Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to turn on Automatic Updates

Started by jcarissimo , Oct 18 2009 12:18 PM

  • Please log in to reply

#1
jcarissimo
Posted 18 October 2009 - 12:18 PM

jcarissimo

    Member

  • Member
  • PipPip
  • 59 posts
Hi everyone - ok I'm working on a pc with Win XP and all MS updates should be current.

I've run scans over and over again using McAfee and Malwarebytes. I've followed all instructions in your list to do the prep work before listing a new topic. And here I am... Still having the same problems. No matter what I've tried I'm still unable to turn on the Automatic Updates in the Windows Security Center. That just makes me feel uneasy like there is still something in my pc that doesn't belong.

Here are the results for all three reports-

- Malwarebytes report:
Malwarebytes' Anti-Malware 1.41
Database version: 2981
Windows 5.1.2600 Service Pack 3

10/18/2009 1:54:00 PM
mbam-log-2009-10-18 (13-54-00).txt

Scan type: Quick Scan
Objects scanned: 150485
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


- Root Repeal Report:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/18 13:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEC554000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BA7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEB15C000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

- OTL Report:
OTL logfile created on: 10/18/2009 2:01:29 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Dee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 560.03 Mb Available Physical Memory | 54.74% Memory free
1.66 Gb Paging File | 1.23 Gb Available in Paging File | 74.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 21.67 Gb Free Space | 19.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TVROOM
Current User Name: Dee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/18 14:00:31 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dee\Desktop\OTL.exe
PRC - [2009/08/28 21:24:02 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/28 21:24:02 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/28 22:20:26 | 05,046,784 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
PRC - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
PRC - [2003/11/03 14:46:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/08/06 16:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/31 19:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PRC - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2001/10/21 17:58:52 | 00,301,568 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2001/10/21 15:12:28 | 00,045,056 | ---- | M] (Lexmark International) -- C:\WINDOWS\System32\lxamsp32.exe
PRC - [2001/10/21 12:56:28 | 00,169,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2001/10/21 12:54:58 | 00,036,864 | ---- | M] (Lexmark) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (WMP54GSSVC [Auto | Running])
SRV - File not found -- -- (iPod Service [On_Demand | Stopped])
SRV - File not found -- -- (0230851255727031mcinstcleanup [Auto | Stopped])
SRV - [2009/08/28 21:24:02 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [Disabled | Stopped])
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2003/11/03 14:46:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/08/06 16:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/31 19:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM [Auto | Running])
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2002/12/17 20:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM [On_Demand | Stopped])
SRV - [2002/12/17 20:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2001/10/21 17:58:52 | 00,301,568 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnj.craigslist.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/28 21:24:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/18 13:33:57 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe File not found
O4 - HKLM..\Run: [fbqpy] C:\WINDOWS\qomflterc.exe File not found
O4 - HKLM..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe File not found
O4 - HKLM..\Run: [LexStart] File not found
O4 - HKLM..\Run: [lxamsp32.exe] C:\WINDOWS\System32\lxamsp32.exe (Lexmark International)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [migd] C:\WINDOWS\iajp.exe File not found
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [Jlfdnl] C:\Program Files\Common Files\??stem32\services.exe File not found
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe File not found
O4 - HKCU..\Run: [rrwo] C:\PROGRA~1\COMMON~1\rrwo\rrwom.exe File not found
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe (Jetsoft Development Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} http://community.web...wsaxcontrol.cab (Webshots Multiple Media Uploader - Container)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1251497279406 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1251497270734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} http://community.web...otoUploader.CAB (Webshots Photo Uploader)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...469/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/05 20:47:50 | 00,000,507 | ---- | M] () - C:\AUTOEXEC.PSS -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/16 16:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/10/16 17:02:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/10/18 13:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/18 12:31:31 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
[2009/10/18 01:59:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/16 17:01:53 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/10/16 17:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/10/18 13:09:01 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/18 13:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/18 14:00:20 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dee\Desktop\OTL.exe
[2009/10/18 13:55:49 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dee\Desktop\RootRepeal.exe
[2009/10/18 13:44:15 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dee\Desktop\erunt_setup.exe
[2009/10/18 13:09:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/18 13:07:59 | 00,000,000 | ---D | C] -- C:\7bcef39c417875589ca3d2a0
[2009/10/18 12:54:06 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Dee\Desktop\SysRestorePoint.exe
[2009/10/18 12:48:13 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dee\Desktop\TFC.exe
[2009/10/18 12:16:02 | 00,000,000 | ---D | C] -- C:\Linksys Driver
[2009/10/18 01:59:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/18 01:59:33 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/18 01:58:18 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dee\Desktop\mbam-setup.exe
[2009/10/16 17:04:20 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/10/16 17:04:20 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/10/16 17:04:19 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/10/16 17:04:07 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/10/16 16:23:10 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2004/04/04 15:19:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2026/01/11 22:06:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\exe
[2009/10/18 14:00:31 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dee\Desktop\OTL.exe
[2009/10/18 14:00:00 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ECB19A94-33BA-4494-B9E9-87E6BC2EC52D}.job
[2009/10/18 13:58:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C69D1166-D821-4DEC-9586-BA3E6445BC0A}.job
[2009/10/18 13:55:52 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dee\Desktop\RootRepeal.exe
[2009/10/18 13:44:46 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Dee\Desktop\NTREGOPT.lnk
[2009/10/18 13:44:46 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Dee\Desktop\ERUNT.lnk
[2009/10/18 13:44:18 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dee\Desktop\erunt_setup.exe
[2009/10/18 13:43:30 | 00,161,376 | ---- | M] () -- C:\Documents and Settings\Dee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/18 13:43:03 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/18 13:42:17 | 00,528,370 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/18 13:42:17 | 00,449,420 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/10/18 13:42:17 | 00,068,952 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/18 13:38:23 | 00,008,205 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/18 13:37:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/18 13:37:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/18 13:37:05 | 00,011,824 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/10/18 13:37:05 | 00,011,824 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/10/18 13:37:05 | 00,006,240 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/10/18 13:37:05 | 00,006,240 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/10/18 13:16:08 | 00,511,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/18 13:15:07 | 05,362,330 | -H-- | M] () -- C:\Documents and Settings\Dee\Local Settings\Application Data\IconCache.db
[2009/10/18 12:54:06 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Dee\Desktop\SysRestorePoint.exe
[2009/10/18 12:48:13 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dee\Desktop\TFC.exe
[2009/10/18 12:31:29 | 00,004,254 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2009/10/18 12:15:14 | 06,314,342 | ---- | M] () -- C:\Documents and Settings\Dee\My Documents\Linksys WMP54GS-v1_1.exe
[2009/10/18 01:59:37 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 01:58:34 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dee\Desktop\mbam-setup.exe
[2009/10/18 00:07:54 | 00,002,610 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/10/16 21:16:00 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/16 17:08:52 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/10/16 17:08:28 | 00,000,126 | ---- | M] () -- C:\Documents and Settings\Dee\Local Settings\Application Data\fusioncache.dat
[2009/10/16 17:03:18 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/10/16 17:03:15 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/10/12 10:30:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files - No Company Name ==========
[2100/02/23 19:55:50 | 00,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2009/10/18 13:44:46 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Dee\Desktop\NTREGOPT.lnk
[2009/10/18 13:44:46 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Dee\Desktop\ERUNT.lnk
[2009/10/18 13:32:45 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/18 12:48:39 | 06,314,342 | ---- | C] () -- C:\Documents and Settings\Dee\My Documents\Linksys WMP54GS-v1_1.exe
[2009/10/18 12:24:33 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/10/18 12:24:33 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/10/18 12:24:33 | 00,071,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\WMP54GS.inf
[2009/10/18 12:24:33 | 00,007,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\WMP54GS.cat
[2009/10/18 01:59:37 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 00:04:47 | 00,002,610 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/10/17 23:57:41 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ECB19A94-33BA-4494-B9E9-87E6BC2EC52D}.job
[2009/10/17 23:43:48 | 00,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C69D1166-D821-4DEC-9586-BA3E6445BC0A}.job
[2009/10/16 17:10:28 | 00,008,205 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/16 17:08:52 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/10/16 17:08:28 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dee\Local Settings\Application Data\fusioncache.dat
[2009/10/16 17:03:18 | 00,000,336 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/10/16 17:03:15 | 00,000,314 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/06/08 11:02:18 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Dee\Application Data\$_hpcst$.hpc
[2007/01/02 22:12:04 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/01/02 22:11:29 | 00,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2006/12/26 01:16:24 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/24 21:39:40 | 00,000,122 | ---- | C] () -- C:\Program Files\ppunistall.bat
[2006/04/10 22:01:48 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/18 20:24:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/08/27 16:40:41 | 00,000,431 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/07/24 17:23:50 | 00,000,284 | ---- | C] () -- C:\Documents and Settings\Dee\Application Data\ViewerApp.dat
[2005/07/07 00:08:51 | 00,245,248 | ---- | C] () -- C:\Documents and Settings\Dee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/21 11:17:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2005/05/18 18:17:01 | 00,000,009 | ---- | C] () -- C:\WINDOWS\cfonm.ini
[2005/05/18 18:17:00 | 00,000,009 | ---- | C] () -- C:\WINDOWS\cftnm.ini
[2005/05/18 18:12:41 | 00,000,045 | ---- | C] () -- C:\WINDOWS\DCEFLON.ini
[2005/02/02 21:37:24 | 00,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2004/12/27 17:54:43 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/26 18:29:09 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2004/12/26 17:42:35 | 00,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2004/10/08 15:09:35 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IDMC1Reg.dll
[2004/09/28 16:14:27 | 00,004,797 | ---- | C] () -- C:\WINDOWS\cfgmgr52.ini
[2004/08/07 23:44:45 | 00,011,793 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/20 21:33:08 | 00,000,052 | ---- | C] () -- C:\WINDOWS\usta32a.ini
[2004/05/31 15:37:49 | 00,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/05/31 15:36:11 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2004/05/11 06:15:51 | 05,362,330 | -H-- | C] () -- C:\Documents and Settings\Dee\Local Settings\Application Data\IconCache.db
[2004/05/11 06:15:51 | 00,161,376 | ---- | C] () -- C:\Documents and Settings\Dee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/05/11 06:15:51 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dee\Application Data\DESKTOP.INI
[2004/04/04 15:37:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/04 15:29:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/04 15:19:29 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/04/04 15:19:08 | 00,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/04/04 15:19:08 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/04/04 15:19:07 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/04/04 15:19:07 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/04/04 15:18:37 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/04/04 15:17:30 | 00,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/04 15:14:31 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/04 15:00:04 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/04 14:43:24 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/18 09:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/11/20 14:39:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 09:59:58 | 00,000,986 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 09:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/03 09:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2001/05/13 18:18:34 | 00,000,209 | ---- | C] () -- C:\WINDOWS\X63_DS.ini
[2000/10/24 10:08:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 10:08:33 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/04/20 04:15:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[1998/04/22 16:59:50 | 00,115,712 | ---- | C] () -- C:\WINDOWS\System32\vboxp40.dll
[1997/10/24 10:56:36 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/10/16 16:17:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2005/12/29 13:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2004/04/04 15:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2006/04/24 21:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2005/08/07 10:58:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\msw
[2007/12/09 18:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2006/08/17 12:36:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2005/12/26 12:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2004/04/04 15:15:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/03/13 16:50:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2008/07/31 18:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/28 16:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/28 17:16:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dee\Application Data
[2005/03/06 11:21:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\{12EE7A5E-0674-42f9-A76B-000000004D00}
[2005/12/28 00:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\ACD Systems
[2009/08/14 17:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Aim
[2007/03/16 07:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\aѕsembly
[2007/03/24 17:59:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\CyberLink
[2006/05/17 20:58:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Jasc
[2006/10/15 13:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Kontiki
[2006/03/03 13:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Leadertech
[2004/06/28 09:01:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Lycos
[2009/08/28 16:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Move Networks
[2006/04/24 21:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\MSN6
[2005/12/28 00:33:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Simple Star
[2007/06/02 17:49:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Snapfish
[2007/02/19 12:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\sуstem
[2007/01/11 09:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\sуstem32
[2007/01/11 15:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Viewpoint
[2007/01/27 08:52:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\Аdobe
[2007/02/07 09:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\ѕеcurity
[2007/03/21 17:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\ѕуstem
[2007/04/29 13:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\ѕуstem32
[2009/10/12 10:30:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2004/05/09 21:31:43 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2009/10/16 17:03:18 | 00,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/10/16 17:03:15 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/10/18 13:37:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/18 13:58:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C69D1166-D821-4DEC-9586-BA3E6445BC0A}.job
[2009/10/18 14:00:00 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ECB19A94-33BA-4494-B9E9-87E6BC2EC52D}.job

========== Purity Check ==========

[2007/04/29 13:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\ѕуstem32
[2007/03/21 17:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dee\Application Data\ѕуstem32\ѕуstem32


========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/05 21:06:11 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A518B662

========== Files - Unicode (All) ==========
[2007/04/29 13:15:48 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\Application Data\??stem32) -- C:\Documents and Settings\Dee\Application Data\ѕуstem32
[2007/03/21 17:56:56 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\Application Data\??stem) -- C:\Documents and Settings\Dee\Application Data\ѕуstem
[2007/03/18 11:08:00 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\My Documents\?ssembly) -- C:\Documents and Settings\Dee\My Documents\аssembly
[2007/03/18 11:08:00 | 00,000,000 | ---D | C](C:\Documents and Settings\Dee\My Documents\?ssembly) -- C:\Documents and Settings\Dee\My Documents\аssembly
[2007/03/16 07:19:01 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\Application Data\a?sembly) -- C:\Documents and Settings\Dee\Application Data\aѕsembly
[2007/03/15 07:10:03 | 00,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Μicrosoft.NET
[2007/03/15 07:10:03 | 00,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Μicrosoft.NET
[2007/02/25 16:30:56 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\My Documents\?ystem) -- C:\Documents and Settings\Dee\My Documents\ѕystem
[2007/02/25 16:30:56 | 00,000,000 | ---D | C](C:\Documents and Settings\Dee\My Documents\?ystem) -- C:\Documents and Settings\Dee\My Documents\ѕystem
[2007/02/19 12:22:50 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\Application Data\s?stem) -- C:\Documents and Settings\Dee\Application Data\sуstem
[2007/02/07 09:13:35 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\Application Data\??curity) -- C:\Documents and Settings\Dee\Application Data\ѕеcurity
[2007/01/27 08:52:21 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\Application Data\?dobe) -- C:\Documents and Settings\Dee\Application Data\Аdobe
[2007/01/25 17:47:54 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\My Documents\??sembly) -- C:\Documents and Settings\Dee\My Documents\аѕsembly
[2007/01/25 17:47:54 | 00,000,000 | ---D | C](C:\Documents and Settings\Dee\My Documents\??sembly) -- C:\Documents and Settings\Dee\My Documents\аѕsembly
[2007/01/20 09:16:20 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\My Documents\?dobe) -- C:\Documents and Settings\Dee\My Documents\Αdobe
[2007/01/20 09:16:20 | 00,000,000 | ---D | C](C:\Documents and Settings\Dee\My Documents\?dobe) -- C:\Documents and Settings\Dee\My Documents\Αdobe
[2007/01/11 09:01:06 | 00,000,000 | ---D | M](C:\Documents and Settings\Dee\Application Data\s?stem32) -- C:\Documents and Settings\Dee\Application Data\sуstem32
< End of report >

- OTL Extras:
OTL Extras logfile created on: 10/18/2009 2:01:29 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Dee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 560.03 Mb Available Physical Memory | 54.74% Memory free
1.66 Gb Paging File | 1.23 Gb Available in Paging File | 74.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 21.67 Gb Free Space | 19.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TVROOM
Current User Name: Dee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{B6751A10-2389-4AEF-870A-4DD925F48733}" = IntelliMover
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1FCD24B-73FD-11D6-A14B-00105AC953E9}" = Digital Blue™ PC Digital Movie Creator
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"comcastDD" = Desktop Doctor
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Encarta98" = Microsoft Encarta 98 Encyclopedia
"ERUNT_is1" = ERUNT 1.1j
"Greetings Workshop" = Greetings Workshop
"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 4.18.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealOne Player
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2009 2:03:15 PM | Computer Name = D14HGN41 | Source = Google Update | ID = 20
Description =

Error - 8/28/2009 3:03:12 PM | Computer Name = D14HGN41 | Source = Google Update | ID = 20
Description =

Error - 10/16/2009 4:23:54 PM | Computer Name = TVROOM | Source = Application Error | ID = 1000
Description = Faulting application install.exe, version 3.15.146.0, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x0004af47.

Error - 10/16/2009 5:12:32 PM | Computer Name = TVROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/16/2009 5:42:23 PM | Computer Name = TVROOM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.18812, fault address 0x0011e4d5.

Error - 10/16/2009 5:57:01 PM | Computer Name = TVROOM | Source = Application Hang | ID = 1002
Description = Hanging application mcshell.exe, version 9.15.126.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/16/2009 5:57:24 PM | Computer Name = TVROOM | Source = Application Hang | ID = 1001
Description = Fault bucket 1389170889.

Error - 10/16/2009 7:24:48 PM | Computer Name = TVROOM | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 10/17/2009 11:47:25 PM | Computer Name = TVROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/17/2009 11:47:25 PM | Computer Name = TVROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 10/18/2009 12:49:00 PM | Computer Name = TVROOM | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/18/2009 12:49:00 PM | Computer Name = TVROOM | Source = Service Control Manager | ID = 7034
Description = The WMDM PMSP Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/18/2009 12:49:00 PM | Computer Name = TVROOM | Source = Service Control Manager | ID = 7034
Description = The WMP54GSSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 10/18/2009 12:49:00 PM | Computer Name = TVROOM | Source = Service Control Manager | ID = 7034
Description = The WAN Miniport (ATW) Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/18/2009 12:49:00 PM | Computer Name = TVROOM | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/18/2009 12:49:00 PM | Computer Name = TVROOM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/18/2009 12:49:00 PM | Computer Name = TVROOM | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/18/2009 12:50:25 PM | Computer Name = TVROOM | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}.
The
error: "%2" Happened while starting this command: "C:\Program Files\iPod\bin\iPodService.exe"
-Embedding

Error - 10/18/2009 1:23:25 PM | Computer Name = TVROOM | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}.
The
error: "%2" Happened while starting this command: "C:\Program Files\iPod\bin\iPodService.exe"
-Embedding

Error - 10/18/2009 1:39:20 PM | Computer Name = TVROOM | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}.
The
error: "%2" Happened while starting this command: "C:\Program Files\iPod\bin\iPodService.exe"
-Embedding


< End of report >


Please let me know what you find and the best way to clean it without losing my personal documents.

I look forward to your response.
Regards,
jcarissimo
  • 0

Advertisements

#2
jcarissimo
Posted 23 October 2009 - 08:10 AM

jcarissimo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Ok my Geekstogo friends - I've got the Security Enabled and Auto-Updates are working again. I downloaded a tweak online and it updated the registry and fixed the problem.

Do you see any virus/malware issues that can be cleaned up before I forget about this post?

Thank you in advance,
jcarissimo
  • 0

#3
SpySentinel
Posted 31 October 2009 - 01:06 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi jcarissimo , Sorry for the delay.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe File not found
O4 - HKLM..\Run: [fbqpy] C:\WINDOWS\qomflterc.exe File not found
O4 - HKLM..\Run: [migd] C:\WINDOWS\iajp.exe File not found
O4 - HKCU..\Run: [Jlfdnl] C:\Program Files\Common Files\??stem32\services.exe File not found
O4 - HKCU..\Run: [rrwo] C:\PROGRA~1\COMMON~1\rrwo\rrwom.exe File not found

:Files
C:\WINDOWS\System32\exe
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Dee\Application Data\Viewpoint
C:\PROGRA~1\COMMON~1\rrwo
C:\Program Files\Common Files\??stem32
C:\WINDOWS\iajp.exe
C:\WINDOWS\qomflterc.exe
C:\WINDOWS\VCMnet11.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

  • 0

#4
jcarissimo
Posted 01 November 2009 - 11:01 AM

jcarissimo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi SpySentinel, thank you for your help. OTL.exe ran as you directed. I'll paste the ouput.

OTL Results:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\C:\WINDOWS\VCMnet11.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fbqpy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\migd deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Jlfdnl deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rrwo deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\exe moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\ViewBar\Skins\ClassicColorsV2\htmlimages moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\ViewBar\Skins\ClassicColorsV2\graphics moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\ViewBar\Skins\ClassicColorsV2 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\ViewBar\Skins moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\ViewBar moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
C:\Documents and Settings\Dee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\Dee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\Dee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\Dee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\Dee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources moved successfully.
C:\Documents and Settings\Dee\Application Data\Viewpoint\Viewpoint Experience Technology moved successfully.
C:\Documents and Settings\Dee\Application Data\Viewpoint\ViewBar\Thumbnails moved successfully.
C:\Documents and Settings\Dee\Application Data\Viewpoint\ViewBar moved successfully.
C:\Documents and Settings\Dee\Application Data\Viewpoint moved successfully.
C:\PROGRA~1\COMMON~1\rrwo\rrwod moved successfully.
C:\PROGRA~1\COMMON~1\rrwo\bak moved successfully.
C:\PROGRA~1\COMMON~1\rrwo moved successfully.
File\Folder C:\Program Files\Common Files\??stem32 not found.
File\Folder C:\WINDOWS\iajp.exe not found.
File\Folder C:\WINDOWS\qomflterc.exe not found.
File\Folder C:\WINDOWS\VCMnet11.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\Μicrosoft.NET moved successfully.
C:\Documents and Settings\Dee\My Documents\Αdobe moved successfully.
C:\Documents and Settings\Dee\My Documents\аѕsembly moved successfully.
C:\Documents and Settings\Dee\My Documents\ѕystem moved successfully.
C:\Documents and Settings\Dee\Application Data\Аdobe moved successfully.
C:\Documents and Settings\Dee\Application Data\aѕsembly moved successfully.
C:\Documents and Settings\Dee\Application Data\ѕеcurity moved successfully.
C:\Documents and Settings\Dee\Application Data\ѕуstem moved successfully.
C:\Documents and Settings\Dee\Application Data\sуstem moved successfully.
C:\Documents and Settings\Dee\Application Data\sуstem32 moved successfully.
C:\Documents and Settings\Dee\Application Data\ѕуstem32\ѕуstem32 moved successfully.
C:\Documents and Settings\Dee\Application Data\ѕуstem32 moved successfully.

[EMPTYTEMP]

User: Administrator

User: Administrator.TVROOM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: cori(2)

User: Dee
->Temp folder emptied: 56215029 bytes
File delete failed. C:\Documents and Settings\Dee\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 47934166 bytes
->Java cache emptied: 25493434 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: miranda2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 51787 bytes
File delete failed. C:\WINDOWS\temp\mcafee_5okkSh1LXQJq3u3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_9u1KkG6rUhUzr3t scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_IQIJqX0jbfH7R2A scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_w7VPawduUKmsJ74 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_750.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 83390646 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 203.25 mb


OTL by OldTimer - Version 3.0.21.0 log created on 11012009_114632

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcafee_5okkSh1LXQJq3u3 not found!
File\Folder C:\WINDOWS\temp\mcmsc_9u1KkG6rUhUzr3t not found!
File\Folder C:\WINDOWS\temp\mcmsc_IQIJqX0jbfH7R2A not found!
File\Folder C:\WINDOWS\temp\mcmsc_w7VPawduUKmsJ74 not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_750.dat not found!

Registry entries deleted on Reboot...

Please let me know if you think it's clean and ready to roll.
I thank you once again for your help.
Regards,
jcarissimo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP