Jess72

All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\ not found. File J:\TL_Bootstrap.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e615d589-7e9f-11df-a86c-001a9248ae3d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e615d589-7e9f-11df-a86c-001a9248ae3d}\ not found. File K:\InstallTomTomHOME.exe not found. ADS C:\ProgramData\TEMP:C22674B6 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Ed Downey\Desktop\cmd.bat deleted successfully. C:\Users\Ed Downey\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Ed Downey ->Temp folder emptied: 25750454 bytes ->Temporary Internet Files folder emptied: 49372046 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 42777815 bytes ->Flash cache emptied: 470 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 112.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 01042012_233322 Files\Folders moved on Reboot... Registry entries deleted on Reboot... I took your advice and changed AV, updated Java and removed Ad-aware and spybot.. I will see how things go for a day or two and reply with any issues.. Thank you for all the help!

OTL logfile created on: 1/2/2012 10:10:28 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ed Downey\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 56.93% Memory free 3.99 Gb Paging File | 3.00 Gb Available in Paging File | 75.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 291.83 Gb Total Space | 212.20 Gb Free Space | 72.71% Space Free | Partition Type: NTFS Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.06% Space Free | Partition Type: NTFS Computer Name: DOWNEY-PC | User Name: Ed Downey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ed Downey\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\dlcxcoms.exe ( ) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120102.018\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120102.018\NAVENG.SYS (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (EN1046) -- C:\Windows\System32\drivers\EN1046.sys (F=ma Network) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://muscatinejournal.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.startup.homepage: "http://www.cnn.com" FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6031.2010.0122.2102 FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:7000.2010.1020.1412 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4 FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ed Downey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/10/08 08:03:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_4_3 [2012/01/02 13:47:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/07 22:31:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/16 17:53:54 | 000,000,000 | ---D | M] [2010/07/06 19:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed Downey\AppData\Roaming\Mozilla\Extensions [2010/07/06 19:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed Downey\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2011/12/31 12:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed Downey\AppData\Roaming\Mozilla\Firefox\Profiles\0drkc7vu.default\extensions [2011/04/29 08:23:24 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\Ed Downey\AppData\Roaming\Mozilla\Firefox\Profiles\0drkc7vu.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2011/12/07 22:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/01/02 13:47:26 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_4_3 [2011/10/08 08:03:50 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN () (No name found) -- C:\USERS\ED DOWNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DRKC7VU.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI () (No name found) -- C:\USERS\ED DOWNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DRKC7VU.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2010/01/23 03:01:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/12/07 22:31:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/09/30 12:47:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/07 22:31:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/06/15 09:29:20 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL () O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} C:\Users\EDDOWN~1\AppData\Local\Temp\f5tmp\cachecleaner.cab (F5 Networks CacheCleaner) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\EDDOWN~1\AppData\Local\Temp\f5tmp\InstallerControl.cab (F5 Networks Auto Update) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.207.0.3 66.207.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6500A081-25B8-49A2-9865-73A9D7E5FDC3}: DhcpNameServer = 66.207.0.3 66.207.0.2 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ed Downey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Ed Downey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/19 13:13:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\Shell - "" = AutoRun O33 - MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe O33 - MountPoints2\{e615d589-7e9f-11df-a86c-001a9248ae3d}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/02 22:07:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ed Downey\Desktop\OTL.exe [2012/01/02 13:43:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Ed Downey\Desktop\TFC.exe [2012/01/01 12:23:01 | 000,000,000 | ---D | C] -- C:\Users\Ed Downey\Desktop\Ed's payroll [2011/12/16 19:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG [2011/12/16 19:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX [2011/12/16 19:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [2006/11/03 17:07:06 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe [2006/11/03 17:07:04 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe [2006/11/03 17:07:02 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe [2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll [2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll [2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll [2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll [2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll [2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll [2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll [2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll [2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll [2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll [2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/02 22:09:45 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{995C6DC9-287E-4A56-8C13-4B91434ACEC2}.job [2012/01/02 21:47:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/02 21:47:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/02 17:29:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job [2012/01/02 13:52:23 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/01/02 13:52:23 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/01/02 13:47:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/02 13:46:57 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys [2011/12/31 13:07:04 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/31 11:30:15 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011/12/31 11:30:15 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011/12/31 11:07:25 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011/12/31 11:07:22 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2011/12/24 10:39:28 | 000,022,446 | ---- | M] () -- C:\Users\Ed Downey\Documents\cc_20111224_103832.reg [2011/12/23 21:48:50 | 000,000,223 | ---- | M] () -- C:\Users\Ed Downey\Desktop\xbox gamertag.rtf [2011/12/21 12:05:35 | 000,398,516 | ---- | M] () -- C:\Users\Ed Downey\Documents\Downey (1).pdf [2011/12/19 13:21:12 | 000,007,040 | ---- | M] () -- C:\Users\Ed Downey\Documents\Your refinance.eml [2011/12/16 19:18:38 | 000,000,065 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini [2011/12/15 12:25:30 | 000,001,326 | ---- | M] () -- C:\Users\Ed Downey\Documents\auto loan quote bofa.rtf [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/12/07 10:49:15 | 000,000,456 | ---- | M] () -- C:\Users\Ed Downey\Documents\uptown.rtf [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/31 13:07:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/31 11:07:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/12/31 11:07:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/12/24 10:38:38 | 000,022,446 | ---- | C] () -- C:\Users\Ed Downey\Documents\cc_20111224_103832.reg [2011/12/21 12:05:38 | 000,398,516 | ---- | C] () -- C:\Users\Ed Downey\Documents\Downey (1).pdf [2011/12/19 13:21:10 | 000,007,040 | ---- | C] () -- C:\Users\Ed Downey\Documents\Your refinance.eml [2011/12/16 19:18:36 | 000,000,065 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011/12/14 23:48:43 | 000,001,326 | ---- | C] () -- C:\Users\Ed Downey\Documents\auto loan quote bofa.rtf [2011/12/11 19:34:21 | 000,000,223 | ---- | C] () -- C:\Users\Ed Downey\Desktop\xbox gamertag.rtf [2011/12/07 10:49:15 | 000,000,456 | ---- | C] () -- C:\Users\Ed Downey\Documents\uptown.rtf [2011/05/12 13:06:00 | 000,001,940 | ---- | C] () -- C:\Users\Ed Downey\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/03/19 14:51:16 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2010/09/22 10:48:15 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010/09/08 10:04:04 | 000,000,000 | ---- | C] () -- C:\Users\Ed Downey\AppData\Roaming\wklnhst.dat [2010/04/24 18:48:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010/04/24 18:48:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010/04/24 18:47:59 | 000,000,223 | ---- | C] () -- C:\Windows\PowerReg.dat [2010/03/23 02:01:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/03/23 02:01:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/01/21 11:00:21 | 000,013,312 | ---- | C] () -- C:\Users\Ed Downey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/19 13:07:32 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe [2010/01/19 13:02:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll [2010/01/19 13:02:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll [2006/11/09 08:19:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 06:47:37 | 000,279,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/10/28 10:31:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll [2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll [2006/10/20 20:06:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll [2006/10/20 20:03:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll [2006/10/20 19:57:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll [2006/10/20 19:56:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll [2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll [2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll [2006/10/20 19:48:38 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll [2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll [2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll [2006/09/06 06:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll [2006/08/11 01:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/08/11 01:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll [2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll [2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll [2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll ========== LOP Check ========== [2011/10/19 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\Fighters [2011/08/31 16:32:11 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\FreeFileViewer [2010/07/23 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\Philipp Winterberg [2010/07/06 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\TomTom [2011/03/10 19:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\WeatherBug [2010/07/21 21:41:11 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\WildTangent [2012/01/02 17:29:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job [2012/01/02 13:46:06 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/01/02 22:09:45 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{995C6DC9-287E-4A56-8C13-4B91434ACEC2}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/01/02 13:46:56 | 000,010,300 | ---- | M] () -- C:\aaw7boot.log [2010/01/19 13:13:45 | 000,000,074 | ---- | M] () -- C:\autoexec.bat [2008/01/18 22:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2010/01/19 12:52:18 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2012/01/02 13:46:57 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys [2011/04/14 19:31:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011/04/14 19:31:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012/01/02 13:46:56 | 2325,549,056 | -HS- | M] () -- C:\pagefile.sys [2010/01/19 13:07:34 | 000,000,402 | ---- | M] () -- C:\RHDSetup.log [2011/03/19 14:55:43 | 000,299,558 | ---- | M] () -- C:\scramble.log < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/10/20 01:33:28 | 000,117,760 | ---- | M] () -- C:\Windows\system32\Spool\prtprocs\w32x86\dlcxdrpp.dll [2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2010/03/21 13:54:45 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 805 bytes -> C:\Users\Ed Downey\Documents\Your refinance.eml:OECustomProperty @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C22674B6 < End of report > OTL Extras logfile created on: 1/2/2012 10:10:28 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ed Downey\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 56.93% Memory free 3.99 Gb Paging File | 3.00 Gb Available in Paging File | 75.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 291.83 Gb Total Space | 212.20 Gb Free Space | 72.71% Space Free | Partition Type: NTFS Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.06% Space Free | Partition Type: NTFS Computer Name: DOWNEY-PC | User Name: Ed Downey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04765613-15CB-4624-8832-04D131E5ABB9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{15D6B308-BFAE-46D1-A4CA-D0BF9F1B9059}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{232297C2-6510-440C-90C9-730F61C05268}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections | "{3B1FD089-DEA4-4AEA-AFB8-2E368087EBC6}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe | "{464843FA-1983-466A-A0AA-F311C1DB3D86}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{4F9DAE31-E0CB-41E0-98BD-A1E9CD1C90EC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{5F787E9C-C418-4F29-9EF1-024EF14CDD4B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{6956EB94-5274-441A-9B29-CC60F7E4C409}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe | "{6B83DA01-4A57-4BEF-8F67-9099EFA72C17}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe | "{745FF233-7384-40E0-BD8D-49705CE651BA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{75DCAAF4-CD9B-4958-92DA-2D4B0ECAD004}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe | "{7CFC10F7-DDFD-4B0A-80F1-5DA4312B53AB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{96352AF4-D3A6-4AF5-B19F-BF2625C07AFC}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe | "{9A810DA8-FB74-4862-A253-813C70987579}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe | "{ABA4E752-864E-44D9-9263-82CC54BB03AE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{D8A00579-6A09-4E91-98F8-5C354BAE9DD6}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe | "{F53A094E-0D84-4061-9528-141BCDD82C37}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 25 "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0 "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3 "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101 "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0 "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Battleship - Fleet Command" = Battleship - Fleet Command (remove only) "BFGC" = Big Fish Games Client "BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™ "CCleaner" = CCleaner "Cisco Connect" = Cisco Connect "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "Free RAR Extract Frog" = Free RAR Extract Frog "FreeFileViewer_is1" = Free File Viewer 2011 "HPOOVClient-6811507 Uninstaller" = HP Connections (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US) "N360" = Norton 360 "NetDevil_LEGO_Universe_is1" = LEGO Universe "NVIDIA Drivers" = NVIDIA Drivers "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "PokerStars" = PokerStars "TomTom HOME" = TomTom HOME 2.7.5.2014 "Trusted Software Assistant_is1" = File Type Assistant "WildTangent hpdesktop Master Uninstall" = My HP Games "Zuma Deluxe" = Zuma Deluxe "Zune" = Zune ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/14/2011 7:37:02 PM | Computer Name = Downey-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp 0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed, exception code 0xc0000005, fault offset 0x000678d8, process id 0x1368, application start time 0x01cca32343f709e0. Error - 11/21/2011 2:18:23 PM | Computer Name = Downey-PC | Source = Application Error | ID = 1000 Description = Faulting application ccSvcHst.exe, version 10.1.1.16, time stamp 0x4daa1893, faulting module APPMGR32.DLL, version 18.6.0.29, time stamp 0x4dba03e8, exception code 0xc0000005, fault offset 0x000154e0, process id 0xaf0, application start time 0x01cc8e74a3fd732d. Error - 11/23/2011 5:13:52 PM | Computer Name = Downey-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.19088 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1dc0 Start Time: 01ccaa1bf188d850 Termination Time: 11 Error - 11/24/2011 3:01:27 AM | Computer Name = Downey-PC | Source = VSS | ID = 12289 Description = Error - 11/24/2011 3:01:27 AM | Computer Name = Downey-PC | Source = System Restore | ID = 8193 Description = Error - 11/24/2011 3:01:27 AM | Computer Name = Downey-PC | Source = System Restore | ID = 8210 Description = Error - 12/3/2011 6:41:10 PM | Computer Name = Downey-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 12/4/2011 1:11:05 PM | Computer Name = Downey-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 12/9/2011 1:32:24 PM | Computer Name = Downey-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.19088 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 67c Start Time: 01ccb697fe8bfdb0 Termination Time: 0 Error - 12/16/2011 9:16:29 PM | Computer Name = Downey-PC | Source = VSS | ID = 8194 Description = [ Media Center Events ] Error - 2/1/2011 4:07:16 PM | Computer Name = Downey-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 12/28/2011 1:13:54 AM | Computer Name = Downey-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.110 for the Network Card with network address 001A9248AE3D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 1/1/2012 2:29:05 PM | Computer Name = Downey-PC | Source = HTTP | ID = 15016 Description = Error - 1/1/2012 2:30:40 PM | Computer Name = Downey-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/1/2012 5:47:15 PM | Computer Name = Downey-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 3:18:59 PM on 1/1/2012 was unexpected. Error - 1/1/2012 5:47:18 PM | Computer Name = Downey-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.110 for the Network Card with network address 001A9248AE3D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 1/1/2012 5:47:19 PM | Computer Name = Downey-PC | Source = HTTP | ID = 15016 Description = Error - 1/1/2012 5:48:49 PM | Computer Name = Downey-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/2/2012 3:43:36 PM | Computer Name = Downey-PC | Source = Service Control Manager | ID = 7034 Description = Error - 1/2/2012 3:47:06 PM | Computer Name = Downey-PC | Source = HTTP | ID = 15016 Description = Error - 1/2/2012 3:48:41 PM | Computer Name = Downey-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >

I ran the TFC and it cleaned about 100mb of temp files. System still seems the same.. . I'm noticing high CPU usage when I run IE. 90% at times.. I dont know if this means anything but when I minimize the browser window to the task bar, the CPU usage drops very low to like 7% then back up to 80% when window maximized.. Not sure if this means anything? Thank you all for the help

Ok, I updated and ran the scan. Malwarebytes Anti-Malware 1.60.0.1800 http://www.malwarebytes.org Database version: v2011.12.24.05 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Ed Downey :: DOWNEY-PC [administrator] 1/1/2012 10:59:10 AM mbam-log-2012-01-01 (10-59-10).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 311642 Time elapsed: 1 hour(s), 26 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckynugget (PUP.Casino.Gen) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Microgaming\Casino\LuckyNugget\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully. C:\Users\Ed Downey\Documents\luckynugget.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully. (end)

I will run full scan and post it.. Didn't realize it was the quick version..

Malwarebytes' Anti-Malware 1.51.2.1300 http://www.malwarebytes.org Database version: 911122404 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19088 12/24/2011 10:32:41 AM mbam-log-2011-12-24 (10-32-41).txt Scan type: Quick scan Objects scanned: 156597 Time elapsed: 4 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Hello, I opened task manager to see if something was causing my machine to run sluggish and I noticed HelpPane.exe was using about 50% CPU?.. SpyBot found W3i.IQ5.fraud when I did a scan a few days ago and not sure if it would've caused this? I checked the properties of HelpPane.exe and it all looked legit...FireFox runs slow and IE runs a tad faster but freezes and gives me a script error asking if I want to continue or stop running script. Thank you