 11:00 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 20:19 . 2007-05-30 19:04 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 20:19 . 2004-11-20 21:13 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2004-08-04 11:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2007-05-30 19:04 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2004-08-04 11:00 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2004-08-04 11:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2007-05-31 16:28 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2005-11-02 18:59 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18 . 2005-05-26 10:19 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:20 . 2004-08-04 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-11 14:42 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
    2012-05-04 13:16 . 2004-08-04 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2004-08-04 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2005-04-12 18:33 . 2005-04-12 18:32 3903888 -c--a-w- c:\program files\xlviewer.exe
    2004-12-01 05:07 . 2004-12-01 05:06 2636408 -c--a-w- c:\program files\aawsepersonal.exe
    2004-11-28 19:44 . 2004-11-28 19:44 1955528 ----a-w- c:\program files\ppviewer.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "ePrint Util"="c:\windows\system32\LPEML12N.EXE" [2002-03-04 24064]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-29 273544]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    c:\documents and settings\Hammonds Family\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [N/A]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nikon Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk
    backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Hammonds Family^Start Menu^Programs^Startup^ShowingSync.lnk]
    path=c:\documents and settings\Hammonds Family\Start Menu\Programs\Startup\ShowingSync.lnk
    backup=c:\windows\pss\ShowingSync.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2004-05-06 21:52 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2004-08-04 11:00 44032 -c--a-w- c:\windows\IME\IMKR6_1\imekrmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 11:00 208952 -c--a-w- c:\windows\IME\IMJP8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2004-04-14 21:04 40960 -c--a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    2003-12-06 04:08 50688 -c----w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    2003-06-18 18:00 200704 -c--a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    2004-08-04 12:00 59392 -c--a-w- c:\windows\SYSTEM32\IME\PINTLGNT\IMSCINST.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2004-04-14 20:46 57393 -c--a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2004-04-12 02:15 290816 -c----w- c:\program files\Dell\Media Experience\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-04 12:00 455168 -c--a-w- c:\windows\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-04 12:00 455168 -c--a-w- c:\windows\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-09-06 21:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    2004-11-11 23:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-10-14 16:22 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-12-22 05:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "c:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "c:\\Program Files\\Rhapsody\\rhapsody.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R1 MpKsl0e9500c7;MpKsl0e9500c7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{514CCF7D-70D8-492D-8A3E-2CBB64AE8388}\MpKsl0e9500c7.sys [x]
    R1 MpKsl0fe8f914;MpKsl0fe8f914;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE5FDE39-574A-44CB-9030-25516F7279B6}\MpKsl0fe8f914.sys [x]
    R1 MpKsl93168c6a;MpKsl93168c6a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E80C38B-493F-4E26-AD5D-B6E09D5F186F}\MpKsl93168c6a.sys [x]
    R1 MpKsl970fe360;MpKsl970fe360;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4409CF86-5960-4B50-90A7-9B0F008C2374}\MpKsl970fe360.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 cpuz134;cpuz134;c:\docume~1\HAMMON~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 Nccidx86;Nonccid DFU detach 32 bit Driver;c:\windows\system32\DRIVERS\Nccidx86.sys [x]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [x]
    R3 STCFUx32;STC DFU Driver;c:\windows\system32\DRIVERS\STCFUx32.SYS [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 10:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-09 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-06 16:21]
    .
    2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-07 23:49]
    .
    2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-07 23:49]
    .
    2012-07-09 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
    .
    2012-07-08 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
    .
    2012-07-08 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
    .
    2012-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1418733393-804626555-1626887045-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    2012-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1418733393-804626555-1626887045-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    2012-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1418733393-804626555-1626887045-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    2012-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1418733393-804626555-1626887045-1010.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    2012-07-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1418733393-804626555-1626887045-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    2012-07-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1418733393-804626555-1626887045-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    2012-07-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1418733393-804626555-1626887045-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    2012-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1418733393-804626555-1626887045-1010.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh02052012
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = http=localhost:8080
    uSearchAssistant = hxxp://ie.search.msn.com
    IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Refresh Pa&ge with Full Quality - c:\program files\BellSouth Accelerator Technology\pac-page.html
    IE: Refresh Pi&cture with Full Quality - c:\program files\BellSouth Accelerator Technology\pac-image.html
    Trusted Zone: taxactonline.com\www
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
    DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
    DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} - hxxps://secure.adrentech.com/PCConfigtool/PCConfigTool.CAB
    DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
    DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} - hxxp://hammondsfamily.myphotoalbum.com/ImageUploader4.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\docume~1\Melissa\Desktop\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
    BHO-{4BCF5499-6888-4165-B14E-69700E604E05} - c:\program files\knologytoolbar\knologytoolbarDx.dll
    BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - (no file)
    Toolbar-10 - (no file)
    Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\docume~1\Melissa\Desktop\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKLM-Run-zzz_ImInstaller_IncrediMail - c:\documents and settings\Hammonds Family\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
    Notify-ackpbsc - (no file)
    Notify-acunlock - (no file)
    Notify-NavLogon - (no file)
    SafeBoot-WebrootSpySweeperService
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-Dell Photo AIO Printer 922 - c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    MSConfigStartUp-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
    MSConfigStartUp-DW4 - c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    AddRemove-GPL Ghostscript_is1 - c:\program files\Docudesk\GPL Ghostscript\unins000.exe
    AddRemove-Mapopolis - e:\mapopolis\uninstall.exe
    AddRemove-Shockwave - c:\windows\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-09 05:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(676)
    c:\windows\system32\igfxsrvc.dll
    c:\windows\system32\hccutils.DLL
    .
    - - - - - - - > 'Explorer.EXE'(2660)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\ssbezier.scr
    .
    **************************************************************************
    .
    Completion time: 2012-07-09 06:11:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-09 11:11
    .
    Pre-Run: 6,734,766,080 bytes free
    Post-Run: 7,321,595,904 bytes free
    .
    - - End Of File - - 444E9E0AF7CCC6CD553256F6C24DCAC9

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Looks good.

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe


    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

  8. #8
    Join Date
    Jul 2012
    Posts
    12

    OTL Scan

    The OTL scan kept locking up when I ran it in regular mode, so I finally ran it and safe mode and it worked. Here is the first log:

    OTL logfile created on: 7/10/2012 6:25:52 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Administrator.DELL4700.002\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.07 Mb Total Physical Memory | 318.01 Mb Available Physical Memory | 63.34% Memory free
    1.04 Gb Paging File | 0.96 Gb Available in Paging File | 92.11% Paging File free
    Paging file location(s): C:\pagefile.sys 595 795 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.70 Gb Total Space | 7.45 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 443.60 Gb Free Space | 95.24% Space Free | Partition Type: NTFS

    Computer Name: DELL4700 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/10 06:24:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.DELL4700.002\Desktop\OTL.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2004/08/04 07:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\SYSTEM32\tsd32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - File not found [Kernel | Boot | Stopped] -- SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4409CF86-5960-4B50-90A7-9B0F008C2374}\MpKsl970fe360.sys -- (MpKsl970fe360)
    DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E80C38B-493F-4E26-AD5D-B6E09D5F186F}\MpKsl93168c6a.sys -- (MpKsl93168c6a)
    DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE5FDE39-574A-44CB-9030-25516F7279B6}\MpKsl0fe8f914.sys -- (MpKsl0fe8f914)
    DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{514CCF7D-70D8-492D-8A3E-2CBB64AE8388}\MpKsl0e9500c7.sys -- (MpKsl0e9500c7)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HAMMON~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
    DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/02/14 16:52:48 | 000,006,656 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Nccidx86.sys -- (Nccidx86)
    DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP)
    DRV - [2007/11/08 00:13:26 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
    DRV - [2007/01/24 04:01:00 | 000,007,680 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\STCFUx32.sys -- (STCFUx32)
    DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbccid.sys -- (USBCCID)
    DRV - [2004/11/15 14:14:07 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/03/07 19:46:30 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2001/08/23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys -- (SbcpHid)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=128&systemid=410&sr=0&q={searchTerms}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage

    IE - HKU\S-1-5-21-1418733393-804626555-1626887045-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
    IE - HKU\S-1-5-21-1418733393-804626555-1626887045-500\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
    IE - HKU\S-1-5-21-1418733393-804626555-1626887045-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1418733393-804626555-1626887045-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/29 10:55:33 | 000,000,000 | ---D | M]

    [2008/07/12 16:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008/05/31 21:22:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

    O1 HOSTS File: ([2012/07/09 05:44:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.
    O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
    O2 - BHO: (no name) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ePrint Util] C:\WINDOWS\SYSTEM32\LPEML12n.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKU\S-1-5-21-1418733393-804626555-1626887045-500..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup File not found
    O4 - HKU\S-1-5-21-1418733393-804626555-1626887045-500..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2008/03/15 21:32:45 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    O4 - Startup: C:\Documents and Settings\Melissa\Start Menu\Programs\Startup\FAXRX.lnk = C:\Program Files\Brother\Brmfl04g\FAXRX.exe (Brother)
    O4 - Startup: C:\Documents and Settings\Melissa\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1418733393-804626555-1626887045-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1418733393-804626555-1626887045-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1418733393-804626555-1626887045-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1418733393-804626555-1626887045-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://help.bellsouth.net/sdccommon/...ad/tgctlcm.cab (Support.com Configuration Class)
    O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} https://password.bellsouth.net/sdcco...ad/tgctlsr.cab (SupportSoft Script Runner Class)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/SSC/Sha...in/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft PID Sniffer)
    O16 - DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} https://secure.adrentech.com/PCConfi...ConfigTool.CAB (PCConfigTool.ATMailConfig)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.5.cab (DLM Control)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} https://www.linkedin.com/cab/LinkedI...derControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.ca.com/us/securityadvisor...n/pestscan.cab (PSFormX Control)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_rela...eUploader5.cab (Reg Error: Key error.)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.live.com/resource...scbase5059.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1130936969687 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor...fo/webscan.cab (WScanCtl Class)
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} http://download.zonelabs.com/bin/pro...anner37680.cab (ICSScanner Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/downlo...4/igdtoolx.cab (IGDTester Class)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} http://hammondsfamily.myphotoalbum.c...eUploader4.cab (MyPhotoAlbum Easy Upload Tool Combo Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41894A97-63D9-48DF-9B8B-F577421509D5}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
    O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
    O32 - AutoRun File - [2006/02/22 00:53:42 | 000,000,017 | ---- | M] () - C:\AUTOEXEC.002 -- [ NTFS ]
    O32 - AutoRun File - [2006/02/22 00:53:55 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/10 06:24:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.DELL4700.002\Desktop\OTL.exe
    [2012/07/10 06:22:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/07/09 02:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/07/08 20:18:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/07/08 19:58:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/07/08 19:58:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/07/08 19:58:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/07/08 19:58:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/07/08 19:55:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/08 19:54:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/07/07 17:08:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.DELL4700.002\Start Menu\Programs\Administrative Tools
    [2012/07/07 12:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.DELL4700.002\Application Data\Office Genuine Advantage
    [2012/07/07 11:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.DELL4700.002\Application Data\Malwarebytes
    [2012/07/07 11:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.DELL4700.002\Application Data\Macromedia
    [2012/07/07 11:41:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.DELL4700.002\PrivacIE
    [2012/07/06 18:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2012/07/06 18:09:10 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/07/06 18:09:09 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/07/06 18:09:01 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/07/06 18:09:00 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/07/06 18:08:58 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/07/06 18:08:55 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/07/06 18:08:55 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/07/06 18:08:53 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/07/06 18:07:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/07/06 18:07:00 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/07/06 18:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/06 18:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/07/01 19:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.DELL4700.002\Application Data\Adobe
    [2012/07/01 15:17:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.DELL4700.002\IETldCache
    [2012/07/01 15:16:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2005/04/12 13:32:14 | 003,903,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\xlviewer.exe
    [2004/11/28 14:44:26 | 001,955,528 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppviewer.exe
    [42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/10 06:24:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.DELL4700.002\Desktop\OTL.exe
    [2012/07/10 06:22:30 | 000,013,726 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2012/07/10 06:22:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2012/07/10 06:16:59 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/07/10 06:16:43 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/10 06:16:43 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2012/07/10 06:16:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1418733393-804626555-1626887045-1007.job
    [2012/07/10 06:16:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1418733393-804626555-1626887045-1009.job
    [2012/07/10 06:16:24 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1418733393-804626555-1626887045-1010.job
    [2012/07/10 06:08:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/10 00:33:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
    [2012/07/09 20:51:16 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1418733393-804626555-1626887045-1006.job
    [2012/07/09 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
    [2012/07/09 12:55:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1418733393-804626555-1626887045-1009.job
    [2012/07/09 05:44:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
    [2012/07/08 20:18:23 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/07/08 15:46:36 | 000,000,189 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
    [2012/07/08 15:46:32 | 000,000,032 | ---- | M] () -- C:\WINDOWS\BrmfXCh1.ini
    [2012/07/07 17:25:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/07/06 18:09:11 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/07/06 18:08:56 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/07/05 15:39:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1418733393-804626555-1626887045-1007.job
    [2012/07/05 09:52:09 | 000,741,674 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/07/05 09:31:53 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
    [2012/07/03 15:27:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1418733393-804626555-1626887045-1010.job
    [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/07/03 11:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/07/03 09:49:18 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
    [2012/07/01 16:00:21 | 000,006,565 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2012/06/26 16:20:05 | 015,232,000 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
    [2012/06/26 16:20:05 | 008,026,112 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
    [2012/06/13 07:50:06 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/06/13 07:10:34 | 000,466,890 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2012/06/13 07:10:34 | 000,080,106 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2012/06/13 06:50:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/08 20:18:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/07/08 20:18:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/07/08 19:58:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/07/08 19:58:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/07/08 19:58:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/07/08 19:58:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/07/08 19:58:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/07/06 18:09:11 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/07/06 18:08:57 | 000,000,334 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/07/05 09:51:23 | 000,741,674 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/07/05 09:29:39 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
    [2012/02/15 22:19:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/03/15 19:37:24 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
    [2008/12/04 01:43:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2008/08/14 23:07:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sounds
    [2008/08/14 23:07:54 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2007/03/21 15:51:34 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/01/29 23:16:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\wklnhst.dat
    [2005/04/05 09:01:44 | 000,952,348 | ---- | C] () -- C:\Program Files\sitepb20.zip
    [2005/02/02 12:05:07 | 000,040,549 | ---- | C] () -- C:\Program Files\FreePeers.ini
    [2004/12/01 00:06:12 | 002,636,408 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
    [2004/11/30 23:45:03 | 000,000,022 | ---- | C] () -- C:\Program Files\adaware.zip

    ========== LOP Check ==========

    [2011/08/03 16:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
    [2012/07/06 18:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/07/28 16:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
    [2011/02/12 00:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
    [2009/02/21 12:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
    [2012/05/17 15:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E147
    [2008/04/09 03:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ejspclab
    [2008/08/14 23:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2009/04/13 11:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2008/07/25 23:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2008/07/25 23:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2011/10/27 00:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
    [2011/04/20 21:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
    [2007/10/25 17:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2008/08/14 23:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2011/02/24 11:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2009/02/19 11:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2009/04/14 11:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2008/12/03 22:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2008/08/14 23:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sci-Fi
    [2008/08/14 23:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2007/02/18 02:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/06/10 13:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
    [2012/07/05 13:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
    [2006/05/20 12:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinSoftware
    [2012/01/07 23:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    [2009/04/16 10:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coral\Application Data\HotSync
    [2009/04/24 11:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coral\Application Data\Leadertech
    [2009/04/25 12:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coral\Application Data\LimeWire
    [2008/08/18 18:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Coral\Application Data\Skinux
    [2011/04/21 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
    [2011/12/09 13:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Bandoo
    [2011/12/13 02:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/04/14 11:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\deskPDF
    [2011/11/23 19:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Downloaded Installations
    [2009/02/19 11:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\DriverCure
    [2011/06/08 16:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\ElevatedDiagnostics
    [2012/05/17 15:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\FreeAudioPack
    [2009/04/13 11:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\HotSync
    [2011/02/15 16:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\InterTrust
    [2011/12/20 22:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\knologytoolbar
    [2011/12/20 22:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\knologytoolbartb
    [2009/02/06 01:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Leadertech
    [2009/02/07 01:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\LimeWire
    [2009/03/02 12:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Nikon
    [2012/01/07 16:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Nitro PDF
    [2011/12/17 16:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\PerformerSoft
    [2011/12/29 20:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Product_RM
    [2009/06/02 09:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\ScanSoft
    [2011/12/09 14:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\searchquband
    [2012/05/17 15:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\searchqutoolbar
    [2008/06/20 11:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Skinux
    [2011/04/21 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Softland
    [2011/10/27 00:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\SpinTop
    [2008/08/27 00:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Template
    [2012/01/07 23:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Uniblue
    [2008/11/04 09:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\Viewpoint
    [2011/12/09 11:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa\Application Data\wincoreimband
    [2009/12/15 07:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Dealio
    [2009/05/18 01:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\HotSync
    [2009/05/31 14:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Skinux
    [2012/07/10 06:16:59 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
    [2012/07/10 06:16:43 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
    [2012/07/09 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
    [2012/07/10 00:33:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

    ========== Purity Check ==========



    < End of report >

  9. #9
    Join Date
    Jul 2012
    Posts
    12

    Second OTL Log

    OTL Extras logfile created on: 7/10/2012 6:25:52 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Administrator.DELL4700.002\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.07 Mb Total Physical Memory | 318.01 Mb Available Physical Memory | 63.34% Memory free
    1.04 Gb Paging File | 0.96 Gb Available in Paging File | 92.11% Paging File free
    Paging file location(s): C:\pagefile.sys 595 795 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.70 Gb Total Space | 7.45 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 443.60 Gb Free Space | 95.24% Space Free | Partition Type: NTFS

    Computer Name: DELL4700 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\Melissa\Desktop\iMesh Applications\iMesh\iMesh.exe" = C:\Documents and Settings\Melissa\Desktop\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
    "C:\Program Files\Office12\OUTLOOK.EXE" = C:\Program Files\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*isabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (Palm, Inc.)
    "C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{253FCC55-E03D-40D4-A407-3470BE4101C0}" = VistaPrint Electronic Business Card
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 30
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72765AF7-BEA5-4C62-9EC9-A9E386305D04}" = Palm Desktop
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
    "{A79CD393-5372-40A9-BED6-C9F225BC814C}" = eNeighborhoods ()
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B43A3C5D-7F74-4493-840E-D7B74520BC19}" = PDF Download for Internet Explorer
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B529FC37-5CF2-4026-ABC9-492F133B623A}" = eNeighborhoods ()
    "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C574E3DB-7467-4F0F-A480-2262FDA54352}" = eKEYCDi
    "{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R)
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}" = Windows Desktop Search 3.01
    "{F1E906E7-1120-428D-A124-4938C306427E}" = Palm Desktop
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE6F7400-F76D-11D4-BCEC-0050BA88D9DA}" = LEADTOOLS ePrint
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
    "avast" = avast! Free Antivirus
    "BroadJump Client Foundation" = BroadJump Client Foundation
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Handmark Solitaire for Palm OS" = Handmark Solitaire for Palm OS
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{C574E3DB-7467-4F0F-A480-2262FDA54352}" = eKEY
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PictureIt_v9" = Microsoft Picture It! Photo Premium 9
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "RealPlayer 12.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.93
    "STANDARDR" = Microsoft Office Standard 2007
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "The Weather Channel Desktop" =
    "Tweak UI 2.10" = Tweak UI
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "Windows Live Safety Scanner" = Windows Live Safety Scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows Mobile eKEY" = Windows Mobile eKEY
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works2004Setup" = Microsoft Works 2004 Setup Launcher
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/1/2012 3:31:28 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 7/5/2012 10:38:10 AM | Computer Name = DELL4700 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/5/2012 10:38:10 AM | Computer Name = DELL4700 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/5/2012 11:04:57 AM | Computer Name = DELL4700 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/5/2012 11:04:57 AM | Computer Name = DELL4700 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/6/2012 4:51:42 PM | Computer Name = DELL4700 | Source = MsiInstaller | ID = 11921
    Description = Product: Symantec AntiVirus -- Error 1921.Service Symantec AntiVirus
    (Symantec AntiVirus) could not be stopped. Verify that you have sufficient privileges
    to stop system services.

    Error - 7/6/2012 4:55:47 PM | Computer Name = DELL4700 | Source = MsiInstaller | ID = 11921
    Description = Product: Symantec AntiVirus -- Error 1921.Service Symantec AntiVirus
    (Symantec AntiVirus) could not be stopped. Verify that you have sufficient privileges
    to stop system services.

    Error - 7/6/2012 4:55:53 PM | Computer Name = DELL4700 | Source = MsiInstaller | ID = 11921
    Description = Product: Symantec AntiVirus -- Error 1921.Service Symantec AntiVirus
    (Symantec AntiVirus) could not be stopped. Verify that you have sufficient privileges
    to stop system services.

    Error - 7/6/2012 5:04:19 PM | Computer Name = DELL4700 | Source = MsiInstaller | ID = 11921
    Description = Product: Symantec AntiVirus -- Error 1921.Service Symantec AntiVirus
    (Symantec AntiVirus) could not be stopped. Verify that you have sufficient privileges
    to stop system services.

    Error - 7/6/2012 5:08:30 PM | Computer Name = DELL4700 | Source = MsiInstaller | ID = 11921
    Description = Product: Symantec AntiVirus -- Error 1921.Service Symantec AntiVirus
    (Symantec AntiVirus) could not be stopped. Verify that you have sufficient privileges
    to stop system services.

    [ ODiag Events ]
    Error - 9/18/2007 7:32:04 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Diagnostics | ID = 320
    Description = An unexpected error occurred. Tag: 2kek. Error code: 80040154

    Error - 9/18/2007 7:43:34 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Diagnostics | ID = 320
    Description = An unexpected error occurred. Tag: 2kek. Error code: 80040154

    Error - 3/29/2008 11:57:36 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Diagnostics | ID = 320
    Description = An unexpected error occurred. Tag: 2kek. Error code: 80040154

    Error - 3/29/2008 11:57:36 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Diagnostics | ID = 320
    Description = An unexpected error occurred. Tag: 2kek. Error code: 80040154

    Error - 3/30/2008 12:19:31 AM | Computer Name = DELL4700 | Source = Microsoft Office 12 Diagnostics | ID = 320
    Description = An unexpected error occurred. Tag: 2kek. Error code: 80040154

    [ OSession Events ]
    Error - 8/20/2009 12:50:03 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2492
    seconds with 1200 seconds of active time. This session ended with a crash.

    Error - 12/9/2009 11:47:50 AM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38236
    seconds with 1560 seconds of active time. This session ended with a crash.

    Error - 2/11/2010 2:04:53 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9648
    seconds with 1140 seconds of active time. This session ended with a crash.

    Error - 11/8/2010 3:50:19 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 154555
    seconds with 9960 seconds of active time. This session ended with a crash.

    Error - 11/19/2010 1:35:29 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 520906
    seconds with 30540 seconds of active time. This session ended with a crash.

    Error - 11/19/2010 11:27:58 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35487
    seconds with 1980 seconds of active time. This session ended with a crash.

    Error - 2/2/2011 12:49:18 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3181
    seconds with 1800 seconds of active time. This session ended with a crash.

    Error - 12/6/2011 12:09:52 AM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3875
    seconds with 2460 seconds of active time. This session ended with a crash.

    Error - 1/2/2012 8:36:34 AM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290777
    seconds with 26880 seconds of active time. This session ended with a crash.

    Error - 2/17/2012 7:02:00 PM | Computer Name = DELL4700 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 82395
    seconds with 3360 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/9/2012 6:41:26 AM | Computer Name = DELL4700 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070663: Security Update for Microsoft Office 2003 (KB2597112).

    Error - 7/9/2012 6:41:28 AM | Computer Name = DELL4700 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070663: Security Update for Microsoft Office 2003 (KB2598253).

    Error - 7/9/2012 8:38:26 PM | Computer Name = DELL4700 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070663: Security Update for Microsoft Office 2003 (KB2597112).

    Error - 7/9/2012 8:38:32 PM | Computer Name = DELL4700 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070663: Security Update for Microsoft Office 2003 (KB2598253).

    Error - 7/9/2012 10:10:55 PM | Computer Name = DELL4700 | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000243'
    while processing the file 'OTL.exe_{e .. 11153a0b2}' on the volume 'HarddiskVolume2'.
    It has stopped monitoring the volume.

    Error - 7/9/2012 10:21:16 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7034
    Description = The Application Layer Gateway Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 7/10/2012 7:01:01 AM | Computer Name = DELL4700 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070663: Security Update for Microsoft Office 2003 (KB2597112).

    Error - 7/10/2012 7:01:01 AM | Computer Name = DELL4700 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070663: Security Update for Microsoft Office 2003 (KB2598253).

    Error - 7/10/2012 7:22:43 AM | Computer Name = DELL4700 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 7/10/2012 7:23:50 AM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 aswSnx aswSP aswTdi Fips intelppm SbcpHid


    < End of report >

  10. #10
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
      DRV - File not found [Kernel | Boot | Stopped] -- SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509)
      DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4409CF86-5960-4B50-90A7-9B0F008C2374}\MpKsl970fe360.sys -- (MpKsl970fe360)
      DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E80C38B-493F-4E26-AD5D-B6E09D5F186F}\MpKsl93168c6a.sys -- (MpKsl93168c6a)
      DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE5FDE39-574A-44CB-9030-25516F7279B6}\MpKsl0fe8f914.sys -- (MpKsl0fe8f914)
      DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{514CCF7D-70D8-492D-8A3E-2CBB64AE8388}\MpKsl0e9500c7.sys -- (MpKsl0e9500c7)
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.
      O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
      O2 - BHO: (no name) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O4 - HKU\S-1-5-21-1418733393-804626555-1626887045-500..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup File not found
      O4 - HKU\S-1-5-21-1418733393-804626555-1626887045-500..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
      O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
      O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_rela...eUploader5.cab (Reg Error: Key error.)
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.



    =======================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.



    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:

      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.




    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.




    4. Please run a free online scan with the ESET Online Scanner


    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.

  11. #11
    Join Date
    Jul 2012
    Posts
    12

    OTL Run Fix Log

    All processes killed
    ========== OTL ==========
    Service iPod Service stopped successfully!
    Service iPod Service deleted successfully!
    File C:\Program Files\iPod\bin\iPodService.exe not found.
    Service DSBrokerService stopped successfully!
    Service DSBrokerService deleted successfully!
    File C:\Program Files\DellSupport\brkrsvc.exe not found.
    Service ACDaemon stopped successfully!
    Service ACDaemon deleted successfully!
    File C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe not found.
    Service SymEvent stopped successfully!
    Service SymEvent deleted successfully!
    File C:\Program Files\Symantec\SYMEVENT.SYS not found.
    Service SSFS0509 stopped successfully!
    Service SSFS0509 deleted successfully!
    File SYSTEM32\Drivers\SSFS0509.SYS not found.
    Service MpKsl970fe360 stopped successfully!
    Service MpKsl970fe360 deleted successfully!
    File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4409CF86-5960-4B50-90A7-9B0F008C2374}\MpKsl970fe360.sys not found.
    Service MpKsl93168c6a stopped successfully!
    Service MpKsl93168c6a deleted successfully!
    File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E80C38B-493F-4E26-AD5D-B6E09D5F186F}\MpKsl93168c6a.sys not found.
    Service MpKsl0fe8f914 stopped successfully!
    Service MpKsl0fe8f914 deleted successfully!
    File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE5FDE39-574A-44CB-9030-25516F7279B6}\MpKsl0fe8f914.sys not found.
    Service MpKsl0e9500c7 stopped successfully!
    Service MpKsl0e9500c7 deleted successfully!
    File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{514CCF7D-70D8-492D-8A3E-2CBB64AE8388}\MpKsl0e9500c7.sys not found.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1418733393-804626555-1626887045-500\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupport deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1418733393-804626555-1626887045-500\Software\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AD9E6088-E00B-42f9-9F0C-8480525D234E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD9E6088-E00B-42f9-9F0C-8480525D234E}\ not found.
    Starting removal of ActiveX control {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\ not found.
    Starting removal of ActiveX control {48DD0448-9209-4F81-9F6D-D83562940134}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{48DD0448-9209-4F81-9F6D-D83562940134}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{48DD0448-9209-4F81-9F6D-D83562940134}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found.
    Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Starting removal of ActiveX control {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
    C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
    C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.DELL4700
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.DELL4700.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.DELL4700.001
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.DELL4700.002
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 13877696 bytes
    ->Flash cache emptied: 611 bytes

    User: All Users

    User: Coral
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 217130675 bytes
    ->Java cache emptied: 253114 bytes
    ->Flash cache emptied: 44299 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Hammonds Family

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 893162 bytes
    ->Flash cache emptied: 405 bytes

    User: Melissa
    ->Temp folder emptied: 2218 bytes
    ->Temporary Internet Files folder emptied: 436290189 bytes
    ->Java cache emptied: 11522652 bytes
    ->Google Chrome cache emptied: 26124891 bytes
    ->Flash cache emptied: 391831 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 112094 bytes
    ->Flash cache emptied: 405 bytes

    User: Owner

    User: Will
    ->Temp folder emptied: 2187865 bytes
    ->Temporary Internet Files folder emptied: 246307336 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 13533 bytes

    %systemdrive% .tmp files removed: 583 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 15805952 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 66019 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 926.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: Administrator.DELL4700

    User: Administrator.DELL4700.000

    User: Administrator.DELL4700.001

    User: Administrator.DELL4700.002

    User: All Users

    User: Coral
    ->Java cache emptied: 0 bytes

    User: Default User

    User: Hammonds Family

    User: LocalService

    User: Melissa
    ->Java cache emptied: 0 bytes

    User: NetworkService

    User: Owner

    User: Will
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.DELL4700

    User: Administrator.DELL4700.000

    User: Administrator.DELL4700.001

    User: Administrator.DELL4700.002
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Coral
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Hammonds Family

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: Melissa
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: Will
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07102012_201640

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  12. #12
    Join Date
    Jul 2012
    Posts
    12

    Security Check Log

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    Java(TM) 6 Update 30
    Out of date Java installed!
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````

  13. #13
    Join Date
    Jul 2012
    Posts
    12

    FSS Log

    Farbar Service Scanner Version: 08-07-2012
    Ran by Administrator (administrator) on 10-07-2012 at 20:42:17
    Running from "C:\Documents and Settings\Administrator.DELL4700.002\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Network
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
    The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0A00000004000000010000000200000003000000080000000A00000009000000060000000700000005000000
    IpSec Tag value is correct.

    **** End of log ****

  14. #14
    Join Date
    Jul 2012
    Posts
    12

    ESET Log

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WiIQfraud17.zip Win32/Bagle.gen.zip worm
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WiIQfraud27.zip Win32/Bagle.gen.zip worm

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.

    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.



    ==========================================

    We have several Windows services not running.

    Download Windows Repair (all in one) from this site

    Install the program then run

    Go to step 2 and allow it to run Disc check





    Once that is done then go to step 3 and allow it to run SFC




    On the the Start Repairs tab click Start button.




    Please ensure that items seen in the image below are ticked as indicated:



    Click on box next to the Restart System when Finished. Then click on Start

    Post new FSS log.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •