Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack this report


  • Please log in to reply

#1
nomadjay

nomadjay

    Member

  • Member
  • PipPip
  • 11 posts
I would appreciate any help to decipher the codes on my Hijack This report:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:41:54 PM, on 4/17/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weat...ld2=-91.126&e=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://tbedits.coupo...4E&n=2012040112
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0295991247059338) (0295991247059338mcinstcleanup) - - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6477 bytes
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello nomadjay and welcome to GeeksToGo :)

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.


  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

What problems the computer have?

# Step 1 #

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    drives
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



# Step 2 #

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#4
nomadjay

nomadjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 4/19/2012 8:39:51 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Jay Poss\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 86.70 Mb Available Physical Memory | 34.13% Memory free
642.04 Mb Paging File | 311.35 Mb Available in Paging File | 48.49% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 56.55 Gb Free Space | 75.94% Space Free | Partition Type: NTFS

Computer Name: D237W941 | User Name: Jay Poss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 08:37:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Poss\My Documents\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/17 17:54:42 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/20 16:15:48 | 000,483,328 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\SYSTEM32\hphmon05.exe
PRC - [2003/08/13 11:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/07/25 09:14:02 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
PRC - [2003/06/25 12:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/14 07:45:04 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2002/10/07 01:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 11:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/03 10:45:08 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2003/04/30 20:43:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBKPP5C.DLL
MOD - [2002/10/09 11:08:54 | 000,122,880 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll
MOD - [2002/10/07 01:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
MOD - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
MOD - [2002/04/17 10:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0295991247059338mcinstcleanup) McAfee Application Installer Cleanup (0295991247059338)
SRV - [2003/05/14 07:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2006/10/28 21:05:19 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/07/02 11:26:20 | 000,202,368 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/07/02 11:25:24 | 000,631,680 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/07/02 11:24:16 | 001,063,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/05/23 13:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BACB640D-6172-4E1B-A942-CE52C9E7FA3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{BACB640D-6172-4E1B-A942-CE52C9E7FA3A}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weat...ld2=-91.126&e=0
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{0331A9DE-6EAF-4987-9814-15F3F480331F}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...c=browsersearch
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{4079649D-2ADC-4896-95C3-A8907BCD04AD}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{8EF82EDC-1155-46C2-B064-C3DE1774E946}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{8F0E3FEE-48F2-47B5-87D9-606DADEA9A31}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-02-13 16:32:39&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{9D9F7C2B-BC7A-4ED9-8E8F-4209250ED602}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{BACB640D-6172-4E1B-A942-CE52C9E7FA3A}: "URL" = http://www.google.co...1I7ADFA_enUS470
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://forecast.weat...d2=-91.126&e=0"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://isearch.avg.c...2:39&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/01 20:02:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/01 20:02:01 | 000,000,000 | ---D | M]

[2009/12/02 21:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay Poss\Application Data\Mozilla\Extensions
[2012/04/01 20:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\extensions
[2011/12/13 14:06:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2009/12/02 21:48:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/01/01 14:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/22 16:19:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/16 16:04:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/13 17:32:27 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/12 19:48:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 19:48:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/02/11 22:59:22 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - No CLSID value found.
O3 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - No CLSID value found.
O3 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\SYSTEM32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.coupo...4E&n=2012040112 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C70717B-C978-4A41-BFED-CC06CF2C59A5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jay Poss\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jay Poss\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{228eb147-d3a2-11df-bbf0-000d56c296f2}\Shell\AutoRun\command - "" = D:\slacker.synclauncher.exe
O33 - MountPoints2\{228eb147-d3a2-11df-bbf0-000d56c296f2}\Shell\slacker\command - "" = D:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: -FreedomNeedsReboot - hkey= - key= - File not found
MsConfig - StartUpReg: AT&T Internet Security Suite - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Dell AIO Printer A920 - hkey= - key= - C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Sonic RecordNow! - hkey= - key= - File not found
MsConfig - StartUpReg: Window Washer - hkey= - key= - File not found
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 08:37:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay Poss\My Documents\OTL.exe
[2012/03/27 16:06:23 | 000,013,696 | ---- | C] (Skyhook Wireless) -- C:\WINDOWS\System32\drivers\wpsnuio.sys
[2012/03/27 16:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Poss\Local Settings\Application Data\Skyhook Wireless
[9 C:\Documents and Settings\Jay Poss\Desktop\*.tmp files -> C:\Documents and Settings\Jay Poss\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 08:43:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC457B68-D168-4E99-9A0E-A3F5E4136253}.job
[2012/04/19 08:37:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Poss\My Documents\OTL.exe
[2012/04/19 08:36:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012/04/19 08:32:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2012/04/19 08:05:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2012/04/19 03:00:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\rpc.job
[2012/04/17 22:18:47 | 000,404,908 | ---- | M] () -- C:\Documents and Settings\Jay Poss\My Documents\04.17.2012_Letter_to_Imperial_Ins..pdf
[2012/04/17 15:41:54 | 000,006,478 | ---- | M] () -- C:\Documents and Settings\Jay Poss\My Documents\Hijackthislog041712
[2012/04/17 15:37:56 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jay Poss\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/15 09:29:15 | 000,100,224 | ---- | M] () -- C:\Documents and Settings\Jay Poss\My Documents\Kohlby & Max.jpg
[2012/04/14 17:17:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/13 08:16:28 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/04/13 08:15:30 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2012/04/13 08:15:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/04/13 08:15:03 | 266,407,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/11 17:47:33 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Jay Poss\Desktop\HiJackThis.lnk
[2012/04/11 03:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/01 13:38:59 | 000,182,583 | ---- | M] () -- C:\Documents and Settings\Jay Poss\My Documents\KW - 2012 STANDARD James Poss RESIDENTIAL LEASE FOR AGREEMEN.pdf
[2012/03/27 16:06:23 | 000,013,696 | ---- | M] (Skyhook Wireless) -- C:\WINDOWS\System32\drivers\wpsnuio.sys
[2012/03/25 13:25:59 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
[9 C:\Documents and Settings\Jay Poss\Desktop\*.tmp files -> C:\Documents and Settings\Jay Poss\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 22:18:45 | 000,404,908 | ---- | C] () -- C:\Documents and Settings\Jay Poss\My Documents\04.17.2012_Letter_to_Imperial_Ins..pdf
[2012/04/17 15:41:54 | 000,006,478 | ---- | C] () -- C:\Documents and Settings\Jay Poss\My Documents\Hijackthislog041712
[2012/04/15 09:29:09 | 000,100,224 | ---- | C] () -- C:\Documents and Settings\Jay Poss\My Documents\Kohlby & Max.jpg
[2012/04/01 13:38:59 | 000,182,583 | ---- | C] () -- C:\Documents and Settings\Jay Poss\My Documents\KW - 2012 STANDARD James Poss RESIDENTIAL LEASE FOR AGREEMEN.pdf
[2012/03/27 16:06:06 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\msxml4.inf
[2012/02/25 19:10:27 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jay Poss\Application Data\PnkBstrK.sys
[2012/02/25 19:09:55 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/02/25 19:09:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/02/15 21:13:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/16 19:13:27 | 000,034,028 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST380011A
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: HP photosmart 7200 USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 74.00GB
Starting Offset: 32901120
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2009/12/02 21:00:25 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2002/09/03 09:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/02/10 12:14:50 | 000,005,795 | RH-- | M] () -- C:\DELL.SDR
[2012/04/13 08:15:03 | 266,407,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/13 08:15:24 | 000,005,646 | ---- | M] () -- C:\hpcmerr.log
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/02/10 12:46:48 | 000,000,867 | -H-- | M] () -- C:\IPH.PH
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/10/09 23:17:55 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/30 18:42:06 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2009/10/23 19:18:31 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/10/23 19:18:31 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2012/04/18 12:04:45 | 420,478,976 | -HS- | M] () -- C:\pagefile.sys

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/03/27 16:06:23 | 000,013,696 | ---- | M] (Skyhook Wireless) -- C:\WINDOWS\system32\drivers\wpsnuio.sys

< %PROGRAMFILES%\*.* >
[2009/06/06 23:15:03 | 000,000,155 | -H-- | M] () -- C:\Program Files\hpothb07.dat
[2006/10/20 16:07:54 | 000,000,263 | -H-- | M] () -- C:\Program Files\hpothb07.tif

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2002/08/29 06:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2002/08/29 06:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002/08/29 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/22 16:19:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/22 16:19:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/22 16:19:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/22 16:19:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/22 16:19:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/22 16:19:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 06:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/22 16:19:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/22 16:19:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/22 16:19:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/22 16:19:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/22 16:19:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/22 16:19:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 06:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46

< End of report >

OTL Extras logfile created on: 4/19/2012 8:39:51 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Jay Poss\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 86.70 Mb Available Physical Memory | 34.13% Memory free
642.04 Mb Paging File | 311.35 Mb Available in Paging File | 48.49% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 56.55 Gb Free Space | 75.94% Space Free | Partition Type: NTFS

Computer Name: D237W941 | User Name: Jay Poss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcuts
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E91306C-899F-45F3-B5E9-4B480A27A63D}" = Tiger Woods PGA TOUR 2004
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{ABCD836B-C6F6-4B4F-B21A-CD2B2A378682}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{C1E5DF32-8248-4347-908C-E030EDAE4368}" = DA920EN
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D43BB532-3537-4CE9-9CBB-92533BD29F0C}" = HP Software Update
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{DE4997B5-55AD-4878-97A7-C9FA84FE23C7}" = PSUsage
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F24862FD-DDC7-490D-AC02-8797B575D6A9}" = SpaMsiWrapper
"{F8282D32-0924-47CB-B6E8-001B3C5716A0}" = PS7200
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InterActual Player" = InterActual Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RegPowerClean2006_is1" = Winferno Registry Power Cleaner
"Scholastic's I SPY Fantasy" = Scholastic's I SPY Fantasy
"Shockwave" = Shockwave
"SideStep" = SideStep
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 6:59:37 PM | Computer Name = D237W941 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....E3370EB58A.crt>
with error: The specified server cannot perform the requested operation.

Error - 3/10/2012 6:59:37 PM | Computer Name = D237W941 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....E3370EB58A.crt>
with error: The specified server cannot perform the requested operation.

Error - 3/12/2012 8:33:28 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 3/16/2012 6:59:03 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/1/2012 9:03:29 PM | Computer Name = D237W941 | Source = MsiInstaller | ID = 11905
Description = Product: Support.com Toolbar -- Error 1905.Module C:\Program Files\Ask.com\GenericAskToolbar.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 4/9/2012 7:49:51 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/9/2012 7:50:34 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/9/2012 7:53:09 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/9/2012 7:53:15 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/9/2012 7:54:25 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

[ System Events ]
Error - 4/3/2012 2:39:54 PM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 4/3/2012 2:39:54 PM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 4/7/2012 9:01:18 PM | Computer Name = D237W941 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 000D56C296F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/10/2012 8:25:40 PM | Computer Name = D237W941 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 000D56C296F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/11/2012 4:24:33 AM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 4/11/2012 4:24:33 AM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 4/13/2012 9:15:21 AM | Computer Name = D237W941 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 000D56C296F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/13/2012 9:15:44 AM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 4/13/2012 9:15:44 AM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 4/17/2012 6:10:49 PM | Computer Name = D237W941 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 000D56C296F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

#5
nomadjay

nomadjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Extras logfile created on: 4/19/2012 8:39:51 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Jay Poss\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 86.70 Mb Available Physical Memory | 34.13% Memory free
642.04 Mb Paging File | 311.35 Mb Available in Paging File | 48.49% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 56.55 Gb Free Space | 75.94% Space Free | Partition Type: NTFS

Computer Name: D237W941 | User Name: Jay Poss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcuts
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E91306C-899F-45F3-B5E9-4B480A27A63D}" = Tiger Woods PGA TOUR 2004
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{ABCD836B-C6F6-4B4F-B21A-CD2B2A378682}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{C1E5DF32-8248-4347-908C-E030EDAE4368}" = DA920EN
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D43BB532-3537-4CE9-9CBB-92533BD29F0C}" = HP Software Update
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{DE4997B5-55AD-4878-97A7-C9FA84FE23C7}" = PSUsage
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F24862FD-DDC7-490D-AC02-8797B575D6A9}" = SpaMsiWrapper
"{F8282D32-0924-47CB-B6E8-001B3C5716A0}" = PS7200
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InterActual Player" = InterActual Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RegPowerClean2006_is1" = Winferno Registry Power Cleaner
"Scholastic's I SPY Fantasy" = Scholastic's I SPY Fantasy
"Shockwave" = Shockwave
"SideStep" = SideStep
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 6:59:37 PM | Computer Name = D237W941 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....E3370EB58A.crt>
with error: The specified server cannot perform the requested operation.

Error - 3/10/2012 6:59:37 PM | Computer Name = D237W941 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....E3370EB58A.crt>
with error: The specified server cannot perform the requested operation.

Error - 3/12/2012 8:33:28 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 3/16/2012 6:59:03 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/1/2012 9:03:29 PM | Computer Name = D237W941 | Source = MsiInstaller | ID = 11905
Description = Product: Support.com Toolbar -- Error 1905.Module C:\Program Files\Ask.com\GenericAskToolbar.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 4/9/2012 7:49:51 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/9/2012 7:50:34 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/9/2012 7:53:09 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/9/2012 7:53:15 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/9/2012 7:54:25 PM | Computer Name = D237W941 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

[ System Events ]
Error - 4/3/2012 2:39:54 PM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 4/3/2012 2:39:54 PM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 4/7/2012 9:01:18 PM | Computer Name = D237W941 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 000D56C296F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/10/2012 8:25:40 PM | Computer Name = D237W941 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 000D56C296F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/11/2012 4:24:33 AM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 4/11/2012 4:24:33 AM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 4/13/2012 9:15:21 AM | Computer Name = D237W941 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 000D56C296F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/13/2012 9:15:44 AM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 4/13/2012 9:15:44 AM | Computer Name = D237W941 | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 4/17/2012 6:10:49 PM | Computer Name = D237W941 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 000D56C296F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

#6
nomadjay

nomadjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 08:54:54
-----------------------------
08:54:54.515 OS Version: Windows 5.1.2600 Service Pack 3
08:54:54.515 Number of processors: 1 586 0x209
08:54:54.515 ComputerName: D237W941 UserName: Jay Poss
08:54:56.593 Initialize success
08:55:08.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:55:08.421 Disk 0 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
08:55:08.453 Disk 0 MBR read successfully
08:55:08.453 Disk 0 MBR scan
08:55:08.453 Disk 0 Windows XP default MBR code
08:55:08.453 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
08:55:08.468 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76253 MB offset 64260
08:55:08.468 Disk 0 scanning sectors +156232125
08:55:08.562 Disk 0 scanning C:\WINDOWS\system32\drivers
08:55:18.687 Service scanning
08:55:46.203 Modules scanning
08:56:32.859 Disk 0 trace - called modules:
08:56:32.890 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
08:56:32.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b2c030]
08:56:32.890 3 CLASSPNP.SYS[f92a2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81b0c3e8]
08:56:32.890 Scan finished successfully
09:00:23.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jay Poss\My Documents\MBR.dat"
09:00:23.390 The log file has been saved successfully to "C:\Documents and Settings\Jay Poss\My Documents\aswMBRlog.txt"
  • 0

#7
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
    IE -  HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}:  "URL" = http://search.mywebs...r={searchTerms}
    IE -  HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}:  "URL" = http://search.babylo...c=browsersearch
    O3 -  HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser:  (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - No CLSID value  found.
    O3 -  HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser:  (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value  found.
    O3 -  HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser:  (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value  found.
    O3 -  HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser:  (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - No CLSID value  found.
    O3 -  HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser:  (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value  found.
    O3 -  HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser:  (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value  found.
    O3 -  HKU\S-1-5-21-2282678061-997924742-2218018315-1007\..\Toolbar\WebBrowser:  (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value  found.
    [2012/04/19 08:36:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2012/04/19 08:32:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2012/04/19 08:05:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



# Step 2 #

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

  • 0

#8
nomadjay

nomadjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All processes killed
Error: Unable to interpret <[CREATERESTOREPOINT] > in the current context!
Error: Unable to interpret < > in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}\ not found.
Registry key HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}\ not found.
Registry key HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry value HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{84938242-5C5B-4A55-B6B9-A1507543B418} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\ not found.
Registry value HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}\ not found.
Registry value HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E1BACF55-35E1-4E47-9247-2D48660E5545} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1BACF55-35E1-4E47-9247-2D48660E5545}\ not found.
Registry value HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2282678061-997924742-2218018315-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.
C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.D237W941
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Jay Poss
->Temp folder emptied: 216373888 bytes
->Temporary Internet Files folder emptied: 50771336 bytes
->Java cache emptied: 10098639 bytes
->FireFox cache emptied: 56025519 bytes
->Flash cache emptied: 1523 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 147590 bytes
->Flash cache emptied: 879 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 19614737 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10536967 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26132 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 347.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.D237W941

User: All Users

User: Default User

User: Jay Poss
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.40.0 log created on 04202012_145335

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jay Poss\Local Settings\Temp\~DF8FFF.tmp not found!
File\Folder C:\Documents and Settings\Jay Poss\Local Settings\Temp\~DF90A3.tmp not found!
File\Folder C:\Documents and Settings\Jay Poss\Local Settings\Temp\~DF9682.tmp not found!
File\Folder C:\Documents and Settings\Jay Poss\Local Settings\Temp\~DF968F.tmp not found!
C:\Documents and Settings\Jay Poss\Local Settings\Temporary Internet Files\Content.IE5\YF1RU07L\ads[1].htm moved successfully.
C:\Documents and Settings\Jay Poss\Local Settings\Temporary Internet Files\Content.IE5\YF1RU07L\page__pid__2146597[1].htm moved successfully.
C:\Documents and Settings\Jay Poss\Local Settings\Temporary Internet Files\Content.IE5\H4HDQGK9\ads[1].htm moved successfully.
C:\Documents and Settings\Jay Poss\Local Settings\Temporary Internet Files\Content.IE5\63TGBXCB\ads[1].htm moved successfully.
C:\Documents and Settings\Jay Poss\Local Settings\Temporary Internet Files\Content.IE5\63TGBXCB\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Jay Poss\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#9
nomadjay

nomadjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jay Poss :: D237W941 [administrator]

4/20/2012 3:19:19 PM
mbam-log-2012-04-20 (15-19-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283221
Time elapsed: 47 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 17
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F10587E9-0E47-4CBE-ABCD-7DD20B862223} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search| (PUP.MyWebSearch) -> Data: http://tbedits.coupo...4E&n=2012040112 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 15
C:\Documents and Settings\Jay Poss\Application Data\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\PCOBackups (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-44-150 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 258
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174015.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174069.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174070.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174071.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174072.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174073.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174074.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174075.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174076.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174077.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174078.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174079.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174080.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174081.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174082.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174083.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174084.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174085.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174086.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174087.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174088.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174089.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174090.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174091.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174092.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174094.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174095.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174096.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174097.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3045\A0174099.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3047\A0174142.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3047\A0174143.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3047\A0174144.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3047\A0174145.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3056\A0174203.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\Logs\2009-07-14 18-31-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\Logs\2009-07-14 23-04-530.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-100.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-101.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-102.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-103.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-104.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-105.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-106.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-107.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-108.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-109.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-110.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-111.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-112.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-113.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-114.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-115.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-116.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-117.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-118.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-119.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-120.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-121.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-122.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-123.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-124.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-125.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-126.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-127.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-128.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-129.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-130.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-131.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-132.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-133.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-134.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-135.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-136.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-137.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-138.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-139.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-140.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-141.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-142.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-143.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-144.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-145.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-146.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-147.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-148.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-149.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-150.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-151.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-152.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-153.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-154.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-155.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-156.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-157.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-158.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-159.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-160.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-161.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-162.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-163.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-164.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-165.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-166.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-167.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-168.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-169.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-170.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-171.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-172.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-173.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-174.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-175.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-176.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-177.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-178.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-179.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-180.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-181.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-182.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-183.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-184.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-185.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-186.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-187.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-188.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-189.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-190.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-191.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-192.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-193.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-194.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-195.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-196.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-197.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-198.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-199.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-200.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-201.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-202.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-203.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-204.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-205.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-206.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-207.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-208.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-209.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-210.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-211.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-93.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-94.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-95.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-96.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-97.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-98.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-41-450\regb-99.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\QuarantineW\2009-07-14 18-44-150\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay Poss\Application Data\Error Fix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

(end)
  • 0

#10
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.
  • 0

Advertisements


#11
nomadjay

nomadjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I ran the ComboFix, but it took over 45 minutes and still wasn't finished. I had to shut it down.
  • 0

#12
nomadjay

nomadjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 12-04-22.02 - Jay Poss 04/24/2012 9:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.125 [GMT -5:00]
Running from: c:\documents and settings\Jay Poss\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\weave\toFetch
c:\documents and settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\weave\toFetch\bookmarks.json
c:\documents and settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\weave\toFetch\clients.json
c:\documents and settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\weave\toFetch\forms.json
c:\documents and settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\weave\toFetch\history.json
c:\documents and settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\weave\toFetch\passwords.json
c:\documents and settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\weave\toFetch\prefs.json
c:\documents and settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\weave\toFetch\tabs.json
c:\documents and settings\Jay Poss\WINDOWS
c:\program files\internet optimizer
c:\program files\mediapipe
c:\program files\mediapipe\install.log
c:\windows\explorer(2).exe
c:\windows\explorer(3).exe
c:\windows\explorer(4).exe
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-20 20:07 . 2012-04-20 20:07 -------- d-----w- c:\documents and settings\Jay Poss\Application Data\Malwarebytes
2012-04-20 20:06 . 2012-04-20 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-20 20:06 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-20 20:06 . 2012-04-20 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-20 19:53 . 2012-04-20 19:53 -------- d-----w- C:\_OTL
2012-03-27 21:06 . 2012-03-27 21:06 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2012-03-27 21:06 . 2012-03-27 21:06 -------- d-----w- c:\documents and settings\Jay Poss\Local Settings\Application Data\Skyhook Wireless
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2004-02-06 23:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-08-29 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-08-29 11:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-08-29 11:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-02-26 00:10 . 2012-02-26 00:10 22328 ----a-w- c:\documents and settings\Jay Poss\Application Data\PnkBstrK.sys
2012-02-26 00:10 . 2012-02-26 00:09 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-26 00:09 . 2012-02-26 00:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-25 23:34 . 2011-05-26 18:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2007-03-08 13:47 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-22 21:19 . 2011-05-06 00:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-17 180269]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-03 00:46 270336 -c--a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
.
S2 0295991247059338mcinstcleanup;McAfee Application Installer Cleanup (0295991247059338); [x]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2008-01-16 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-2002003-08-20 20:57N37P2C2Z3I3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 20:57]
.
2008-01-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2008-01-16 21:23]
.
2012-04-24 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2010-02-16 20:51]
.
2012-04-24 c:\windows\Tasks\User_Feed_Synchronization-{BC457B68-D168-4E99-9A0E-A3F5E4136253}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Baton+Rouge&state=LA&site=LIX&textField1=30.449&textField2=-91.126&e=0
Trusted Zone: plaxo.com\www
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jay Poss\Application Data\Mozilla\Firefox\Profiles\jastzyvo.default\
FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Baton+Rouge&state=LA&site=LIX&textField1=30.449&textField2=-91.126&e=0
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5fe677a0-da2a-40ea-9868-233ec25e22bd%7D&mid=ce22bb40489147d19f84d14410267f01-ca4d0c800fc20b2550f4e7e81535b4698b9743dc&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-02-13%2016%3A32%3A39&sap=ku&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp--FreedomNeedsReboot - c:\program files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe
MSConfigStartUp-AT&T Internet Security Suite - c:\program files\AT&T\AT&T Internet Security Suite\Rps.exe
MSConfigStartUp-Window Washer - c:\program files\Webroot\Washer\wwDisp.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-24 09:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-24 09:26:47
ComboFix-quarantined-files.txt 2012-04-24 14:26
.
Pre-Run: 61,035,954,176 bytes free
Post-Run: 60,907,900,928 bytes free
.
- - End Of File - - F5B75E73FFF1CD98C28AA06D517FE675
  • 0

#13
nomadjay

nomadjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
What is Skyhook? What is windows\system32\drivers\wpsnuio.sys? I'm trying to find out if someone copied and/or extracted my computer logs and any other history logs in any way.
  • 0

#14
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

What is Skyhook?

It's a software to determining geographical location using Wi-Fi

What is windows\system32\drivers\wpsnuio.sys?

It's a part of Skyhook. Don't worrry, this software is legitimate.

How is your computer?

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/us/online-scanner/
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#15
nomadjay

nomadjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Computer is just old and slow. How does Skyhook work?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP