shawnh

RandyL mentioned this (...although I don't see that post anywhere, odd): "That might be a recovery partition. If so it would be best if you left it alone." Maybe I shouldn't touch it, Starbuck?? Shawn

ok, will delete it later tonight... fingers crossed!

I've got an external HD with lots of space that I do backups to regularly (back up my whole laptop to it)... that Windows directory is already saved on there. Think I should go ahead and delete 'er then?

Says: Size: 2.43G Size on Disk: 1.42G .. so I guess it's just 1.42G eh? Thought it would be more, I'm kinda surprised.

Sorry for the long delay Starbuck - got a thousand projects on the go at once! Here's something you probably should know - a few years ago I had some virus trouble with this same computer and I found someone online to help me in a similar anti-virus forum. Ultimately, he suggested I just install a new copy of Windows XP again, but install it to a new directory. So now I have basically a "dual-boot" machine with the old Windows XP in the C:\Windows directory (which of course I never use), and the new copy of XP in C:\WinXP. Of course, this old non-used copy of XP in C:\Windows is taking up a lot of hard drive space, but I'm kinda scared to just delete it for fear of it somehow mucking up my now-working (but slow) machine. Think it's okay for me to just wipe out that C:\Windows directory altogether? It would sure free up a pile of space. Thanks! Shawn

MBAM run was clean! Here's the log Starbuck: Malwarebytes' Anti-Malware 1.50.1.1100 http://www.malwarebytes.org Database version: 6321 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 4/10/2011 3:43:57 AM mbam-log-2011-04-10 (03-43-57).txt Scan type: Full scan (C:\|) Objects scanned: 482820 Time elapsed: 2 hour(s), 3 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ... I'll get started on the other stuff you recommended. Thanks! Shawn

OK no worries Starbuck, I'll get on the MBAM run tonight. I'm leery of installing a real-time AV to this computer as it's kind of an old laptop which doesn't have a whole lot of horsepower. It's already slow enough as it is, I think a realtime AV would make it unbearable. Would running something like TrendMicro HouseCall once a week or so be alright instead? Thanks Shawn

Sorry, you kinda lost me Starbuck... what should I be looking for? You put some comments in amongst the OTL log file? I scanned through it actually, but I couldn't really notice.

not sure what you mean Starbuck. There was no attachment in your last post.... Shawn

Hi Starbuck, okay I got the OTL run done. Attached is the logfile. It actually did the CHKDSK (or is that "Scandisk") automatically as it rebooted. It took almost all night, I just let it go. Will carry on with the other steps tonight! All processes killed ========== OTL ========== Service r_server stopped successfully! Service r_server deleted successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71AAABE5-1F0F-11D7-BD6F-004854603DCE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71AAABE5-1F0F-11D7-BD6F-004854603DCE}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84dada70-46d4-11e0-b00a-00038a000015}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84dada70-46d4-11e0-b00a-00038a000015}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84dada70-46d4-11e0-b00a-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84dada70-46d4-11e0-b00a-00038a000015}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84dada70-46d4-11e0-b00a-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84dada70-46d4-11e0-b00a-00038a000015}\ not found. File E:\WIN\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{932095b1-1f1b-11de-9eaa-00038a000015}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found. File C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AppLaunch.exe AUTORUN=1 not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7e2caf0-59c7-11de-af91-00179a446a75}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7e2caf0-59c7-11de-af91-00179a446a75}\ not found. File E:\CDGO.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\WIN\setup.exe not found. ADS C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:0B174FAE deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Moe\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Moe\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.N-66I8K7FUN69C1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.N-66I8K7FUN69C1.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.YOUR-QQH4336AXF ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: All Users.WINXP User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINXP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.NT AUTHORITY.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService.NT AUTHORITY.001 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LogMeInRemoteUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LogMeInRemoteUser.N-66I8K7FUN69C1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Moe ->Temp folder emptied: 8719691 bytes ->Temporary Internet Files folder emptied: 24217472 bytes ->Java cache emptied: 724496 bytes ->FireFox cache emptied: 107534422 bytes ->Flash cache emptied: 30469 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.NT AUTHORITY.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService.NT AUTHORITY.001 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Owner ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Owner.N-66I8K7FUN69C1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Owner.YOUR-QQH4336AXF ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Shawn ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17816 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 63515174 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 90011720 bytes Total Files Cleaned = 281.00 mb C:\WINXP\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator User: Administrator.N-66I8K7FUN69C1 User: Administrator.N-66I8K7FUN69C1.000 User: Administrator.YOUR-QQH4336AXF User: All Users User: All Users.WINXP User: Default User User: Default User.WINXP User: LocalService User: LocalService.NT AUTHORITY User: LocalService.NT AUTHORITY.000 User: LocalService.NT AUTHORITY.001 User: LogMeInRemoteUser User: LogMeInRemoteUser.N-66I8K7FUN69C1 User: Moe ->Flash cache emptied: 0 bytes User: NetworkService User: NetworkService.NT AUTHORITY User: NetworkService.NT AUTHORITY.000 User: NetworkService.NT AUTHORITY.001 User: Owner User: Owner.N-66I8K7FUN69C1 User: Owner.YOUR-QQH4336AXF User: Shawn ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04072011_001356 Files\Folders moved on Reboot... C:\Documents and Settings\Moe\Local Settings\Temp\~DF8F93.tmp moved successfully. File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\X1LS8OCD\2WGZBCAYZT5WTCAMO03ULCA087JKJCAIS41MPCA5AV95ZCA8B9O5CCAZ6AB90CAPJ3DRPCAO9K2AACABROJUECA0J4NNYCA1XBVANCAYA3GXKCAU57YD1CA9QVN0NCA3ANAMZCAEPO8S0CAVVCF7MCAOV6K9KCA2A3JERCAPGQ8C0.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\X1LS8OCD\c=1952731;met=1;v=1;pid=34117041;aid=212751859;ko=0;cid=31132510;rid=31150386;rv=2;&timestamp=1242337712404;eid1=2;ecn1=1;etm1=13;eid2=3;ecn2=1;etm2=1;eid3=4;ecn3=1;etm3=0;[1].gif not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\8QHFJCA3B8F0WCA4M8B2WCASYUKX1CAJM0DSYCA8P6IAQCA08N9CQCA2M7M2XCA3QOWB8CAFYSF2GCA1V0U51CABVZ4LTCAC3SZN4CAQ46ZBSCAN6P94LCA9AWDR3CAHHWE5TCA3LA9THCALW8KU8CA7N35GFCAJUUSGFCAY6M432.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\E0E13CAZPTEO2CAG1NY6LCAW8RTY4CAZ5MR2ECAMOAOB9CA2NS1LJCAGYEKG5CAM0Y2FOCARJG82BCAR390MXCA50RZOQCAOZ79Q7CAY2UCY3CANW8296CAQGMK9NCA2JS4EPCADFFM9OCA3RZ59WCAAOG81WCAOZS6Z5CAMJQ9N6.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\R85PUCAKZ9FOJCA6WUNM8CA5AQ4CHCA257QB0CAS8RZOZCAPR1XDFCA64RUL8CAN77W7ECAQQ29LHCA19MEPICALN2YK3CAMGQ8XQCAHRSBO8CAI1I1C1CAZIWBXKCAQH9MR8CAIK0I54CAS8YZXGCA85MXDUCAUPZ9DBCANV9MC5.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\RHKN1CAN5SDUVCA18IBTTCA3O50TXCAZ5VL53CA1T582NCA0NRUL6CAI23UKHCAKW2TLZCAWQ1HYQCAYHO8LVCAPUFOK4CAJ7RJD7CAQ4WR32CAL1TT8XCA6FWSM6CA3FXU7RCAL7S7ABCAB0J55PCA4NXF25CAF6I3IZCAMXZMDO.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\VXRGMCA9QYCTYCAKMB01BCAA43G4LCA2BKNETCAUN0KMKCA8SEOTECA5SEI1ICAU5B4XLCAB1XFT1CAGPSX19CA49R7OQCA076L98CAUGB08PCAMEKNHCCAMP1MWVCAXZGMM8CAQAYU8CCAPX2N6MCACPHKLBCA22XF7FCAMJ3XMD.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\NI6EIOAK\0A3KJCAMPJLL3CAQ7PL3VCACCTPQJCAD2MQVXCANST1AMCAIBNPN9CA1AXJF6CADB8LJ8CA0VZJ0MCADUSUTICAH3S5FJCA1I2VBLCAA93T1PCATI7IRJCA1DDGP6CAPOD8VSCANLJM9KCA7Z9C6KCAV0GIRCCAGHN4YDCAZSS3AE.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\NI6EIOAK\4PPVECAY63CU8CA2VGN4KCARUPD2ACAR47482CAI7N0SVCAPKF1TKCAC212L7CA4FW9M7CAIB3KECCAUQ5GWECAO9QAAKCAD153FVCA28GJ7KCA57BI7JCAFZ1B4LCAIEHMXFCAU3W6JPCAQNJ61FCA8WQUVCCASP7TK5CAVIAQVE.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\NI6EIOAK\LM8IICA61NCV9CA3388Z7CA1M76S8CADURM6VCA8NBXYOCAO8HYMKCAUBUT0JCAJBGQ76CA0T8I0OCAJV6S27CA928OV2CAV9UQB6CA1KBYLYCAEJ111PCA2HP7BZCA634UJ3CA9YHCEGCA177DQPCAYNRQG8CACGRSTPCA8WF8US.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\HGVO1XVR\59T90CA9TY27KCAS7AV6XCAZJ05A2CAVHDFN2CAEJGDG9CA2EEI77CA2MW2W5CAFIKVLLCAAIVW2ACA2Z8R9BCARHNCVICANLLP6ECA4QJNQPCAT61SW2CAPWZEQBCA84YDF0CAK1967CCAQM3HBBCAVUHPXWCA2TOL3QCAHD4NGN.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\HGVO1XVR\BIL54CABVXWG3CAP6HGSWCARUJ7IACA3G5HNQCA8KOB1LCA26CUQTCAVW5ZBSCA4EIUXECADEKB27CAH255Q4CA24T6O3CA4CI4DACATSSKYOCAD3J276CAJ112I1CAZP9ZMBCABQHMPLCA3HLZ20CAI9FKBPCA2BR2WBCABXR1IL.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\HGVO1XVR\T2BVCCAK1I1R1CAG3ZWWBCA6QX6TPCAE3T0SHCAZSBECXCAC0Y1BECAIDLRFACAQ6877KCAVMS7T3CAZDAL7LCAU4L41GCAA4D2JQCA2GKTT6CAP8FT5VCA4FHFCTCAIBFWE7CAK1ZQTGCATHYEYHCAYBX8C6CAMQE0OUCAT15PV1.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\F2I7K3XL\ag,mod_controls_app,mod_scrollwheel,mod_zoom,mod_extended_dom,mod_keyboard,mod_traffic_app,mod_lyrsctrl,mod_lyrs,mod_quadtree,mod_transitlyr,mod_cb_launchpad,mod_adfetcher%7D[1].js not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\3YMQC9UX\9XKKFCA8BS96CCAXE268XCAHZA4H1CA075HGHCA1681AKCAITHQE6CAILQQVFCA33DU5FCA60WEDSCAXZA443CAP5UY37CA9TOVF9CA05WVUOCA7V62PPCA16M1SZCAK16GI3CA93PR0HCAJOQNLVCAM7LVC1CA5SVJJUCAJYRGJD.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\0D5QCNZX\4M947CA22JD92CAHX3EUKCAZE5R42CAYB2KAKCARPQ9EXCAQ4MZLYCAT84ZLUCAQMVHVHCAB6K8ARCAENO0EZCAPJFUFQCABGQG19CAK71EHTCAC6SOEPCA5UYYQVCAY8PTZ0CAR0JPHCCAB3CL86CAB585VTCA0IEDY6CA37J4CT.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\0D5QCNZX\APWJRCA1F3JZQCA2FLEZ0CALYE2MWCA0WD822CAQW3F62CA3E21ESCA9LK5BQCA1NPLQ0CA3M0GJECAUL0JL9CAO2NYJ4CAQKEBC6CAJVU3R3CA2TB09TCA4IWT6VCAJGT5YJCAN7ZJW4CABYQM11CARUBQYWCA2DIW9TCAOXTPQH.htm not found! File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\0D5QCNZX\Z8AQLCA7EFSMVCAE847M5CA06DJ9ECAAOJSNYCA06YT7KCA9Q2FCTCA1E5DS3CAFHTEJVCAATRSPBCA6JH0PGCAXFF42OCAU1SYHKCAAA1FBHCAAEAICMCAG0SJCQCAU6K5CDCAFNXMAPCABP6ZMZCA66RUTOCANIM7NYCAHHIKH1.htm not found! C:\WINXP\temp\ZLT01d55.TMP moved successfully. Registry entries deleted on Reboot... Thank You![ATTACH]512.vB5-legacyid=1131[/ATTACH] Shawn 04072011_001356.txt

OK Starbuck thanks, I will get on that later this evening. Cheers Shawn

OK let me try those Starbuck, thanks. Should I upgrade my OS to SP3 first?

Oh, also you asked why I still have SP2 and not SP3. Well, I guess mainly because I only have about 5 gigs of free space left on this laptop and am trying very hard to not fill it... but I guess I should move up to SP3 eh? Shawn

Thanks Starbuck, I couldn't manage to get very far though - ran into resistance right off the bat while trying to do the Scandisk. I followed your instructions to the letter, did a reboot and while it did start to do the scandisk (blue screen, etc), it quickly said: "Cannot open volume for direct access" "Windows has finished checking the disk" ... and then it just continued to boot Windows up as normal. Any thoughts? Thanks! Shawn

Awfully sorry for the long absence Starbuck, got waylayed on a lengthy project :-( I've attached the two output files from the OTL run. Thank you! OTL logfile created on: 3/24/2011 9:55:48 PM - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Moe\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 62.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files Drive C: | 27.95 Gb Total Space | 5.56 Gb Free Space | 19.89% Space Free | Partition Type: NTFS Computer Name: N-66I8K7FUN69C1 | User Name: Moe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/24 21:54:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moe\Desktop\OTL.exe PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2007/12/05 06:18:59 | 000,594,600 | ---- | M] ( ) -- C:\WINXP\system32\lxdncoms.exe PRC - [2007/06/13 07:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe PRC - [2006/05/15 19:29:52 | 005,627,904 | ---- | M] (D-Link) -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe PRC - [2006/03/21 11:30:26 | 000,368,724 | ---- | M] (Atheros) -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe PRC - [2001/10/03 21:21:52 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINXP\wanmpsvc.exe ========== Modules (SafeList) ========== MOD - [2011/03/24 21:54:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moe\Desktop\OTL.exe MOD - [2006/08/25 12:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINXP\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (r_server) SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/01/16 20:33:25 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2011/01/16 20:32:58 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINXP\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2007/12/05 06:18:59 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINXP\System32\lxdncoms.exe -- (lxdn_device) SRV - [2007/12/05 06:18:53 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINXP\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService) SRV - [2006/03/21 11:30:26 | 000,368,724 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe -- (ACS) SRV - [2005/06/17 23:30:32 | 000,184,320 | ---- | M] (V Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\VCOM\Fix-It\MXTASK.exe -- (Fix-It Task Manager) SRV - [2004/08/04 04:56:46 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) SRV - [2001/10/03 21:21:52 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINXP\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) ========== Driver Services (SafeList) ========== DRV - [2011/01/16 20:32:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINXP\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2010/02/23 10:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) DRV - [2010/02/23 10:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) DRV - [2010/02/23 10:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) DRV - [2010/02/23 10:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009/04/23 16:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINXP\system32\vsdatant.sys -- (vsdatant) DRV - [2008/12/11 22:32:42 | 000,148,496 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINXP\system32\drivers\klif.sys -- (KLIF) DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINXP\system32\ZoneLabs\srescan.sys -- (srescan) DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2008/02/29 17:08:08 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINXP\System32\drivers\swmsflt.sys -- (swmsflt) DRV - [2006/05/19 18:16:24 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINXP\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2006/05/19 18:16:24 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINXP\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2006/05/16 02:37:44 | 000,999,968 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ar5416.sys -- (AR5416) DRV - [2005/06/17 23:30:32 | 000,051,212 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\VCOM\Fix-It\mxDisk.sys -- (mxDisk) DRV - [2004/02/23 09:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\portd2k.sys -- (portD) DRV - [2003/11/13 22:47:00 | 000,640,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003/11/08 03:00:02 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2003/11/08 03:00:02 | 000,631,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/08 03:00:02 | 000,196,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\hsf_msft.sys -- (hsf_msft) DRV - [2001/08/17 13:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\hsf_samp.sys -- (Rksample) DRV - [2001/08/17 13:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\hsf_bsc2.sys -- (basic2) DRV - [2001/08/16 22:20:34 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = <local> ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/19 17:32:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 20:46:43 | 000,000,000 | ---D | M] [2009/07/27 20:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Moe\Application Data\Mozilla\Extensions [2009/07/27 20:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Moe\Application Data\Mozilla\Extensions\xulapp@opencube.com [2011/03/23 13:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Moe\Application Data\Mozilla\Firefox\Profiles\aohl84rx.default\extensions [2009/07/10 12:51:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Moe\Application Data\Mozilla\Firefox\Profiles\aohl84rx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/05/06 09:57:04 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Moe\Application Data\Mozilla\Firefox\Profiles\aohl84rx.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010/06/23 14:45:24 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Moe\Application Data\Mozilla\Firefox\Profiles\aohl84rx.default\extensions\LogMeInClient@logmein.com [2011/02/09 02:33:32 | 000,000,000 | ---D | M] (GraphOn GO-Global) -- C:\Documents and Settings\Moe\Application Data\Mozilla\Firefox\Profiles\aohl84rx.default\extensions\support@graphon.com [2011/03/23 21:15:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/01/16 20:41:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/05 01:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/03/05 01:33:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2009/05/21 10:27:44 | 000,001,457 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [ATIModeChange] C:\WINXP\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [PrinTray] C:\WINXP\system32\spool\drivers\w32x86\3\printray.exe (Lexmark) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe (D-Link) O4 - Startup: C:\Documents and Settings\Moe\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.) O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.) O9 - Extra Button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe () O9 - Extra 'Tools' menuitem : Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINXP\system32\nwprovau.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: logmein.com ([secure] https in Trusted sites) O15 - HKCU\..Trusted Domains: plentyoffish.com ([www] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINXP\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\WINXP\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINXP\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/04/08 23:47:00 | 000,000,018 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/11/20 20:36:58 | 000,000,000 | ---D | M] - C:\autoresponder -- [ NTFS ] O32 - AutoRun File - [2009/10/13 16:51:20 | 000,000,000 | ---D | M] - C:\AutoResponsePlus -- [ NTFS ] O33 - MountPoints2\{84dada70-46d4-11e0-b00a-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{84dada70-46d4-11e0-b00a-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{84dada70-46d4-11e0-b00a-00038a000015}\Shell\AutoRun\command - "" = E:\WIN\setup.exe O33 - MountPoints2\{932095b1-1f1b-11de-9eaa-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{932095b1-1f1b-11de-9eaa-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{932095b1-1f1b-11de-9eaa-00038a000015}\Shell\AutoRun\command - "" = C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AppLaunch.exe AUTORUN=1 O33 - MountPoints2\{a7e2caf0-59c7-11de-af91-00179a446a75}\Shell\AutoRun\command - "" = E:\CDGO.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WIN\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2100/02/08 16:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe [2012/04/13 17:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moe\Start Menu\Programs\Push-Button Option Trader [2012/04/13 17:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Push-Button Option Trader [2011/03/24 21:54:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Moe\Desktop\OTL.exe [2011/03/24 21:00:03 | 000,000,000 | --SD | C] -- C:\Combo-Fix15942C [2011/03/16 18:27:25 | 000,000,000 | ---D | C] -- C:\Pat [2011/03/10 20:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moe\Local Settings\Application Data\PowerLeadsPro [2011/03/10 20:47:18 | 000,000,000 | ---D | C] -- C:\MarcSchildmann [2011/03/10 12:19:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Moe\Recent [2011/03/05 01:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moe\Start Menu\Programs\Interactive Brokers [2011/03/05 01:34:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javacpl.cpl [2011/03/05 01:34:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaws.exe [2011/03/05 01:34:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaw.exe [2011/03/05 01:34:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\java.exe [2011/03/05 01:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\McAfee [2011/03/02 16:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moe\My Documents\Mikogo [2009/04/20 16:06:15 | 000,262,144 | ---- | C] (ZoneAlarm) -- C:\Program Files\Uninstall Spy Blocker.dll [2008/09/25 18:37:57 | 000,438,272 | ---- | C] ( ) -- C:\WINXP\System32\LXDNhcp.dll [2008/09/25 18:37:56 | 000,364,544 | ---- | C] ( ) -- C:\WINXP\System32\lxdninpa.dll [2008/09/25 18:37:56 | 000,339,968 | ---- | C] ( ) -- C:\WINXP\System32\lxdniesc.dll [2008/09/25 18:37:55 | 001,101,824 | ---- | C] ( ) -- C:\WINXP\System32\lxdnserv.dll [2008/09/25 18:37:55 | 000,843,776 | ---- | C] ( ) -- C:\WINXP\System32\lxdnusb1.dll [2008/09/25 18:37:54 | 000,647,168 | ---- | C] ( ) -- C:\WINXP\System32\lxdnpmui.dll [2008/09/25 18:37:54 | 000,569,344 | ---- | C] ( ) -- C:\WINXP\System32\lxdnlmpm.dll [2008/09/25 18:37:54 | 000,053,248 | ---- | C] ( ) -- C:\WINXP\System32\lxdnprox.dll [2008/09/25 18:37:52 | 000,320,168 | ---- | C] ( ) -- C:\WINXP\System32\lxdnih.exe [2008/09/25 18:37:51 | 000,663,552 | ---- | C] ( ) -- C:\WINXP\System32\lxdnhbn3.dll [2008/09/25 18:37:49 | 000,851,968 | ---- | C] ( ) -- C:\WINXP\System32\lxdncomc.dll [2008/09/25 18:37:49 | 000,594,600 | ---- | C] ( ) -- C:\WINXP\System32\lxdncoms.exe [2008/09/25 18:37:49 | 000,376,832 | ---- | C] ( ) -- C:\WINXP\System32\lxdncomm.dll [2008/09/25 18:37:48 | 000,365,224 | ---- | C] ( ) -- C:\WINXP\System32\lxdncfg.exe ========== Files - Modified Within 30 Days ========== [2011/03/24 21:54:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moe\Desktop\OTL.exe [2011/03/24 21:47:40 | 000,350,210 | ---- | M] () -- C:\WINXP\System32\vsconfig.xml [2011/03/24 21:47:36 | 000,013,002 | ---- | M] () -- C:\WINXP\System32\wpa.dbl [2011/03/24 21:47:10 | 000,000,876 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job [2011/03/24 21:46:50 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat [2011/03/24 21:05:13 | 1899,063,072 | -HS- | M] () -- C:\WINXP\System32\drivers\fidbox.dat [2011/03/24 20:58:56 | 004,301,706 | R--- | M] () -- C:\Documents and Settings\Moe\Desktop\Combo-Fix.exe [2011/03/24 20:11:00 | 000,000,880 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job [2011/03/24 19:57:42 | 025,430,480 | -HS- | M] () -- C:\WINXP\System32\drivers\fidbox.idx [2011/03/24 01:58:46 | 000,001,437 | ---- | M] () -- C:\WINXP\ydownloaderlibpr.INI [2011/03/21 01:20:03 | 000,000,472 | ---- | M] () -- C:\WINXP\tasks\Ad-Aware Update (Weekly).job [2011/03/13 12:41:30 | 000,434,676 | ---- | M] () -- C:\WINXP\System32\perfh009.dat [2011/03/13 12:41:30 | 000,068,750 | ---- | M] () -- C:\WINXP\System32\perfc009.dat [2011/03/11 18:05:23 | 000,000,416 | RHS- | M] () -- C:\boot.ini [2011/03/05 01:40:19 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Trader Workstation 4.0.LNK [2011/03/05 01:39:47 | 000,000,043 | ---- | M] () -- C:\WINXP\ib.ini [2011/03/05 01:39:45 | 000,000,485 | ---- | M] () -- C:\Documents and Settings\Moe\Start Menu\Programs\Startup\Check for TWS Updates.lnk [2011/03/05 01:33:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\deployJava1.dll [2011/03/05 01:33:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaws.exe [2011/03/05 01:33:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaw.exe [2011/03/05 01:33:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\java.exe [2011/03/05 01:33:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javacpl.cpl ========== Files Created - No Company Name ========== [2100/02/23 14:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat [2100/02/08 15:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini [2011/03/05 01:40:19 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Trader Workstation 4.0.LNK [2011/03/05 01:39:45 | 000,000,485 | ---- | C] () -- C:\Documents and Settings\Moe\Start Menu\Programs\Startup\Check for TWS Updates.lnk [2011/03/05 01:39:44 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Moe\Start Menu\Programs\Check for TWS Updates.lnk [2011/01/24 02:06:10 | 000,256,512 | ---- | C] () -- C:\WINXP\PEV.exe [2011/01/24 02:06:10 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe [2011/01/24 02:06:10 | 000,089,088 | ---- | C] () -- C:\WINXP\MBR.exe [2011/01/24 02:06:10 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe [2011/01/24 02:06:10 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe [2011/01/16 20:17:42 | 000,102,400 | ---- | C] () -- C:\WINXP\RegBootClean.exe [2011/01/16 01:56:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\housecall.guid.cache [2011/01/11 18:18:28 | 000,001,437 | ---- | C] () -- C:\WINXP\ydownloaderlibpr.INI [2010/02/17 19:30:53 | 000,000,026 | ---- | C] () -- C:\WINXP\refsdm.dll [2010/02/17 18:29:09 | 000,000,299 | ---- | C] () -- C:\WINXP\winsrvm.dll [2010/02/17 18:29:09 | 000,000,001 | ---- | C] () -- C:\WINXP\dwatson.dll [2010/02/17 18:13:55 | 000,000,006 | ---- | C] () -- C:\WINXP\client.dll [2010/02/17 18:13:53 | 000,000,019 | ---- | C] () -- C:\WINXP\MCLDR.dll [2010/02/15 00:50:49 | 000,253,952 | ---- | C] () -- C:\WINXP\ddedll.dll [2009/12/17 19:14:30 | 000,000,070 | ---- | C] () -- C:\WINXP\MediaManager.INI [2009/12/17 17:53:02 | 000,007,207 | R--- | C] () -- C:\WINXP\Disktool.INI [2009/12/17 17:53:02 | 000,006,399 | R--- | C] () -- C:\WINXP\fwupgrade.ini [2009/12/17 17:53:02 | 000,003,677 | R--- | C] () -- C:\WINXP\PlaySnd.INI [2009/05/24 14:36:13 | 1899,063,072 | -HS- | C] () -- C:\WINXP\System32\drivers\fidbox.dat [2009/04/15 23:19:12 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat [2009/03/31 15:37:34 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat [2008/11/02 19:10:45 | 000,000,043 | ---- | C] () -- C:\WINXP\ib.ini [2008/11/02 05:00:33 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat [2008/09/25 18:48:51 | 000,040,960 | ---- | C] () -- C:\WINXP\System32\lxdnvs.dll [2008/09/25 18:48:43 | 000,348,160 | ---- | C] () -- C:\WINXP\System32\lxdncoin.dll [2008/09/25 18:46:36 | 000,782,336 | ---- | C] () -- C:\WINXP\System32\lxdndrs.dll [2008/09/25 18:46:36 | 000,081,920 | ---- | C] () -- C:\WINXP\System32\lxdncaps.dll [2008/09/25 18:46:35 | 000,069,632 | ---- | C] () -- C:\WINXP\System32\lxdncnv4.dll [2008/09/25 18:44:24 | 000,012,288 | ---- | C] () -- C:\WINXP\System32\LXF3PMRC.DLL [2008/09/25 18:38:20 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\lxdnrwrd.ini [2008/09/25 18:37:57 | 000,348,160 | ---- | C] () -- C:\WINXP\System32\LXDNinst.dll [2008/09/25 18:37:51 | 000,208,896 | ---- | C] () -- C:\WINXP\System32\lxdngrd.dll [2008/02/29 17:08:08 | 000,024,840 | ---- | C] () -- C:\WINXP\System32\drivers\swmsflt.sys [2008/02/15 14:42:12 | 000,027,136 | ---- | C] () -- C:\WINXP\toFront.dll [2008/02/15 14:42:12 | 000,026,624 | ---- | C] () -- C:\WINXP\GetIe.dll [2007/03/13 23:32:48 | 000,000,035 | ---- | C] () -- C:\WINXP\LMDUJBQ.INI [2007/01/01 00:37:18 | 000,000,038 | ---- | C] () -- C:\WINXP\iltwain.ini [2006/09/06 08:44:27 | 000,000,182 | ---- | C] () -- C:\WINXP\System32\EBPPORT.DAT [2006/07/18 18:54:01 | 000,000,144 | ---- | C] () -- C:\WINXP\gvcasinos.ini [2006/06/20 15:39:07 | 000,000,053 | ---- | C] () -- C:\WINXP\zbj22.ini [2006/04/10 12:18:12 | 000,008,784 | ---- | C] () -- C:\WINXP\System32\ractrlkeyhook.dll [2006/03/21 14:11:58 | 000,000,000 | ---- | C] () -- C:\WINXP\VPC32.INI [2005/11/08 21:25:12 | 000,107,520 | ---- | C] () -- C:\WINXP\System32\UnCasino5.exe [2005/10/28 15:25:47 | 000,000,059 | ---- | C] () -- C:\WINXP\ANS2000.INI [2005/10/28 15:25:47 | 000,000,020 | -H-- | C] () -- C:\WINXP\akebook.ini [2005/10/28 15:25:47 | 000,000,004 | -H-- | C] () -- C:\WINXP\a3kebook.ini [2005/09/24 00:03:41 | 000,000,227 | ---- | C] () -- C:\WINXP\ARKS-FAC.INI [2005/09/24 00:03:35 | 000,000,000 | ---- | C] () -- C:\WINXP\ARK-LOCK.DAT [2005/08/12 18:57:09 | 003,596,288 | ---- | C] () -- C:\WINXP\System32\qt-dx331.dll [2005/07/11 22:00:06 | 000,040,960 | ---- | C] () -- C:\WINXP\uneng.exe [2005/07/03 01:17:31 | 000,003,134 | ---- | C] () -- C:\WINXP\cdplayer.ini [2005/06/22 17:56:20 | 000,072,192 | ---- | C] () -- C:\WINXP\System32\zlib.dll [2005/06/21 21:17:52 | 000,000,052 | ---- | C] () -- C:\WINXP\winros.ini [2005/06/20 22:58:52 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat [2005/06/19 23:54:46 | 000,001,252 | ---- | C] () -- C:\WINXP\ODBC.INI [2005/06/19 23:54:30 | 000,000,037 | ---- | C] () -- C:\WINXP\Server.INI [2005/06/15 19:46:12 | 000,000,043 | ---- | C] () -- C:\WINXP\WALLSTRT.INI [2005/06/14 22:04:16 | 000,000,000 | ---- | C] () -- C:\WINXP\OPPRIN~1.INI [2005/06/08 19:00:00 | 000,360,448 | ---- | C] () -- C:\WINXP\System32\fmtkit60.dll [2005/06/06 14:21:01 | 000,000,064 | ---- | C] () -- C:\WINXP\eFaxView.ini [2005/06/03 19:55:53 | 000,032,768 | ---- | C] () -- C:\WINXP\BBUninstall.exe [2005/05/30 15:24:35 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\msssc.dll [2005/05/30 00:52:14 | 000,000,061 | ---- | C] () -- C:\WINXP\URLPROXY.INI [2005/05/26 19:33:18 | 000,004,212 | -H-- | C] () -- C:\WINXP\System32\zllictbl.dat [2005/05/26 19:19:41 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/05/26 19:03:18 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat [2005/05/26 18:54:14 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat [2005/05/26 14:07:51 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI [2005/05/26 14:06:09 | 000,134,872 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT [2005/05/26 14:01:09 | 000,000,006 | ---- | C] () -- C:\WINXP\System32\rasmon.bin [2005/05/26 14:01:09 | 000,000,004 | -H-- | C] () -- C:\WINXP\System32\ddefact.bin [2003/11/13 22:38:26 | 000,086,016 | ---- | C] () -- C:\WINXP\System32\ati2evxx.dll [2003/11/13 22:36:54 | 000,385,024 | ---- | C] () -- C:\WINXP\System32\ati2evxx.exe [2003/06/10 15:03:38 | 000,029,600 | ---- | C] () -- C:\WINXP\System32\mxntdfg.exe [2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINXP\lsb_un20.exe [2002/03/10 18:36:14 | 000,012,288 | ---- | C] () -- C:\WINXP\System32\impborl.dll [2001/10/12 07:42:52 | 000,032,768 | ---- | C] () -- C:\WINXP\System32\LXARICO.DLL [2001/10/12 07:42:50 | 000,000,643 | ---- | C] () -- C:\WINXP\LEXSTAT.INI [2001/08/18 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin [2001/08/18 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat [2001/08/18 11:00:00 | 000,434,676 | ---- | C] () -- C:\WINXP\System32\perfh009.dat [2001/08/18 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat [2001/08/18 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat [2001/08/18 11:00:00 | 000,068,750 | ---- | C] () -- C:\WINXP\System32\perfc009.dat [2001/08/18 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin [2001/08/18 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat [2001/08/18 11:00:00 | 000,004,461 | ---- | C] () -- C:\WINXP\System32\oembios.dat [2001/08/18 11:00:00 | 000,001,788 | ---- | C] () -- C:\WINXP\System32\dcache.bin [2001/08/18 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat [2001/07/20 10:48:06 | 000,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB [2001/01/18 15:55:22 | 000,131,584 | ---- | C] () -- C:\WINXP\System32\Ptlic32.exe [2000/12/05 15:56:34 | 000,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll [2000/01/11 12:50:48 | 000,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:0B174FAE < End of report > OTL Extras logfile created on: 3/24/2011 9:55:48 PM - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Moe\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 62.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files Drive C: | 27.95 Gb Total Space | 5.56 Gb Free Space | 19.89% Space Free | Partition Type: NTFS Computer Name: N-66I8K7FUN69C1 | User Name: Moe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ -- (ICQ Inc.) "C:\Program Files\IBP 10\IBP.exe" = C:\Program Files\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP) -- (Axandra GmbH) "C:\WINXP\system32\lxdncoms.exe" = C:\WINXP\system32\lxdncoms.exe:*:Enabled:Lexmark Communications System -- ( ) "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnamon.exe:*:Enabled:Lexmark Device Monitor -- () "C:\Program Files\Lexmark 2600 Series\frun.exe" = C:\Program Files\Lexmark 2600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- () "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor -- () "C:\WINXP\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINXP\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface -- () "C:\WINXP\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINXP\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.) "C:\WINXP\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINXP\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- () "C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" = C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- () "C:\WINXP\system32\ZoneLabs\vsmon.exe" = C:\WINXP\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "[web:reg] Unit root test (ADF-test)_is1" = [web:reg] Unit root test (ADF-test) Add In 0.9 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24 "{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn "{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MT4 ECN powered by ATC Brokers 4.00 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = D-Link RangeBooster N DWA-642 "{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003 "{91FA5123-41A2-401D-9A60-7A0E075A9A5E}" = Roulette Sniper Version 2.0 "{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 Lite "{AF9C41C1-EC1D-4FCD-9C5D-1AFEFCB67CD1}" = VCOM Fix-It Utilities 5 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD "{C8811335-8B3B-4BC4-AD47-3A8AC1AD407B}" = Visual CSS QuickMenu "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E0233B01-BE70-4D0B-8B69-64331593535C}" = eBook Pro Viewer 5.54 "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EFE356A6-91C3-450F-A469-504ACA655A7A}_is1" = PADGen 3.1.0.41 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFF3BAB1-9E90-4039-BB17-64CC7125DFDB}" = FXDD "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AIM_7" = AIM 7 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "AutoHotkey" = AutoHotkey 1.0.47.03 "Canon Digital Camera USB Driver" = Canon Digital Camera USB Driver "CCleaner" = CCleaner "Club Player Casino" = Club Player Casino "Compare and Merge_is1" = Compare and Merge 2.3 "GoFTP_is1" = GoFTP v2 "Good Keywords v2.01_is1" = Good Keywords v2.01.100107 "HijackThis" = HijackThis 2.0.2 "IBP10_is1" = IBP 10.0.3 "ICQ" = ICQ "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{0C60AA8A-6BC0-4F0B-AB04-A96F2709BE48}" = TradeStation 8.0 (Build 1869) "InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard "InstallShield_{50987EA3-6641-4E36-814F-4F2EEE4D12FE}" = ValidMate "InstallShield_{59B847F6-CA9D-4957-89C7-A0CB911FE6CC}" = TradeStation 8.1 (Build 2172) "install-us" = install-us 2007 (Rev.1) "Lexmark 2600 Series" = Lexmark 2600 Series "ListMate Express DEMO" = ListMate Express DEMO 4.81 "ListMate Pro PLATINUM" = ListMate Pro PLATINUM 2.01 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MTReport 4.0" = MTReport 4.0 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NNSTP-2" = NNSTP-2 "OmniCasinoV8" = Omni Casino "PairsTrade Gold Edition" = PairsTrade Gold Edition 1.0 "PC Guard for Win32 V5_is1" = PC Guard for Win32 V5.02.0360 "RealVNC_is1" = VNC Free Edition 4.1.1 "RemoteCapture" = Canon Utilities RemoteCapture 1.3 "Sage Blackjack Shareware" = Sage Blackjack Shareware "SMAP-2" = SMAP-2 "SMAP-3" = SMAP-3 "Smart Defrag_is1" = Smart Defrag 1.11 "ST6UNST #1" = Push-Button Option Trader "Teleport Ultra" = Teleport Ultra (Trial Version) "Trader Workstation 4.0" = Trader Workstation 4.0 "Trellian SEO Toolkit_is1" = Trellian SEO Toolkit v2.0 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Winamp" = Winamp "winbj.exe" = winbj.exe "WinClear_is1" = WinClear v2.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 2 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPoker6" = WinPoker 6 "WinRAR archiver" = WinRAR archiver "winusb0100" = Microsoft WinUsb 1.0 "WinZip Self-Extractor" = WinZip Self-Extractor "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "Yahoo! Messenger" = Yahoo! Messenger "ZoneAlarm" = ZoneAlarm "ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "0362fcd94ca01b7e" = RBet32 "GoToMeeting" = GoToMeeting 4.5.0.457 "Omega Research ProSuite 2000i" = Omega Research ProSuite 2000i ========== Last 10 Event Log Errors ========== [ System Events ] Error - 3/24/2011 7:27:02 PM | Computer Name = N-66I8K7FUN69C1 | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 3/24/2011 7:27:04 PM | Computer Name = N-66I8K7FUN69C1 | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 3/24/2011 7:27:06 PM | Computer Name = N-66I8K7FUN69C1 | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 3/24/2011 7:27:08 PM | Computer Name = N-66I8K7FUN69C1 | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 3/24/2011 7:27:10 PM | Computer Name = N-66I8K7FUN69C1 | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 3/24/2011 8:47:13 PM | Computer Name = N-66I8K7FUN69C1 | Source = Service Control Manager | ID = 7000 Description = The Lexmark X73 MFP Scanner service failed to start due to the following error: %%2 Error - 3/24/2011 8:47:13 PM | Computer Name = N-66I8K7FUN69C1 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect. Error - 3/24/2011 8:47:13 PM | Computer Name = N-66I8K7FUN69C1 | Source = Service Control Manager | ID = 7000 Description = The lxdnCATSCustConnectService service failed to start due to the following error: %%1053 Error - 3/24/2011 8:47:17 PM | Computer Name = N-66I8K7FUN69C1 | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 3/24/2011 8:47:34 PM | Computer Name = N-66I8K7FUN69C1 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd < End of report > Cheers Shawn OTL.Txt Extras.Txt

Thanks for jumping in Starbuck. Well, the ComboFix wouldn't work. It came up with the DOS window and mentioned that it should only take 10 mins (double for badly infected computers)... but it just didn't do anything - I even left it going all night. Any thoughts? Cheers Shawn

Hi Chiaz... are you still with me? :-) Shawn

Very sorry for the long delay Chiaz.. I hope you are still with me! OK, I ran Avenger and attached is the log file. But please note, after I clicked the EXECUTE button, Avenger gave this error message: "Error: Invalid syntax in command: "hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{886dde35-e585-11d0-a707-000000521958}" Skipping line. (Registry value deletion mode) " ... it allowed me to still proceed however. Thanks!! Shawn avenger.txt

Hi Chiaz, sorry for the delay in replying. Okay, I ran Jotti scan for all 4 of those files, however with the "svers.dll" file, it had said it had already scanned it (I guess those 2 files are identical?). Here are 4 links: svers.dll - Jotti's malware scan imscan.dll - Jotti's malware scan svers.dll - Jotti's malware scan svrproxy.exe - Jotti's malware scan Thanks! Shawn

Thanks Chiaz, okay here attached is the log from Panda Activescan. Looks like it found a fair bit of stuff! Thanks! Shawn ActiveScan.txt

Seems to have validated okay guys... I think I'm alright! Thanks for all your help! Shawn

Thanks Chiaz, okay I did that and when OTL was complete, it just said "Processing finished" on its status bar at the bottom - no log file was shown. Then I did a reboot and still no log file appeared. I then looked in the C drive and it had created a folder "_OTL" and in the "Movedfiles" subdirectory there were a couple of log files... I'm not sure if these are the ones you want. I've attached them (I first renamed them to .txt extension so they'd upload here). Thanks! Shawn 10022010_012632.txt 10032010_173236.txt

Tried the Uninstall to get to the "repair" option but it just went right ahead with the uninstall without asking me, lol. Anyway, my sister has a licensed copy of Office 2003 Basic for her computer and she sent me her disc, all is cool! You can close up this thread if you like. Thanks! Shawn

I don't think it ran correctly Chiaz... I noticed the .txt file you sent me had little "boxes" embedded within the text... I'm betting those control characters screwed up the run. The run completed almost immediately, didn't seem like it did anything. Here is the output file: Error: Unable to interpret <:OTL O3 - HKLM\..\Toolbar: (OCDB) - {23BE4004-AC07-45FE-B87F-1782D25C90E5} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (OCDB) - {23BE4004-AC07-45FE-B87F-1782D25C90E5} - Reg Error: Value error. File not found O4 - HKLM..\Run: [] File not found O9 - Extra Button: WH USD Casino - {096CADBA-B4F6-4899-AC65-5BE9C3803037} - C:\Documents and Settings\Moe\Desktop\WH USD Casino.lnk File not found O9 - Extra 'Tools' menuitem : WH USD Casino - {096CADBA-B4F6-4899-AC65-5BE9C3803037} - C:\Documents and Settings\Moe\Desktop\WH USD Casino.lnk File not found O9 - Extra Button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Moe\Desktop\WH GBP Casino.lnk File not found O9 - Extra 'Tools' menuitem : WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Moe\Desktop\WH GBP Casino.lnk File not found O9 - Extra Button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Program Files\Europa Casino\casino.exe File not found O9 - Ex> in the current context! Error: Unable to interpret <tra 'Tools' menuitem : Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Program Files\Europa Casino\casino.exe File not found O9 - Extra Button: Purple Lounge Poker - {701FD202-200A-4bd1-9380-BC8A722B43A5} - C:\Program Files\PurpleloungeMPP\MPPoker.exe File not found O9 - Extra Button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Moe\Desktop\InterCasino $$$.lnk File not found O9 - Extra 'Tools' menuitem : InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Moe\Desktop\InterCasino $$$.lnk File not found O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra Button: 7Sultans Online Casino - {D6058E3E-5DBF-413b-9106-C26ED8DE3566} - C:\Program Files\7sultans\casinogame.exe File not foun> in the current context! Error: Unable to interpret <d O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Value error.)> in the current context! Error: Unable to interpret <O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe (Reg Error: Value error.)> in the current context! Error: Unable to interpret <O16 - DPF: {3253534D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/3/4/F345356C-453F-439C-8977-81149FBF0980/wms9dmo.cab (Reg Error: Value error.)> in the current context! Error: Unable to interpret <O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Value error.)> in the current context! Error: Unable to interpret <O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Value error.)> in the current context! Error: Unable to interpret <O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)> in the current context! Error: Unable to interpret <O16 - DPF: {A104EEFF-DADB-45DC-8A69-26E862666021} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Value error.)> in the current context! OTL by OldTimer - Version 3.2.14.1 log created on 10022010_012632 Thanks! Shawn

Hi Chiaz! Thanks very much for helping me. Okay, I ran the TFC thing and that cleaned out a big pile of old crap - almost 1.5 gigs! Attached are the two log files from the OTL run. Thanks Again! Shawn OTL.Txt Extras.Txt