[Solved] Ad Problems and memory problem.

[Quirkie]

Hi,

 

I have a laptop and it's windowsXP.

I am having problems with what I have believe is adyieldmanager. I get these ads on facebook and some are not so nice. I get these girls wanting to chat and they are not dressed very nice. I am not talking about the regular chat on facebook. These girls are not my friends on there

How do you get rid of adyieldmanager?

 

Also what the virual memory suppose to be set at?

 

 

Thanks for any help

Quirkie

Edited May 21, 2013 by Quirkie

[seedy21]

Hi Quirki

 

Lets run this

 

AdwCleaner

 

 

Please Download Adwcleaner from HERE

 

• Close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• You will be prompted to restart your computer. A text file will open after the restart.
  
• Please post the contents of that logfile with your next reply.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

[Quirkie]

Thank you for replying so quickly.:cool:

Here is the info.

 

 

# AdwCleaner v2.301 - Logfile created 05/21/2013 at 19:50:07

# Updated 16/05/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : deborah dickerson - SUNNIE48

# Boot Mode : Normal

# Running from : C:\Documents and Settings\deborah dickerson\Local Settings\Temporary Internet Files\Content.IE5\3XQW4WC5\AdwCleaner[1].exe

# Option [Delete]

 

***** [services] *****

Stopped & Deleted : CltMngSvc

Stopped & Deleted : DefaultTabSearch

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\END

File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job

Folder Deleted : C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\TempDir

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AGI

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar

Folder Deleted : C:\Documents and Settings\deborah dickerson\Application Data\DefaultTab

Folder Deleted : C:\Documents and Settings\deborah dickerson\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\deborah dickerson\Application Data\SearchProtect

Folder Deleted : C:\Documents and Settings\deborah dickerson\Application Data\SwvUpdater

Folder Deleted : C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\getsavin

Folder Deleted : C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Kiwee Toolbar

Folder Deleted : C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\MixiDJ_V34

Folder Deleted : C:\Program Files\AGI

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\DefaultTab

Folder Deleted : C:\Program Files\DomaIQ Uninstaller

Folder Deleted : C:\Program Files\FunWebProducts

Folder Deleted : C:\Program Files\Iminent

Folder Deleted : C:\Program Files\Kiwee Toolbar

Folder Deleted : C:\Program Files\MixiDJ_V34

Folder Deleted : C:\Program Files\MyWebSearch

Folder Deleted : C:\Program Files\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55B95864-3251-45E9-BB30-1A82589AAFF1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12C9B011-2C73-45B7-9BAA-443D31B5502E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55B95864-3251-45E9-BB30-1A82589AAFF1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\MixiDJ_V34

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{12C9B011-2C73-45B7-9BAA-443D31B5502E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{55B95864-3251-45E9-BB30-1A82589AAFF1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3293216

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298570

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3300237

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\DefaultTab

Key Deleted : HKLM\Software\DomaIQ

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0883D5EA-740D-48BB-A15D-908B24E17223}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA869CD4-62B9-41B2-9EBE-A8EDB00C75CB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MixiDJ_V34 Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55B95864-3251-45E9-BB30-1A82589AAFF1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{12C9B011-2C73-45B7-9BAA-443D31B5502E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V34 Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\Software\MixiDJ_V34

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\Viewpoint

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{55B95864-3251-45E9-BB30-1A82589AAFF1}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{55B95864-3251-45E9-BB30-1A82589AAFF1}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [16852 octets] - [21/05/2013 19:50:07]

########## EOF - C:\AdwCleaner[s1].txt - [16913 octets] ##########

Edited May 22, 2013 by Quirkie

[seedy21]

Hi

 

 

How is your machine running now?

[Quirkie]

Still getting pop up ads because of adyield manager. This happens no matter where I go on the internet.

Also it keeps popping up to update my flash player but I did that

 

Quirkie

[seedy21]

What Internet browser are you using??

 

Lets run another scan

 

Please download Malwarebytes' AntiMalware.

 

Double click mbam-setup.exe to install the application.

 

 

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform Full Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  
• Please post the Log in your next reply.
  

[Quirkie]

Ok here it is

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.22.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

deborah dickerson :: SUNNIE48 [administrator]

Protection: Enabled

5/22/2013 5:27:40 PM

mbam-log-2013-05-22 (17-27-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214230

Time elapsed: 1 hour(s), 39 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[seedy21]

Step 1

 

Click on Start -> Control Panel -> Add/Remove Programs

Uninstall

 

• Yieldmanager
  

Close the Add/Remove Programs and Control Panel

Restart your computer

 

Step 2

 

Use the instructions to remove Yieldmanager add-ons, extensions, plugins, and toolbars. Please note, it may be necessary to search for and remove third-party browser attachments.

[h=5]Google Chrome[/h] 1. Click on the Customize icon (wrench or 3 bar icon) next to the address bar and navigate to Tools > Extensions.

2. Search for the Yieldmanager extension and remove it by clicking the trashcan icon next to them.

[h=5]Mozilla Firefox[/h] 1. Type Ctrl+Shift+A.

2. On the Extensions and Plugin search for the Yieldmanager add-on and remove it.

[h=5]Microsoft Internet Explorer[/h] 1. Click Tools and select Manage add-ons.

2. On the Toolbars and Extensions tab search for the Yieldmanager add-on and remove it if located.

[Quirkie]

I went to the control panel and checked the add/remove program and could not find any yieldmanager or adyieldmanager.

Not sure what to do next.

 

I use Internet explorer 8

 

Quirkie

[seedy21]

hi,

 

I have moved your topic to malware removal.

 

you will need to go here and run the programs asked.

 

http://extremetechsupport.com/threads/10689-Before-posting-for-Malware-Removal-help.

One of the security team will pick this up.

[Quirkie]

OTL logfile created on: 5/23/2013 1:20:39 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

511.23 Mb Total Physical Memory | 129.48 Mb Available Physical Memory | 25.33% Memory free

1009.98 Mb Paging File | 409.82 Mb Available in Paging File | 40.58% Paging File free

Paging file location(s): C:\pagefile.sys 500 900 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.68 Gb Total Space | 11.46 Gb Free Space | 34.01% Space Free | Partition Type: NTFS

 

Computer Name: SUNNIE48 | User Name: deborah dickerson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

PRC - C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe (America Online, Inc.)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()

PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\AVAST Software\Avast\defs\13052300\algo.dll ()

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - C:\Program Files\Dell\QuickSet\quickset.exe ()

MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()

MOD - C:\Program Files\Dell\QuickSet\preflibcl.dll ()

MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

 

 

========== Services (SafeList) ==========

 

SRV - (LVPrcSrv) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe File not found

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (SprintRcAppSvc) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (PCTEL)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (LVUVC) -- system32\DRIVERS\lvuvc.sys File not found

DRV - (LVUSBSta) -- system32\drivers\lvusbsta.sys File not found

DRV - (lvselsus) -- system32\DRIVERS\lvselsus.sys File not found

DRV - (LVPr2Mon) -- system32\drivers\LVPr2Mon.sys File not found

DRV - (lvpopflt) -- system32\DRIVERS\lvpopflt.sys File not found

DRV - (LVMVDrv) -- system32\DRIVERS\LVMVDrv.sys File not found

DRV - (LVcKap) -- system32\DRIVERS\LVcKap.sys File not found

DRV - (lbrtfdc) -- File not found

DRV - (FilterService) -- system32\DRIVERS\lvuvcflt.sys File not found

DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found

DRV - (cpuz134) -- C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found

DRV - (Changer) -- File not found

DRV - (bvrp_pci) -- File not found

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()

DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (SWNC5E00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)

DRV - (swmx00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)

DRV - (swmsflt) -- C:\WINDOWS\system32\drivers\swmsflt.sys ()

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV - (Nmea) -- C:\WINDOWS\system32\drivers\pctnullport.sys (PCTEL Inc.)

DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (PCTEL Inc.)

DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (STAC97) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)

DRV - (O2SCBUS) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{05F11A2D-FE27-48F4-B760-DBBDBA877682}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{29AEF17B-3BC6-49BE-B5DF-9C603F31AE61}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{9854820F-56A2-4A1D-B051-19433C103D26}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{9F25A974-F4E2-4EA6-9FBA-24D3201569AA}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{AD307348-27D8-4DCF-BBC6-FE1DA3691085}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{B8F9C5B7-605F-4B2C-B2A7-73A870E702C2}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{FFF956A9-02CE-4A10-AD91-ED85B757ACC6}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\..\SearchScopes,DefaultScope = {792B769F-16DA-436E-AA21-EE9A1D2F14A4}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{24DA5E9B-B440-4126-966A-4361FDC77CC7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{5613EEC6-5F87-45D1-A582-542225682F74}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{761B00B7-6910-4B18-B6BE-535219F7E115}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{792B769F-16DA-436E-AA21-EE9A1D2F14A4}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3293216&CUI=UN17145137731678026&UM=2

IE - HKCU\..\SearchScopes\{7C1FBE01-F7CE-4BB1-A775-04BB35886F55}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{8B369256-266F-4BDE-A81A-DD9043BC517C}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{967A4989-98CD-4094-978E-ED6A23559A6F}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{97C9D1B2-220C-47F9-A0E7-1A34A2FE29A9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3300024&SearchSource=45&UM=2&q={searchTerms}

IE - HKCU\..\SearchScopes\{D97826FF-2978-4158-A1B9-F3531CBC2970}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

 

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Program Files\FindLyrics\FF\ [2013/05/17 18:49:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lplug@srasoft.net: C:\Program Files\LyricsPlug\FF\ [2013/05/18 11:22:54 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\DownloadTerms\temp.dat ()

O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)

O2 - BHO: (FindLyrics) - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files\FindLyrics\FindLyrics.dll (FindLyrics)

O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Lyrics Plug) - {7575A0EC-3946-4346-8524-24D6DE1FC479} - C:\Program Files\LyricsPlug\lrcsplug.dll (SRA Software)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (GetSavin 5.0) - {7A6BF1E8-E432-476B-A941-8E06D18C06B3} - C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\getsavin\ie\getsavin_1368844201.dll File not found

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll File not found

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found

O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)

O4 - Startup: C:\Documents and Settings\deborah dickerson\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B228D8F7-E434-48E7-AF14-9EBFE150B318}: DhcpNameServer = 192.168.0.1 205.171.3.25

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{834ece70-899c-11db-8996-00038a000015}\Shell - "" = AutoRun

O33 - MountPoints2\{834ece70-899c-11db-8996-00038a000015}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{834ece70-899c-11db-8996-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/05/23 12:17:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.scr

[2013/05/22 17:24:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2013/05/22 16:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/22 16:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\Malwarebytes

[2013/05/22 15:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/05/22 15:12:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/05/22 15:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/05/22 07:54:48 | 000,000,000 | -HSD | C] -- C:\found.000

[2013/05/21 18:34:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2013/05/21 12:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2013/05/21 09:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2013/05/21 09:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2013/05/20 08:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\My Documents\Downloads

[2013/05/19 15:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\WeatherBug

[2013/05/19 15:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\WeatherBug

[2013/05/19 15:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Start Menu\Programs\WeatherBug

[2013/05/19 15:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\AWS

[2013/05/19 13:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Vafmusic2

[2013/05/18 13:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Start Menu\Programs\Torch

[2013/05/18 13:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch

[2013/05/18 12:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\player

[2013/05/18 12:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Real

[2013/05/18 12:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2013/05/18 12:11:25 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2013/05/18 12:03:41 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2013/05/18 12:03:40 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2013/05/18 12:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks

[2013/05/18 12:02:36 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2013/05/18 11:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\real

[2013/05/18 11:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\Real

[2013/05/18 11:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsPlug

[2013/05/18 11:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\The Weather Channel

[2013/05/18 10:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real

[2013/05/18 10:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2013/05/18 10:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2013/05/18 10:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\DownloadTerms

[2013/05/17 20:46:25 | 000,000,000 | ---D | C] -- C:\8b3d6a0c0c9cbdccdf98367e

[2013/05/17 20:33:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin

[2013/05/17 20:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup

[2013/05/17 20:32:06 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin

[2013/05/17 20:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\Strongvault

[2013/05/17 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\LessTabs

[2013/05/17 19:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\xVidly1

[2013/05/17 19:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Temp

[2013/05/17 19:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\CRE

[2013/05/17 19:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\xVidly

[2013/05/17 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\FindLyrics

[2013/05/17 18:48:28 | 000,368,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/05/17 18:48:28 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/05/17 18:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

[2013/05/17 18:48:26 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/05/17 18:48:25 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/05/17 18:48:24 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/05/17 18:48:16 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/05/17 18:48:15 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2013/05/17 18:46:13 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/05/17 18:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/05/17 18:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2013/05/17 18:20:56 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll

[2013/05/17 18:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\Skype

[2013/05/17 18:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2013/05/17 18:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2013/05/17 18:16:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2013/05/17 12:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Qwest

[2013/05/17 12:39:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS

[2013/05/17 12:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode

[2013/05/17 12:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Xenocode

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/05/23 13:36:21 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/05/23 13:20:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.scr

[2013/05/23 12:00:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2013/05/23 11:13:33 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\Lyrics Plug Update.job

[2013/05/23 11:01:57 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\deborah dickerson\Application Data\QSWWShare

[2013/05/23 11:00:47 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FindLyrics Update.job

[2013/05/23 11:00:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/05/23 10:58:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/05/23 10:58:05 | 536,129,536 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/22 15:12:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/22 15:00:41 | 000,000,162 | ---- | M] () -- C:\WINDOWS\Reimage.ini

[2013/05/20 13:36:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/05/20 12:10:24 | 000,085,397 | ---- | M] () -- C:\WINDOWS\unins000.dat

[2013/05/20 11:59:02 | 001,169,609 | ---- | M] () -- C:\WINDOWS\unins000.exe

[2013/05/19 22:02:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog

[2013/05/19 17:50:47 | 000,703,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/05/19 17:50:46 | 000,159,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/05/18 12:24:17 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk

[2013/05/18 12:11:26 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2013/05/18 12:03:43 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2013/05/18 12:03:40 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2013/05/18 12:02:37 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2013/05/18 07:50:37 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/05/17 22:57:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/05/17 19:32:42 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite

[2013/05/17 18:48:30 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/05/17 18:16:46 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/05/17 18:04:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/05/09 01:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/05/09 01:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/05/09 01:59:10 | 000,174,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/05/09 01:59:10 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/05/09 01:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/05/09 01:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/05/09 01:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/05/09 01:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2013/05/06 21:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/05/22 15:44:16 | 536,129,536 | -HS- | C] () -- C:\hiberfil.sys

[2013/05/22 15:12:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/21 18:30:17 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini

[2013/05/20 12:57:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Start Menu\Programs\Internet Explorer (2).lnk

[2013/05/20 12:09:34 | 001,169,609 | ---- | C] () -- C:\WINDOWS\unins000.exe

[2013/05/20 12:09:34 | 000,085,397 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2013/05/20 08:19:00 | 000,348,546 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\My Documents\Sophie%203.bmp

[2013/05/19 14:18:34 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog

[2013/05/18 22:04:34 | 000,209,454 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1972669639-3560608179-232164778-1006-0.dat

[2013/05/18 22:04:28 | 000,209,454 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2013/05/18 13:37:55 | 000,001,137 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Start Menu\Programs\Torch.lnk

[2013/05/18 12:24:17 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk

[2013/05/18 11:23:52 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\Lyrics Plug Update.job

[2013/05/17 19:32:42 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite

[2013/05/17 18:49:43 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\FindLyrics Update.job

[2013/05/17 18:48:30 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/05/17 18:48:23 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/05/17 18:48:21 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/05/17 18:48:21 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/05/17 18:16:46 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/05/17 17:19:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2013/05/17 17:19:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2011/08/12 14:23:58 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\.recently-used.xbel

[2011/07/03 23:16:50 | 000,049,040 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2008/01/13 11:50:57 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/09/07 10:36:37 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\presets.ini

[2006/12/10 01:35:01 | 000,004,820 | ---- | C] () -- C:\Program Files\CAMUNWISE.INI

[2006/03/04 12:33:50 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\fusioncache.dat

[2006/01/23 06:46:51 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Application Data\PFP120JPR.{PB

[2006/01/23 06:46:51 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Application Data\PFP120JCM.{PB

[2006/01/10 00:24:47 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/01/03 17:34:39 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Application Data\QSWWShare

[2005/12/26 11:48:02 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

 

========== ZeroAccess Check ==========

 

[2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/05/17 18:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2013/05/21 18:34:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2013/05/17 12:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest

[2007/03/01 20:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems

[2009/11/04 09:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint

[2013/05/18 17:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup

[2007/11/26 09:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2013/05/18 10:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/06/19 21:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/11/04 23:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2006/02/10 14:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\acccore

[2010/05/15 12:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\DreamChess

[2010/06/07 19:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\Enigma

[2011/03/21 00:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\Hoyle

[2010/05/05 15:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\Hoyle FaceCreator

[2006/01/12 21:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\Leadertech

[2010/05/14 22:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\OpenOffice.org

[2013/05/20 08:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\player

[2005/06/29 09:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\Sierra Wireless

[2011/05/09 22:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\Sprint

[2013/05/18 17:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\Strongvault

[2013/05/19 15:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\WeatherBug

[2006/05/19 13:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\Webshots

[2010/07/02 17:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deborah dickerson\Application Data\Windows Live Writer

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

========== Drive Information ==========

 

Physical Drives

---------------

 

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media

Interface type: IDE

Media Type: Fixed\thard disk media

Model: ST9408114A

Partitions: 3

Status: OK

Status Info: 0

 

Partitions

---------------

 

DeviceID: Disk #0, Partition #0

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 47.00MB

Starting Offset: 32256

Hidden sectors: 0

 

 

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 34.00GB

Starting Offset: 49351680

Hidden sectors: 0

 

 

DeviceID: Disk #0, Partition #2

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 4.00GB

Starting Offset: 36215907840

Hidden sectors: 0

 

 

< %SYSTEMDRIVE%\*.* >

[2013/05/21 19:51:24 | 000,016,983 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2011/03/20 23:06:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2005/12/26 11:29:20 | 000,005,502 | RH-- | M] () -- C:\dell.sdr

[2010/09/23 20:12:19 | 000,188,817 | ---- | M] () -- C:\drivers.log

[2010/07/04 00:08:56 | 000,000,061 | ---- | M] () -- C:\DVDPATH.TXT

[2013/05/17 19:32:42 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite

[2013/05/23 13:18:22 | 000,050,978 | ---- | M] () -- C:\Extras.Txt

[2013/05/23 10:58:05 | 536,129,536 | -HS- | M] () -- C:\hiberfil.sys

[2006/05/27 17:00:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS

[2008/02/04 17:12:30 | 000,010,223 | ---- | M] () -- C:\lvcoinst.log

[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/05/13 09:55:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2013/05/23 13:20:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.scr

[2013/05/23 13:17:42 | 000,093,630 | ---- | M] () -- C:\OTL.Txt

[2013/05/23 13:09:22 | 553,648,128 | -HS- | M] () -- C:\pagefile.sys

[2008/02/04 17:13:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2009/11/04 08:50:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2007/12/07 23:12:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm

[2007/12/08 10:28:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2007/12/08 12:06:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2007/12/08 13:31:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2007/12/31 06:37:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2008/01/02 08:30:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2008/01/02 11:39:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2008/01/02 14:01:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2008/01/02 15:34:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2008/01/03 10:30:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm

[2008/01/03 10:58:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm

[2008/01/03 20:09:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2008/01/04 19:40:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2008/01/07 15:57:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm

[2008/01/09 07:54:05 | 000,000,172 | -H-- | M] () -- C:\sqmdata16.sqm

[2008/02/04 15:19:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm

[2008/02/04 16:14:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2008/02/04 16:27:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2008/02/04 17:13:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2009/11/04 08:50:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2007/12/07 23:12:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2007/12/08 10:28:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2007/12/08 12:06:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2007/12/08 13:31:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2007/12/31 06:37:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2008/01/02 08:30:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2008/01/02 11:39:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2008/01/02 14:01:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2008/01/02 15:34:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2008/01/03 10:30:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2008/01/03 10:58:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2008/01/03 20:09:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2008/01/04 19:40:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2008/01/07 15:57:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2008/01/09 07:54:05 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2008/02/04 15:19:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2008/02/04 16:14:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2008/02/04 16:27:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2005/12/26 11:56:58 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

[2005/07/01 23:05:29 | 002,973,920 | ---- | M] (Trend Micro Inc.) -- C:\TTi_3_DELL_Trial30.exe

[2013/05/18 21:08:10 | 000,000,162 | ---- | M] () -- C:\YServer.txt

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\System32\config\*.sav >

[2004/08/10 11:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/08/10 11:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/08/10 11:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %PROGRAMFILES%\* >

[1999/08/13 04:00:00 | 000,004,820 | ---- | M] () -- C:\Program Files\CAMUNWISE.INI

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2004/09/01 10:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2004/09/01 10:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2004/09/01 10:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2004/09/01 10:56:34 | 000,038,000 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\AOLExplorer.exe\shell\open\command\\: "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/browserapp [2005/11/02 20:01:14 | 000,050,792 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/04/13 04:59:14 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/04/13 04:59:14 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/04/13 04:59:14 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 12:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 12:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\torch.exe\shell\open\command\\: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch.UDHF3SDEVE7KX4PK3KAX4RWC34\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" --make-default-browser [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch.UDHF3SDEVE7KX4PK3KAX4RWC34\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" --hide-icons [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch.UDHF3SDEVE7KX4PK3KAX4RWC34\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" --show-icons [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch.UDHF3SDEVE7KX4PK3KAX4RWC34\shell\open\command\\: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2004/09/01 10:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2004/09/01 10:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2004/09/01 10:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2004/09/01 10:56:34 | 000,038,000 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\AOLExplorer.exe\shell\open\command\\: "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/browserapp [2005/11/02 20:01:14 | 000,050,792 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/04/13 04:59:14 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/04/13 04:59:14 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/04/13 04:59:14 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 12:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 12:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\torch.exe\shell\open\command\\: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch.UDHF3SDEVE7KX4PK3KAX4RWC34\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" --make-default-browser [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch.UDHF3SDEVE7KX4PK3KAX4RWC34\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" --hide-icons [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch.UDHF3SDEVE7KX4PK3KAX4RWC34\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" --show-icons [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Torch.UDHF3SDEVE7KX4PK3KAX4RWC34\shell\open\command\\: "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Application\torch.exe" [2013/05/12 06:54:33 | 001,377,120 | ---- | M] (Torch Media Inc.)

< End of report >

[Quirkie]

OTL Extras logfile created on: 5/23/2013 12:19:01 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

511.23 Mb Total Physical Memory | 69.68 Mb Available Physical Memory | 13.63% Memory free

1.01 Gb Paging File | 0.26 Gb Available in Paging File | 25.35% Paging File free

Paging file location(s): C:\pagefile.sys 500 900 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.68 Gb Total Space | 11.44 Gb Free Space | 33.96% Space Free | Partition Type: NTFS

 

Computer Name: SUNNIE48 | User Name: deborah dickerson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent -- (Torch Media Inc.)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\1139456480\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1139456480\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Documents and Settings\deborah dickerson\Application Data\U3\0000174F8861087A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Documents and Settings\deborah dickerson\Application Data\U3\0000174F8861087A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent -- (Torch Media Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}" = Sprint SmartView

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers

"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5

"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal

"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU

"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety

"{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}" = WeatherBug

"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0

"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"All ATI Software" = ATI - Software Uninstall Utility

"AOL Connectivity Services" = AOL Connectivity Services

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"ATI Display Driver" = ATI Display Driver

"avast" = avast! Free Antivirus

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"Dell Game Console" = Dell Game Console

"DreamChess" = DreamChess 0.2.0

"findlyrics@findlyrics.co" = FindLyrics

"GetSavin" = GetSavin

"GNU Backgammon_is1" = GNU Backgammon 0.15-stable (20061119 code)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"LessTabs" = LessTabs

"lplug@srasoft.net" = Lyrics Plug

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Norton Spyware Scan provided by Yahoo!" = Norton Spyware Scan provided by Yahoo!

"Paint Shop Pro 6.0" = Paint Shop Pro 6.0 (CD-ROM)

"Paint Shop Pro Digital Camera Support" = Paint Shop Pro 6 Digital Camera Support

"Palace" = Palace Uninstall

"RealPlayer 16.0" = RealPlayer

"StreetPlugin" = Learn2 Player (Uninstall Only)

"Video Downloader_is1" = Video Downloader version 2.0

"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell

"WIC" = Windows Imaging Component

"WildTangent CDA" = WildTangent Web Driver

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.6

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DownloadTerms" = DownloadTerms

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

"Torch" = Torch

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 7/12/2005 9:27:46 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:37:18 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:37:20 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:37:20 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:37:22 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:49:59 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:01 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:14 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:14 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:26 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

[ System Events ]

Error - 5/23/2013 10:48:34 AM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

 

Error - 5/23/2013 10:51:03 AM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 5/23/2013 10:51:03 AM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

Error - 5/23/2013 10:51:20 AM | Computer Name = SUNNIE48 | Source = DCOM | ID = 10010

Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register

with DCOM within the required timeout.

 

Error - 5/23/2013 12:30:44 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

 

Error - 5/23/2013 12:32:08 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 5/23/2013 12:32:08 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

Error - 5/23/2013 1:58:25 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

 

Error - 5/23/2013 2:00:13 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 5/23/2013 2:00:13 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

 

< End of report >

[Starbuck]

Hi Quirkie

 

I wondered how long it would be before i saw an infected system that was using this Torch browser...... mmm not very long.

This Torch browser isn't all it's cracked up to be and basically does nothing that you can't do without it.

The fact that it includes a Torrent makes it totally unacceptable.

 

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

 

Torch

LessTabs

FindLyrics

Lyrics Plug

These are all potentially unwanted programs (PUP's) and will cause browser problems.

 

There are other entries we need to deal with in the OTL report, but remove these first and then we can deal with what is left.

After removing these programs please run another OTL scan using the instructions below:

 

Double click on OTL to run it.

• Under Extra Registry section, select Use SafeList.
  
• Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

 

Thanks

[Quirkie]

Ok, I got rid of all those programs and did the OTL scan

 

 

OOTL logfile created on: 5/24/2013 2:23:31 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\deborah dickerson\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

511.23 Mb Total Physical Memory | 63.36 Mb Available Physical Memory | 12.39% Memory free

1.19 Gb Paging File | 0.56 Gb Available in Paging File | 46.96% Paging File free

Paging file location(s): C:\pagefile.sys 500 900 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.68 Gb Total Space | 11.56 Gb Free Space | 34.31% Space Free | Partition Type: NTFS

 

Computer Name: SUNNIE48 | User Name: deborah dickerson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\deborah dickerson\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

PRC - C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe (America Online, Inc.)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()

PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\AVAST Software\Avast\defs\13052400\algo.dll ()

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - C:\Program Files\Dell\QuickSet\quickset.exe ()

MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()

MOD - C:\Program Files\Dell\QuickSet\preflibcl.dll ()

MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

 

 

========== Services (SafeList) ==========

 

SRV - (LVPrcSrv) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe File not found

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (SprintRcAppSvc) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (PCTEL)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (LVUVC) -- system32\DRIVERS\lvuvc.sys File not found

DRV - (LVUSBSta) -- system32\drivers\lvusbsta.sys File not found

DRV - (lvselsus) -- system32\DRIVERS\lvselsus.sys File not found

DRV - (LVPr2Mon) -- system32\drivers\LVPr2Mon.sys File not found

DRV - (lvpopflt) -- system32\DRIVERS\lvpopflt.sys File not found

DRV - (LVMVDrv) -- system32\DRIVERS\LVMVDrv.sys File not found

DRV - (LVcKap) -- system32\DRIVERS\LVcKap.sys File not found

DRV - (lbrtfdc) -- File not found

DRV - (FilterService) -- system32\DRIVERS\lvuvcflt.sys File not found

DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found

DRV - (cpuz134) -- C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found

DRV - (Changer) -- File not found

DRV - (bvrp_pci) -- File not found

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()

DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (SWNC5E00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)

DRV - (swmx00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)

DRV - (swmsflt) -- C:\WINDOWS\system32\drivers\swmsflt.sys ()

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV - (Nmea) -- C:\WINDOWS\system32\drivers\pctnullport.sys (PCTEL Inc.)

DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (PCTEL Inc.)

DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (STAC97) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)

DRV - (O2SCBUS) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{05F11A2D-FE27-48F4-B760-DBBDBA877682}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{29AEF17B-3BC6-49BE-B5DF-9C603F31AE61}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{9854820F-56A2-4A1D-B051-19433C103D26}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{9F25A974-F4E2-4EA6-9FBA-24D3201569AA}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{AD307348-27D8-4DCF-BBC6-FE1DA3691085}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{B8F9C5B7-605F-4B2C-B2A7-73A870E702C2}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{FFF956A9-02CE-4A10-AD91-ED85B757ACC6}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\..\SearchScopes,DefaultScope = {792B769F-16DA-436E-AA21-EE9A1D2F14A4}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{24DA5E9B-B440-4126-966A-4361FDC77CC7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{5613EEC6-5F87-45D1-A582-542225682F74}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{761B00B7-6910-4B18-B6BE-535219F7E115}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{792B769F-16DA-436E-AA21-EE9A1D2F14A4}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3293216&CUI=UN17145137731678026&UM=2

IE - HKCU\..\SearchScopes\{7C1FBE01-F7CE-4BB1-A775-04BB35886F55}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{8B369256-266F-4BDE-A81A-DD9043BC517C}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{967A4989-98CD-4094-978E-ED6A23559A6F}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c

IE - HKCU\..\SearchScopes\{97C9D1B2-220C-47F9-A0E7-1A34A2FE29A9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3300024&SearchSource=45&UM=2&q={searchTerms}

IE - HKCU\..\SearchScopes\{D97826FF-2978-4158-A1B9-F3531CBC2970}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

 

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricson@lyricson.net: C:\Program Files\LyricsOn\FF\ [2013/05/24 07:42:09 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\DownloadTerms\temp.dat ()

O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Lyrics On) - {73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - C:\Program Files\LyricsOn\lrcson.dll (Cisum Software)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (GetSavin 5.0) - {7A6BF1E8-E432-476B-A941-8E06D18C06B3} - C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\getsavin\ie\getsavin_1368844201.dll File not found

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll File not found

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found

O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)

O4 - Startup: C:\Documents and Settings\deborah dickerson\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B228D8F7-E434-48E7-AF14-9EBFE150B318}: DhcpNameServer = 192.168.0.1 205.171.3.25

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{834ece70-899c-11db-8996-00038a000015}\Shell - "" = AutoRun

O33 - MountPoints2\{834ece70-899c-11db-8996-00038a000015}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{834ece70-899c-11db-8996-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/05/24 14:19:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deborah dickerson\Desktop\OTL.scr

[2013/05/24 10:21:09 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/05/24 08:28:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2013/05/24 07:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsOn

[2013/05/23 12:17:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.scr

[2013/05/22 17:24:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2013/05/22 16:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/22 16:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\Malwarebytes

[2013/05/22 15:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/05/22 15:12:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/05/22 15:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/05/22 07:54:48 | 000,000,000 | -HSD | C] -- C:\found.000

[2013/05/21 18:34:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2013/05/21 12:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2013/05/21 09:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2013/05/21 09:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2013/05/19 15:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\WeatherBug

[2013/05/19 15:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\WeatherBug

[2013/05/19 15:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Start Menu\Programs\WeatherBug

[2013/05/19 15:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\AWS

[2013/05/19 13:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Vafmusic2

[2013/05/18 12:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\player

[2013/05/18 12:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Real

[2013/05/18 12:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2013/05/18 12:11:25 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2013/05/18 12:03:41 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2013/05/18 12:03:40 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2013/05/18 12:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks

[2013/05/18 12:02:36 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2013/05/18 11:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\real

[2013/05/18 11:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\Real

[2013/05/18 11:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\The Weather Channel

[2013/05/18 10:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real

[2013/05/18 10:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2013/05/18 10:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2013/05/18 10:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\DownloadTerms

[2013/05/17 20:46:25 | 000,000,000 | ---D | C] -- C:\8b3d6a0c0c9cbdccdf98367e

[2013/05/17 20:33:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin

[2013/05/17 20:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup

[2013/05/17 20:32:06 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin

[2013/05/17 20:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\Strongvault

[2013/05/17 19:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\xVidly1

[2013/05/17 19:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Temp

[2013/05/17 19:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\CRE

[2013/05/17 19:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\xVidly

[2013/05/17 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\FindLyrics

[2013/05/17 18:48:28 | 000,368,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/05/17 18:48:28 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/05/17 18:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

[2013/05/17 18:48:26 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/05/17 18:48:25 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/05/17 18:48:24 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/05/17 18:48:16 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/05/17 18:48:15 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2013/05/17 18:46:13 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/05/17 18:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/05/17 18:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2013/05/17 18:20:56 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll

[2013/05/17 18:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Application Data\Skype

[2013/05/17 18:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2013/05/17 18:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2013/05/17 18:16:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2013/05/17 12:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Qwest

[2013/05/17 12:39:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS

[2013/05/17 12:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode

[2013/05/17 12:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\Xenocode

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/05/24 14:23:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/05/24 14:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deborah dickerson\Desktop\OTL.scr

[2013/05/24 13:36:30 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/05/24 10:21:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/05/24 10:21:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/05/24 07:43:07 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Lyrics On Update.job

[2013/05/24 07:34:28 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\deborah dickerson\Application Data\QSWWShare

[2013/05/24 07:34:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/05/24 07:33:59 | 536,129,536 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/23 13:20:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.scr

[2013/05/23 12:00:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2013/05/23 11:00:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/05/22 15:12:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/22 15:00:41 | 000,000,162 | ---- | M] () -- C:\WINDOWS\Reimage.ini

[2013/05/20 13:36:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/05/20 12:10:24 | 000,085,397 | ---- | M] () -- C:\WINDOWS\unins000.dat

[2013/05/20 11:59:02 | 001,169,609 | ---- | M] () -- C:\WINDOWS\unins000.exe

[2013/05/19 22:02:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog

[2013/05/19 17:50:47 | 000,703,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/05/19 17:50:46 | 000,159,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/05/18 12:24:17 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk

[2013/05/18 12:11:26 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2013/05/18 12:03:43 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2013/05/18 12:03:40 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2013/05/18 12:02:37 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2013/05/18 07:50:37 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/05/17 22:57:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/05/17 19:32:42 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite

[2013/05/17 18:48:30 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/05/17 18:16:46 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/05/17 18:04:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/05/09 01:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/05/09 01:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/05/09 01:59:10 | 000,174,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/05/09 01:59:10 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/05/09 01:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/05/09 01:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/05/09 01:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/05/09 01:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2013/05/06 21:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/05/24 10:21:19 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/05/24 07:43:07 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\Lyrics On Update.job

[2013/05/22 15:44:16 | 536,129,536 | -HS- | C] () -- C:\hiberfil.sys

[2013/05/22 15:12:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/21 18:30:17 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini

[2013/05/20 12:57:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Start Menu\Programs\Internet Explorer (2).lnk

[2013/05/20 12:09:34 | 001,169,609 | ---- | C] () -- C:\WINDOWS\unins000.exe

[2013/05/20 12:09:34 | 000,085,397 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2013/05/19 14:18:34 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog

[2013/05/18 22:04:34 | 000,209,454 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1972669639-3560608179-232164778-1006-0.dat

[2013/05/18 22:04:28 | 000,209,454 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2013/05/18 12:24:17 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk

[2013/05/17 19:32:42 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite

[2013/05/17 18:48:30 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/05/17 18:48:23 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/05/17 18:48:21 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/05/17 18:48:21 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/05/17 18:16:46 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/05/17 17:19:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2013/05/17 17:19:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2011/08/12 14:23:58 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\.recently-used.xbel

[2011/07/03 23:16:50 | 000,049,040 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2008/01/13 11:50:57 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/09/07 10:36:37 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\presets.ini

[2006/12/10 01:35:01 | 000,004,820 | ---- | C] () -- C:\Program Files\CAMUNWISE.INI

[2006/03/04 12:33:50 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\fusioncache.dat

[2006/01/23 06:46:51 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Application Data\PFP120JPR.{PB

[2006/01/23 06:46:51 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Application Data\PFP120JCM.{PB

[2006/01/10 00:24:47 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/01/03 17:34:39 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\deborah dickerson\Application Data\QSWWShare

[2005/12/26 11:48:02 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

 

========== ZeroAccess Check ==========

 

[2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

< End of report >

[Quirkie]

OTL Extras logfile created on: 5/24/2013 2:23:31 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\deborah dickerson\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

511.23 Mb Total Physical Memory | 63.36 Mb Available Physical Memory | 12.39% Memory free

1.19 Gb Paging File | 0.56 Gb Available in Paging File | 46.96% Paging File free

Paging file location(s): C:\pagefile.sys 500 900 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.68 Gb Total Space | 11.56 Gb Free Space | 34.31% Space Free | Partition Type: NTFS

 

Computer Name: SUNNIE48 | User Name: deborah dickerson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\1139456480\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1139456480\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Documents and Settings\deborah dickerson\Application Data\U3\0000174F8861087A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Documents and Settings\deborah dickerson\Application Data\U3\0000174F8861087A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}" = Sprint SmartView

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers

"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5

"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal

"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU

"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety

"{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}" = WeatherBug

"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0

"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"All ATI Software" = ATI - Software Uninstall Utility

"AOL Connectivity Services" = AOL Connectivity Services

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"ATI Display Driver" = ATI Display Driver

"avast" = avast! Free Antivirus

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"Dell Game Console" = Dell Game Console

"DreamChess" = DreamChess 0.2.0

"GetSavin" = GetSavin

"GNU Backgammon_is1" = GNU Backgammon 0.15-stable (20061119 code)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"lyricson@lyricson.net" = Lyrics On

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Norton Spyware Scan provided by Yahoo!" = Norton Spyware Scan provided by Yahoo!

"Paint Shop Pro 6.0" = Paint Shop Pro 6.0 (CD-ROM)

"Paint Shop Pro Digital Camera Support" = Paint Shop Pro 6 Digital Camera Support

"Palace" = Palace Uninstall

"RealPlayer 16.0" = RealPlayer

"StreetPlugin" = Learn2 Player (Uninstall Only)

"Video Downloader_is1" = Video Downloader version 2.0

"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell

"WIC" = Windows Imaging Component

"WildTangent CDA" = WildTangent Web Driver

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.6

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DownloadTerms" = DownloadTerms

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 7/12/2005 9:37:20 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:37:20 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:37:22 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:49:59 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:01 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:14 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:14 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:26 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:26 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 11:24:21 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

[ System Events ]

Error - 5/23/2013 12:30:44 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

 

Error - 5/23/2013 12:32:08 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 5/23/2013 12:32:08 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

Error - 5/23/2013 1:58:25 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

 

Error - 5/23/2013 2:00:13 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 5/23/2013 2:00:13 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

Error - 5/24/2013 10:34:44 AM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

 

Error - 5/24/2013 10:38:15 AM | Computer Name = SUNNIE48 | Source = DCOM | ID = 10010

Description = The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register

with DCOM within the required timeout.

 

Error - 5/24/2013 10:38:22 AM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 5/24/2013 10:38:22 AM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

 

< End of report >

[Starbuck]

Hi Quirkie

 

Thanks for that.

 

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

 

 

Step 2

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
SRV - (LVPrcSrv) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
DRV - (LVUVC) -- system32\DRIVERS\lvuvc.sys File not found
DRV - (LVUSBSta) -- system32\drivers\lvusbsta.sys File not found
DRV - (lvselsus) -- system32\DRIVERS\lvselsus.sys File not found
DRV - (LVPr2Mon) -- system32\drivers\LVPr2Mon.sys File not found
DRV - (lvpopflt) -- system32\DRIVERS\lvpopflt.sys File not found
DRV - (LVMVDrv) -- system32\DRIVERS\LVMVDrv.sys File not found
DRV - (LVcKap) -- system32\DRIVERS\LVcKap.sys File not found
DRV - (FilterService) -- system32\DRIVERS\lvuvcflt.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (cpuz134) -- C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\cpuz134\cpuz134 _x32.sys File not found
IE - HKCU\..\SearchScopes\{792B769F-16DA-436E-AA21-EE9A1D2F14A4}: "URL" = http://search.conduit.com/ResultsExt...731678026&UM=2
IE - HKCU\..\SearchScopes\{97C9D1B2-220C-47F9-A0E7-1A34A2FE29A9}: "URL" = http://search.conduit.com/Results.as...q={searchTerms}
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\lyricson@lyricson.net: C:\Program Files\LyricsOn\FF\ [2013/05/24 07:42:09 | 000,000,000 | ---D | M]
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\DownloadTerms\temp.dat ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Lyrics On) - {73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - C:\Program Files\LyricsOn\lrcson.dll (Cisum Software)
O2 - BHO: (GetSavin 5.0) - {7A6BF1E8-E432-476B-A941-8E06D18C06B3} - C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\getsavin\ie\getsavin_1368844201.dll File not found
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
[2013/05/24 07:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsOn
[2013/05/17 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\FindLyrics
[2013/05/24 07:43:07 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\Lyrics On Update.job

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

Step 3

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) 7 Update 21 and save it to your desktop.
  
• Scroll down to where it says "Java SE 7 Update 21".
  
• Click the "Download JRE" button.
  
• Accept the license agreement.
  
• select 'Windows x86'offline from the list.
  
• Save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  .
  Java™ 6 Update 17
  J2SE Runtime Environment 5.0 Update 6
  J2SE Runtime Environment 5.0 Update 9
  Java™ 6 Update 7
  Java 2 Runtime Environment, SE v1.4.2_03
  .
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on downloaded icon to install the newest version.

 

 

In your next reply, please submit:

JRT report

Otl fix report

 

 

Thanks.

[Quirkie]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by deborah dickerson on Sat 05/25/2013 at 9:28:49.64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{792B769F-16DA-436E-AA21-EE9A1D2F14A4}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{97C9D1B2-220C-47F9-A0E7-1A34A2FE29A9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D97826FF-2978-4158-A1B9-F3531CBC2970}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9854820F-56A2-4A1D-B051-19433C103D26}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"

Successfully deleted: [Folder] "C:\Documents and Settings\deborah dickerson\Application Data\strongvault"

Successfully deleted: [Folder] "C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\downloadterms"

Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"

Successfully deleted: [Folder] "C:\ai_recyclebin"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 05/25/2013 at 9:44:10.75

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Quirkie]

========== OTL ==========

Service LVPrcSrv stopped successfully!

Service LVPrcSrv deleted successfully!

File c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe File not found not found.

Service HidServ stopped successfully!

Service HidServ deleted successfully!

File %SystemRoot%\System32\hidserv.dll File not found not found.

Service AppMgmt stopped successfully!

Service AppMgmt deleted successfully!

File %SystemRoot%\System32\appmgmts.dll File not found not found.

Service LVUVC stopped successfully!

Service LVUVC deleted successfully!

File system32\DRIVERS\lvuvc.sys File not found not found.

Service LVUSBSta stopped successfully!

Service LVUSBSta deleted successfully!

File system32\drivers\lvusbsta.sys File not found not found.

Service lvselsus stopped successfully!

Service lvselsus deleted successfully!

File system32\DRIVERS\lvselsus.sys File not found not found.

Service LVPr2Mon stopped successfully!

Service LVPr2Mon deleted successfully!

File system32\drivers\LVPr2Mon.sys File not found not found.

Service lvpopflt stopped successfully!

Service lvpopflt deleted successfully!

File system32\DRIVERS\lvpopflt.sys File not found not found.

Service LVMVDrv stopped successfully!

Service LVMVDrv deleted successfully!

File system32\DRIVERS\LVMVDrv.sys File not found not found.

Service LVcKap stopped successfully!

Service LVcKap deleted successfully!

File system32\DRIVERS\LVcKap.sys File not found not found.

Service FilterService stopped successfully!

Service FilterService deleted successfully!

File system32\DRIVERS\lvuvcflt.sys File not found not found.

Service esgiguard stopped successfully!

Service esgiguard deleted successfully!

File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.

Service cpuz134 stopped successfully!

Service cpuz134 deleted successfully!

File C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\cpuz134\cpuz134 _x32.sys File not found not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{792B769F-16DA-436E-AA21-EE9A1D2F14A4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{792B769F-16DA-436E-AA21-EE9A1D2F14A4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97C9D1B2-220C-47F9-A0E7-1A34A2FE29A9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97C9D1B2-220C-47F9-A0E7-1A34A2FE29A9}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons not found.

File C:\Program Files\LyricsOn\FF\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.

File C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\DownloadTerms\temp.dat not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

 

OTL by OldTimer - Version 3.2.69.0 log created on 05252013_095246

[Starbuck]

Hi Quirkie

 

The OTL fix report seems to have been cut off.

There should be more than that.

Take a look here and see if the full report is there:

C:\_OTL\MovedFiles

 

Also, how is the system running now?

[Quirkie]

========== OTL ==========

Service LVPrcSrv stopped successfully!

Service LVPrcSrv deleted successfully!

File c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe File not found not found.

Service HidServ stopped successfully!

Service HidServ deleted successfully!

File %SystemRoot%\System32\hidserv.dll File not found not found.

Service AppMgmt stopped successfully!

Service AppMgmt deleted successfully!

File %SystemRoot%\System32\appmgmts.dll File not found not found.

Service LVUVC stopped successfully!

Service LVUVC deleted successfully!

File system32\DRIVERS\lvuvc.sys File not found not found.

Service LVUSBSta stopped successfully!

Service LVUSBSta deleted successfully!

File system32\drivers\lvusbsta.sys File not found not found.

Service lvselsus stopped successfully!

Service lvselsus deleted successfully!

File system32\DRIVERS\lvselsus.sys File not found not found.

Service LVPr2Mon stopped successfully!

Service LVPr2Mon deleted successfully!

File system32\drivers\LVPr2Mon.sys File not found not found.

Service lvpopflt stopped successfully!

Service lvpopflt deleted successfully!

File system32\DRIVERS\lvpopflt.sys File not found not found.

Service LVMVDrv stopped successfully!

Service LVMVDrv deleted successfully!

File system32\DRIVERS\LVMVDrv.sys File not found not found.

Service LVcKap stopped successfully!

Service LVcKap deleted successfully!

File system32\DRIVERS\LVcKap.sys File not found not found.

Service FilterService stopped successfully!

Service FilterService deleted successfully!

File system32\DRIVERS\lvuvcflt.sys File not found not found.

Service esgiguard stopped successfully!

Service esgiguard deleted successfully!

File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.

Service cpuz134 stopped successfully!

Service cpuz134 deleted successfully!

File C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\cpuz134\cpuz134 _x32.sys File not found not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{792B769F-16DA-436E-AA21-EE9A1D2F14A4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{792B769F-16DA-436E-AA21-EE9A1D2F14A4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97C9D1B2-220C-47F9-A0E7-1A34A2FE29A9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97C9D1B2-220C-47F9-A0E7-1A34A2FE29A9}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons not found.

File C:\Program Files\LyricsOn\FF\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.

File C:\Documents and Settings\deborah dickerson\Local Settings\Application Data\DownloadTerms\temp.dat not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

 

OTL by OldTimer - Version 3.2.69.0 log created on 05252013_095246

 

 

 

 

 

 

 

 

My sysytem is running good. No more pop up ads:)

 

Thank you

Quirkie

Edited May 26, 2013 by Quirkie

[Starbuck]

My system is running good. No more pop up ads

That's good to hear.

Please see my PM.

 

Thanks

[Quirkie]

OTL Extras logfile created on: 5/24/2013 2:23:31 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\deborah dickerson\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

511.23 Mb Total Physical Memory | 63.36 Mb Available Physical Memory | 12.39% Memory free

1.19 Gb Paging File | 0.56 Gb Available in Paging File | 46.96% Paging File free

Paging file location(s): C:\pagefile.sys 500 900 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.68 Gb Total Space | 11.56 Gb Free Space | 34.31% Space Free | Partition Type: NTFS

 

Computer Name: SUNNIE48 | User Name: deborah dickerson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1139456480\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\1139456480\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1139456480\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Documents and Settings\deborah dickerson\Application Data\U3\0000174F8861087A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Documents and Settings\deborah dickerson\Application Data\U3\0000174F8861087A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}" = Sprint SmartView

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers

"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5

"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal

"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU

"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety

"{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}" = WeatherBug

"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0

"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"All ATI Software" = ATI - Software Uninstall Utility

"AOL Connectivity Services" = AOL Connectivity Services

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"ATI Display Driver" = ATI Display Driver

"avast" = avast! Free Antivirus

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"Dell Game Console" = Dell Game Console

"DreamChess" = DreamChess 0.2.0

"GetSavin" = GetSavin

"GNU Backgammon_is1" = GNU Backgammon 0.15-stable (20061119 code)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"lyricson@lyricson.net" = Lyrics On

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Norton Spyware Scan provided by Yahoo!" = Norton Spyware Scan provided by Yahoo!

"Paint Shop Pro 6.0" = Paint Shop Pro 6.0 (CD-ROM)

"Paint Shop Pro Digital Camera Support" = Paint Shop Pro 6 Digital Camera Support

"Palace" = Palace Uninstall

"RealPlayer 16.0" = RealPlayer

"StreetPlugin" = Learn2 Player (Uninstall Only)

"Video Downloader_is1" = Video Downloader version 2.0

"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell

"WIC" = Windows Imaging Component

"WildTangent CDA" = WildTangent Web Driver

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.6

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DownloadTerms" = DownloadTerms

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 7/12/2005 9:37:20 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:37:20 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:37:22 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:49:59 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:01 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:14 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:14 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:26 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 9:50:26 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 7/12/2005 11:24:21 PM | Computer Name = SUNNIE48 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

[ System Events ]

Error - 5/23/2013 12:30:44 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

 

Error - 5/23/2013 12:32:08 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 5/23/2013 12:32:08 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

Error - 5/23/2013 1:58:25 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

 

Error - 5/23/2013 2:00:13 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 5/23/2013 2:00:13 PM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

Error - 5/24/2013 10:34:44 AM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

 

Error - 5/24/2013 10:38:15 AM | Computer Name = SUNNIE48 | Source = DCOM | ID = 10010

Description = The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register

with DCOM within the required timeout.

 

Error - 5/24/2013 10:38:22 AM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 5/24/2013 10:38:22 AM | Computer Name = SUNNIE48 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

 

< End of report >

[Starbuck]

Hi Quirkie

 

I'm not 100% sure that all of the previous fix was run correctly so please follow this step to make sure.

 

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

Thanks

[Quirkie]

Hi Starbuck,

 

I'm having some problem with the OTL. I copied and pasted the stuff you wanted me to.

I closed all browers before I clicked run fix.

When I clicked run fix my desktop icons diappeared and the OTL says it's in the killing process. The hour glass comes up and then at the top it says Not responding It just sits there.

Is it suppose to do this or is something not right?

 

 

Thanks for your help

Quirkie

[Starbuck]

Hi,

 

This is a known problem with some systems when MalwareBytes is installed.

Uninstall MBAM, then reboot the system.

Now run the fix again.

This time you shouldn't have a problem.

Once the fix has finished you can install MBAM again.