Jump to content

caewe12

Honorary Members
  • Posts

    96
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    CT
  1. Ok ran Security Check. Here is the log. CAE Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Online Scanner v3 `````````Anti-malware/Other Utilities Check:````````` Norton Ghost Malwarebytes Anti-Malware version 1.62.0.1300 Java 6 Update 31 Java version out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 10.0.2 Firefox out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  2. Hi, Oddly enough my sound and printer are both working now. Here is log. Thank you. CAE # AdwCleaner v2.101 - Logfile created 12/22/2012 at 13:38:57 # Updated 16/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Ekenbarger's - JAM1 # Boot Mode : Normal # Running from : C:\Documents and Settings\Ekenbarger's\Desktop\adwcleaner.exe # Option [Delete] ` ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc File Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi File Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\Conduit.xml File Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\CouponAlert_2p.xml File Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\search-here.xml Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\ConduitCommon Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\CT2559647 Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\CT3106777 Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64} Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\staged Folder Deleted : C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\DefaultTab Folder Deleted : C:\Program Files\Viewpoint ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\DefaultTab Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\DefaultTab Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Deleted : HKLM\Software\iWon Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\Software\Viewpoint ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v10.0.2 (en-US) Profile name : default File : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\prefs.js Deleted : user_pref("CT2559647..clientLogIsEnabled", false); Deleted : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2559647.AppTrackingLastCheckTime", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard[...] Deleted : user_pref("CT2559647.CTID", "CT2559647"); Deleted : user_pref("CT2559647.CurrentServerDate", "12-11-2012"); Deleted : user_pref("CT2559647.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2559647.DialogsGetterLastCheckTime", "Sun Nov 11 2012 19:41:04 GMT-0500 (Eastern Standa[...] Deleted : user_pref("CT2559647.DownloadReferralCookieData", ""); Deleted : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Sun Mar 11 2012 21:39:34 GMT-040[...] Deleted : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Sun Mar 11 2012 21:39:34 GMT-040[...] Deleted : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Sun Mar 11 2012 21:39:34 GMT-040[...] Deleted : user_pref("CT2559647.FirstServerDate", "27-12-2011"); Deleted : user_pref("CT2559647.FirstTime", true); Deleted : user_pref("CT2559647.FirstTimeFF3", true); Deleted : user_pref("CT2559647.FixPageNotFoundErrors", true); Deleted : user_pref("CT2559647.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2559647.HasUserGlobalKeys", true); Deleted : user_pref("CT2559647.HomePageProtectorEnabled", false); Deleted : user_pref("CT2559647.Initialize", true); Deleted : user_pref("CT2559647.InitializeCommonPrefs", true); Deleted : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2559647.InstalledDate", "Mon Dec 26 2011 17:02:21 GMT-0500 (Eastern Standard Time)"); Deleted : user_pref("CT2559647.IsAlertDBUpdated", true); Deleted : user_pref("CT2559647.IsGrouping", false); Deleted : user_pref("CT2559647.IsInitSetupIni", true); Deleted : user_pref("CT2559647.IsMulticommunity", false); Deleted : user_pref("CT2559647.IsOpenThankYouPage", false); Deleted : user_pref("CT2559647.IsOpenUninstallPage", true); Deleted : user_pref("CT2559647.IsProtectorsInit", true); Deleted : user_pref("CT2559647.LanguagePackLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standar[...] Deleted : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2559647.LastLogin_3.10.0.1", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard Time)[...] Deleted : user_pref("CT2559647.LastLogin_3.5.1.1", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT2559647.LatestVersion", "3.16.0.3"); Deleted : user_pref("CT2559647.Locale", "en"); Deleted : user_pref("CT2559647.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2559647.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2559647.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2559647.OriginalFirstVersion", "3.5.1.1"); Deleted : user_pref("CT2559647.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2559647.SearchEngineBeforeUnload", "WinZipBar Customized Web Search"); Deleted : user_pref("CT2559647.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...] Deleted : user_pref("CT2559647.SearchInNewTabEnabled", true); Deleted : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Sun Nov 11 2012 19:40:46 GMT-0500 (Eastern Stand[...] Deleted : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT2559647.SearchProtectorEnabled", false); Deleted : user_pref("CT2559647.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2559647.ServiceMapLastCheckTime", "Sun Nov 11 2012 19:40:53 GMT-0500 (Eastern Standard [...] Deleted : user_pref("CT2559647.SettingsLastCheckTime", "Sun Nov 11 2012 19:40:45 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT2559647.SettingsLastUpdate", "1352141592"); Deleted : user_pref("CT2559647.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Thu Nov 08 2012 14:30:16 GMT-0500 (Eastern Sta[...] Deleted : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT2559647.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647"); Deleted : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2559647.UserID", "UN50370298334422665"); Deleted : user_pref("CT2559647.ValidationData_Toolbar", 0); Deleted : user_pref("CT2559647.alertChannelId", "952537"); Deleted : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Thu Nov 08 2012 14:30:42 GMT-0500 (Eastern [...] Deleted : user_pref("CT2559647.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2559647.initDone", true); Deleted : user_pref("CT2559647.isAppTrackingManagerOn", false); Deleted : user_pref("CT2559647.myStuffEnabled", true); Deleted : user_pref("CT2559647.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2559647.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129732450647667807,100[...] Deleted : user_pref("CT2559647.revertSettingsEnabled", false); Deleted : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2559647.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2559647.testingCtid", ""); Deleted : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern S[...] Deleted : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Thu Nov 08 2012 14:31:01 GMT-0500 (Eastern S[...] Deleted : user_pref("CT2559647.usagesFlag", 1); Deleted : user_pref("CT3106777..clientLogIsEnabled", false); Deleted : user_pref("CT3106777..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3106777..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3106777.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3106777.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3106777.AppTrackingLastCheckTime", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard[...] Deleted : user_pref("CT3106777.BrowserCompStateIsOpen_129724975549181030", true); Deleted : user_pref("CT3106777.CTID", "CT3106777"); Deleted : user_pref("CT3106777.CurrentServerDate", "12-11-2012"); Deleted : user_pref("CT3106777.DSChangedManually", false); Deleted : user_pref("CT3106777.DSInstall", true); Deleted : user_pref("CT3106777.DSProtectChoice", true); Deleted : user_pref("CT3106777.DSProtectCount", 1); Deleted : user_pref("CT3106777.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3106777.DialogsGetterLastCheckTime", "Sun Nov 11 2012 19:41:11 GMT-0500 (Eastern Standa[...] Deleted : user_pref("CT3106777.DownloadReferralCookieData", ""); Deleted : user_pref("CT3106777.EMailNotifierPollDate", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT3106777.FirstServerDate", "27-12-2011"); Deleted : user_pref("CT3106777.FirstTime", true); Deleted : user_pref("CT3106777.FirstTimeFF3", true); Deleted : user_pref("CT3106777.FixPageNotFoundErrors", true); Deleted : user_pref("CT3106777.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3106777.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3106777.HPInstall", true); Deleted : user_pref("CT3106777.HPProtectChoice", true); Deleted : user_pref("CT3106777.HPProtectCount", 1); Deleted : user_pref("CT3106777.HasUserGlobalKeys", true); Deleted : user_pref("CT3106777.HomePageProtectorEnabled", true); Deleted : user_pref("CT3106777.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=[...] Deleted : user_pref("CT3106777.Initialize", true); Deleted : user_pref("CT3106777.InitializeCommonPrefs", true); Deleted : user_pref("CT3106777.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3106777.InstallationId", "ConduitStubGeneric"); Deleted : user_pref("CT3106777.InstallationType", "ConduitStubIntegration"); Deleted : user_pref("CT3106777.InstalledDate", "Mon Dec 26 2011 17:02:26 GMT-0500 (Eastern Standard Time)"); Deleted : user_pref("CT3106777.IsAlertDBUpdated", true); Deleted : user_pref("CT3106777.IsGrouping", false); Deleted : user_pref("CT3106777.IsInitSetupIni", true); Deleted : user_pref("CT3106777.IsMulticommunity", false); Deleted : user_pref("CT3106777.IsOpenThankYouPage", false); Deleted : user_pref("CT3106777.IsOpenUninstallPage", false); Deleted : user_pref("CT3106777.IsProtectorsInit", true); Deleted : user_pref("CT3106777.LanguagePackLastCheckTime", "Sun Nov 11 2012 19:41:07 GMT-0500 (Eastern Standar[...] Deleted : user_pref("CT3106777.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3106777.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3106777.LastLogin_3.10.0.1", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard Time)[...] Deleted : user_pref("CT3106777.LastLogin_3.8.1.0", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT3106777.LatestVersion", "3.16.0.3"); Deleted : user_pref("CT3106777.Locale", "en"); Deleted : user_pref("CT3106777.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3106777.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3106777.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3106777.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3106777.OriginalFirstVersion", "3.8.1.0"); Deleted : user_pref("CT3106777.SavedHomepage", "resource:/browserconfig.properties"); Deleted : user_pref("CT3106777.SearchCaption", "WinZipBar Customized Web Search"); Deleted : user_pref("CT3106777.SearchEngineBeforeUnload", "WinZipBar Customized Web Search"); Deleted : user_pref("CT3106777.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3106777.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT310[...] Deleted : user_pref("CT3106777.SearchInNewTabEnabled", true); Deleted : user_pref("CT3106777.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3106777.SearchInNewTabLastCheckTime", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Stand[...] Deleted : user_pref("CT3106777.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3106777.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT3106777.SearchProtectorEnabled", false); Deleted : user_pref("CT3106777.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3106777.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3106777.ServiceMapLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard [...] Deleted : user_pref("CT3106777.SettingsLastCheckTime", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT3106777.SettingsLastUpdate", "1352141592"); Deleted : user_pref("CT3106777.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13"); Deleted : user_pref("CT3106777.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3106777.ThirdPartyComponentsLastCheck", "Thu Nov 08 2012 14:30:17 GMT-0500 (Eastern Sta[...] Deleted : user_pref("CT3106777.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT3106777.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3106777.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3106777"); Deleted : user_pref("CT3106777.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3106777.UserID", "UN74595731307242543"); Deleted : user_pref("CT3106777.alertChannelId", "1500748"); Deleted : user_pref("CT3106777.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3106777.globalFirstTimeInfoLastCheckTime", "Thu Nov 08 2012 14:31:01 GMT-0500 (Eastern [...] Deleted : user_pref("CT3106777.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3106777.initDone", true); Deleted : user_pref("CT3106777.isAppTrackingManagerOn", true); Deleted : user_pref("CT3106777.myStuffEnabled", true); Deleted : user_pref("CT3106777.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3106777.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3106777.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3106777.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3106777.oldAppsList", "10000001,10000002,111,129683596535774919,129652080527700719,1297[...] Deleted : user_pref("CT3106777.revertSettingsEnabled", false); Deleted : user_pref("CT3106777.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3106777.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3106777.testingCtid", ""); Deleted : user_pref("CT3106777.toolbarAppMetaDataLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern S[...] Deleted : user_pref("CT3106777.toolbarContextMenuLastCheckTime", "Thu Nov 08 2012 14:30:57 GMT-0500 (Eastern S[...] Deleted : user_pref("CT3106777.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3106777&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Coupons.com Customized Web Search,WinZipBar Customi[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500748/1496227/US", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2559647&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5cd[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Ekenbarger's\\Appl[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearc[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2559647,CT3106777"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647,CT3106777"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2559647,CT3106777"); Deleted : user_pref("CommunityToolbar.globalUserId", "3ff5892e-6a75-4600-bf03-019d53c1e9ad"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106777"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 08 2012 14:30:4[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 11 2012 19:40:54 GMT-050[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Nov 11 2012 19:40:46 GMT-0500 (E[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "02a76db2-248d-4068-96c7-dd4f02e487b1"); Deleted : user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Coupons.com Customized Web Search"); Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Deleted : user_pref("browser.search.defaultthis.engineName", "WinZipBar Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&Sea[...] Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13"); Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...] Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...] Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb[...] -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [26812 octets] - [22/12/2012 08:18:12] AdwCleaner[R2].txt - [26873 octets] - [22/12/2012 13:35:12] AdwCleaner[s1].txt - [27259 octets] - [22/12/2012 13:38:57] ########## EOF - C:\AdwCleaner[s1].txt - [27320 octets] ##########
  3. I haven't used it much. We had a brief power outtage last night and I was able to boot it up without issues. I think some of my drivers are messed up...no sound or printer. I ran AdwCleaner. Here is the log. Thanks. Cheryl # AdwCleaner v2.101 - Logfile created 12/22/2012 at 08:18:12 # Updated 16/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Ekenbarger's - JAM1 # Boot Mode : Normal # Running from : C:\Documents and Settings\Ekenbarger's\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi File Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\Conduit.xml File Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\CouponAlert_2p.xml File Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\search-here.xml Folder Found : C:\Documents and Settings\All Users\Application Data\Ask Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\ConduitCommon Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\CT2559647 Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\CT3106777 Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64} Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\staged Folder Found : C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint Folder Found : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\DefaultTab Folder Found : C:\Program Files\Viewpoint ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\DefaultTab Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\ConduitSearchScopes Key Found : HKCU\Software\Default Tab Key Found : HKCU\Software\DefaultTab Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3106777 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Default Tab Key Found : HKLM\Software\DefaultTab Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Found : HKLM\Software\iWon Key Found : HKLM\Software\MetaStream Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found : HKLM\Software\Viewpoint Key Found : HKU\S-1-5-21-1946173170-350803515-410004273-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v10.0.2 (en-US) Profile name : default File : C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\prefs.js Found : user_pref("CT2559647..clientLogIsEnabled", false); Found : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2559647.AppTrackingLastCheckTime", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard[...] Found : user_pref("CT2559647.CTID", "CT2559647"); Found : user_pref("CT2559647.CurrentServerDate", "12-11-2012"); Found : user_pref("CT2559647.DialogsAlignMode", "LTR"); Found : user_pref("CT2559647.DialogsGetterLastCheckTime", "Sun Nov 11 2012 19:41:04 GMT-0500 (Eastern Standa[...] Found : user_pref("CT2559647.DownloadReferralCookieData", ""); Found : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Sun Mar 11 2012 21:39:34 GMT-040[...] Found : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Sun Mar 11 2012 21:39:34 GMT-040[...] Found : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Sun Mar 11 2012 21:39:34 GMT-040[...] Found : user_pref("CT2559647.FirstServerDate", "27-12-2011"); Found : user_pref("CT2559647.FirstTime", true); Found : user_pref("CT2559647.FirstTimeFF3", true); Found : user_pref("CT2559647.FixPageNotFoundErrors", true); Found : user_pref("CT2559647.GroupingServerCheckInterval", 1440); Found : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2559647.HasUserGlobalKeys", true); Found : user_pref("CT2559647.HomePageProtectorEnabled", false); Found : user_pref("CT2559647.Initialize", true); Found : user_pref("CT2559647.InitializeCommonPrefs", true); Found : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2559647.InstalledDate", "Mon Dec 26 2011 17:02:21 GMT-0500 (Eastern Standard Time)"); Found : user_pref("CT2559647.IsAlertDBUpdated", true); Found : user_pref("CT2559647.IsGrouping", false); Found : user_pref("CT2559647.IsInitSetupIni", true); Found : user_pref("CT2559647.IsMulticommunity", false); Found : user_pref("CT2559647.IsOpenThankYouPage", false); Found : user_pref("CT2559647.IsOpenUninstallPage", true); Found : user_pref("CT2559647.IsProtectorsInit", true); Found : user_pref("CT2559647.LanguagePackLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standar[...] Found : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2559647.LastLogin_3.10.0.1", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard Time)[...] Found : user_pref("CT2559647.LastLogin_3.5.1.1", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard Time)"[...] Found : user_pref("CT2559647.LatestVersion", "3.16.0.3"); Found : user_pref("CT2559647.Locale", "en"); Found : user_pref("CT2559647.MCDetectTooltipHeight", "83"); Found : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2559647.MCDetectTooltipWidth", "295"); Found : user_pref("CT2559647.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2559647.OriginalFirstVersion", "3.5.1.1"); Found : user_pref("CT2559647.SHRINK_TOOLBAR", 1); Found : user_pref("CT2559647.SearchEngineBeforeUnload", "WinZipBar Customized Web Search"); Found : user_pref("CT2559647.SearchFromAddressBarIsInit", true); Found : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...] Found : user_pref("CT2559647.SearchInNewTabEnabled", true); Found : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Sun Nov 11 2012 19:40:46 GMT-0500 (Eastern Stand[...] Found : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Found : user_pref("CT2559647.SearchProtectorEnabled", false); Found : user_pref("CT2559647.SearchProtectorToolbarDisabled", false); Found : user_pref("CT2559647.ServiceMapLastCheckTime", "Sun Nov 11 2012 19:40:53 GMT-0500 (Eastern Standard [...] Found : user_pref("CT2559647.SettingsLastCheckTime", "Sun Nov 11 2012 19:40:45 GMT-0500 (Eastern Standard Ti[...] Found : user_pref("CT2559647.SettingsLastUpdate", "1352141592"); Found : user_pref("CT2559647.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Thu Nov 08 2012 14:30:16 GMT-0500 (Eastern Sta[...] Found : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT2559647.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647"); Found : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2559647.UserID", "UN50370298334422665"); Found : user_pref("CT2559647.ValidationData_Toolbar", 0); Found : user_pref("CT2559647.alertChannelId", "952537"); Found : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Thu Nov 08 2012 14:30:42 GMT-0500 (Eastern [...] Found : user_pref("CT2559647.homepageProtectorEnableByLogin", true); Found : user_pref("CT2559647.initDone", true); Found : user_pref("CT2559647.isAppTrackingManagerOn", false); Found : user_pref("CT2559647.myStuffEnabled", true); Found : user_pref("CT2559647.myStuffPublihserMinWidth", 400); Found : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2559647.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129732450647667807,100[...] Found : user_pref("CT2559647.revertSettingsEnabled", false); Found : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2559647.searchProtectorEnableByLogin", true); Found : user_pref("CT2559647.testingCtid", ""); Found : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern S[...] Found : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Thu Nov 08 2012 14:31:01 GMT-0500 (Eastern S[...] Found : user_pref("CT2559647.usagesFlag", 1); Found : user_pref("CT3106777..clientLogIsEnabled", false); Found : user_pref("CT3106777..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3106777..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3106777.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT3106777.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3106777.AppTrackingLastCheckTime", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard[...] Found : user_pref("CT3106777.BrowserCompStateIsOpen_129724975549181030", true); Found : user_pref("CT3106777.CTID", "CT3106777"); Found : user_pref("CT3106777.CurrentServerDate", "12-11-2012"); Found : user_pref("CT3106777.DSChangedManually", false); Found : user_pref("CT3106777.DSInstall", true); Found : user_pref("CT3106777.DSProtectChoice", true); Found : user_pref("CT3106777.DSProtectCount", 1); Found : user_pref("CT3106777.DialogsAlignMode", "LTR"); Found : user_pref("CT3106777.DialogsGetterLastCheckTime", "Sun Nov 11 2012 19:41:11 GMT-0500 (Eastern Standa[...] Found : user_pref("CT3106777.DownloadReferralCookieData", ""); Found : user_pref("CT3106777.EMailNotifierPollDate", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Standard Ti[...] Found : user_pref("CT3106777.FirstServerDate", "27-12-2011"); Found : user_pref("CT3106777.FirstTime", true); Found : user_pref("CT3106777.FirstTimeFF3", true); Found : user_pref("CT3106777.FixPageNotFoundErrors", true); Found : user_pref("CT3106777.GroupingServerCheckInterval", 1440); Found : user_pref("CT3106777.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3106777.HPInstall", true); Found : user_pref("CT3106777.HPProtectChoice", true); Found : user_pref("CT3106777.HPProtectCount", 1); Found : user_pref("CT3106777.HasUserGlobalKeys", true); Found : user_pref("CT3106777.HomePageProtectorEnabled", true); Found : user_pref("CT3106777.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=[...] Found : user_pref("CT3106777.Initialize", true); Found : user_pref("CT3106777.InitializeCommonPrefs", true); Found : user_pref("CT3106777.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3106777.InstallationId", "ConduitStubGeneric"); Found : user_pref("CT3106777.InstallationType", "ConduitStubIntegration"); Found : user_pref("CT3106777.InstalledDate", "Mon Dec 26 2011 17:02:26 GMT-0500 (Eastern Standard Time)"); Found : user_pref("CT3106777.IsAlertDBUpdated", true); Found : user_pref("CT3106777.IsGrouping", false); Found : user_pref("CT3106777.IsInitSetupIni", true); Found : user_pref("CT3106777.IsMulticommunity", false); Found : user_pref("CT3106777.IsOpenThankYouPage", false); Found : user_pref("CT3106777.IsOpenUninstallPage", false); Found : user_pref("CT3106777.IsProtectorsInit", true); Found : user_pref("CT3106777.LanguagePackLastCheckTime", "Sun Nov 11 2012 19:41:07 GMT-0500 (Eastern Standar[...] Found : user_pref("CT3106777.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3106777.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3106777.LastLogin_3.10.0.1", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard Time)[...] Found : user_pref("CT3106777.LastLogin_3.8.1.0", "Fri Feb 03 2012 05:30:32 GMT-0500 (Eastern Standard Time)"[...] Found : user_pref("CT3106777.LatestVersion", "3.16.0.3"); Found : user_pref("CT3106777.Locale", "en"); Found : user_pref("CT3106777.MCDetectTooltipHeight", "83"); Found : user_pref("CT3106777.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3106777.MCDetectTooltipWidth", "295"); Found : user_pref("CT3106777.MyStuffEnabledAtInstallation", true); Found : user_pref("CT3106777.OriginalFirstVersion", "3.8.1.0"); Found : user_pref("CT3106777.SavedHomepage", "resource:/browserconfig.properties"); Found : user_pref("CT3106777.SearchCaption", "WinZipBar Customized Web Search"); Found : user_pref("CT3106777.SearchEngineBeforeUnload", "WinZipBar Customized Web Search"); Found : user_pref("CT3106777.SearchFromAddressBarIsInit", true); Found : user_pref("CT3106777.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT310[...] Found : user_pref("CT3106777.SearchInNewTabEnabled", true); Found : user_pref("CT3106777.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3106777.SearchInNewTabLastCheckTime", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Stand[...] Found : user_pref("CT3106777.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3106777.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Found : user_pref("CT3106777.SearchProtectorEnabled", false); Found : user_pref("CT3106777.SearchProtectorToolbarDisabled", false); Found : user_pref("CT3106777.SendProtectorDataViaLogin", true); Found : user_pref("CT3106777.ServiceMapLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern Standard [...] Found : user_pref("CT3106777.SettingsLastCheckTime", "Sun Nov 11 2012 19:40:47 GMT-0500 (Eastern Standard Ti[...] Found : user_pref("CT3106777.SettingsLastUpdate", "1352141592"); Found : user_pref("CT3106777.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13"); Found : user_pref("CT3106777.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3106777.ThirdPartyComponentsLastCheck", "Thu Nov 08 2012 14:30:17 GMT-0500 (Eastern Sta[...] Found : user_pref("CT3106777.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT3106777.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3106777.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3106777"); Found : user_pref("CT3106777.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3106777.UserID", "UN74595731307242543"); Found : user_pref("CT3106777.alertChannelId", "1500748"); Found : user_pref("CT3106777.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3106777.globalFirstTimeInfoLastCheckTime", "Thu Nov 08 2012 14:31:01 GMT-0500 (Eastern [...] Found : user_pref("CT3106777.homepageProtectorEnableByLogin", true); Found : user_pref("CT3106777.initDone", true); Found : user_pref("CT3106777.isAppTrackingManagerOn", true); Found : user_pref("CT3106777.myStuffEnabled", true); Found : user_pref("CT3106777.myStuffPublihserMinWidth", 400); Found : user_pref("CT3106777.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3106777.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3106777.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3106777.oldAppsList", "10000001,10000002,111,129683596535774919,129652080527700719,1297[...] Found : user_pref("CT3106777.revertSettingsEnabled", false); Found : user_pref("CT3106777.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3106777.searchProtectorEnableByLogin", true); Found : user_pref("CT3106777.testingCtid", ""); Found : user_pref("CT3106777.toolbarAppMetaDataLastCheckTime", "Sun Nov 11 2012 19:41:03 GMT-0500 (Eastern S[...] Found : user_pref("CT3106777.toolbarContextMenuLastCheckTime", "Thu Nov 08 2012 14:30:57 GMT-0500 (Eastern S[...] Found : user_pref("CT3106777.usagesFlag", 2); Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3106777&Search[...] Found : user_pref("CommunityToolbar.ConduitSearchList", "Coupons.com Customized Web Search,WinZipBar Customi[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500748/1496227/US", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2559647&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5cd[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Ekenbarger's\\Appl[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearc[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2559647,CT3106777"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647,CT3106777"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2559647,CT3106777"); Found : user_pref("CommunityToolbar.globalUserId", "3ff5892e-6a75-4600-bf03-019d53c1e9ad"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106777"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 08 2012 14:30:4[...] Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 11 2012 19:40:54 GMT-050[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Nov 11 2012 19:40:46 GMT-0500 (E[...] Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "02a76db2-248d-4068-96c7-dd4f02e487b1"); Found : user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties"); Found : user_pref("CommunityToolbar.originalSearchEngine", "Coupons.com Customized Web Search"); Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "Ask.com"); Found : user_pref("browser.search.defaultthis.engineName", "WinZipBar Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&Sea[...] Found : user_pref("browser.search.order.1", "Ask.com"); Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13"); Found : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...] Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...] Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb[...] -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [26681 octets] - [22/12/2012 08:18:12] ########## EOF - C:\AdwCleaner[R1].txt - [26742 octets] ##########
  4. Ran SystemLook. Here is log. Thank you. Cheryl SystemLook 30.07.11 by jpshortstuff Log created at 21:48 on 21/12/2012 by Ekenbarger's Administrator - Elevation successful ========== filefind ========== Searching for "cIdshrGq.sys " No files found. Searching for "tYMsoVkA.sys " No files found. Searching for "ArmUI.ini" No files found. -= EOF =-
  5. Hi, I can't find the first three files. Can you offer any ideas? I ran a search but nothing came up. I think I deleted the first three. I looked up the other two and I don't recognize them at all. Thanks. Cheryl
  6. Thank you!!! Ran Combo-fix. Here is log. Cheryl ComboFix 12-11-19.02 - Ekenbarger's 11/19/2012 18:42:53.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2034 [GMT -5:00] Running from: c:\documents and settings\Ekenbarger's\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\addon.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\amazon_ie.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DT.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DTUpdate.exe c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\ebay_ie.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\facebook_ie.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\imdb_ie.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\search_here_ie.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\searchhere.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\twitter_ie.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exe c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\youtube_ie.ico c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_DEFAULTTABSEARCH -------\Service_DefaultTabSearch -------\Legacy_DefaultTabUpdate -------\Legacy_DefaultTabUpdate -------\Service_DefaultTabUpdate -------\Service_DefaultTabUpdate . . ((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 ))))))))))))))))))))))))))))))) . . 2012-11-19 02:10 . 2012-11-19 02:10 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-17 21:17 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys 2012-11-17 16:41 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys 2012-11-17 13:23 . 2012-11-17 13:23 150712 ----a-w- c:\windows\system32\WRusr.dll 2012-11-17 13:23 . 2012-11-17 13:23 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2012-11-17 13:23 . 2012-11-17 13:23 -------- d-----w- c:\program files\Webroot 2012-11-17 13:21 . 2012-11-19 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData 2012-11-17 12:58 . 2012-11-17 12:59 -------- d-----w- C:\CCE_Quarantine 2012-11-17 09:33 . 2012-11-17 13:31 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Utduu 2012-11-17 09:33 . 2012-11-17 13:06 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Bykegy 2012-11-11 12:08 . 2012-11-17 13:24 -------- d-----w- c:\program files\DefaultTab 2012-11-11 12:08 . 2012-11-19 23:50 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\DefaultTab 2012-11-06 22:50 . 2012-11-12 00:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-11-06 00:54 . 2012-11-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-10-30 22:48 . 2012-10-30 22:48 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:48 . 2011-08-22 17:27 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-24 22:56 . 2012-09-24 22:55 417792 ------w- c:\windows\Setup1.exe 2012-09-24 22:56 . 2012-09-24 22:55 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-08-28 15:14 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-10 17:51 385024 ---ha-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-10 17:51 177664 ---ha-w- c:\windows\system32\wintrust.dll 2012-03-12 01:37 . 2012-03-12 01:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-17 729544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/17/2012 8:23 AM 112656] R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/17/2012 8:23 AM 729544] R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 22:48] . 2012-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2012-11-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:26] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17] . 2012-11-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2012-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2012-11-19 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cox.net/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: microsoft.com\www.update TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo) FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor= FF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi FF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ------- File Associations ------- . JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* . - - - - ORPHANS REMOVED - - - - . BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll SafeBoot-35727893.sys SafeBoot-90234348.sys AddRemove-DefaultTab - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-19 18:52 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . . c:\docume~1\EKENBA~1\LOCALS~1\Temp\ArmUI.ini 170356 bytes . scan completed successfully hidden files: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet006\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sy@" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*] "datasecu"=hex:b8,87,05,22,55,50,53,a9,ec,08,ab,ed,c9,96,3f,46,66,fb,36,1a,02, 51,fe,f6,ea,e2,e1,69,b8,f4,0e,d2,dc,90,61,e7,71,97,13,16,55,fa,93,dd,2e,43,\ "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1252) c:\windows\system32\WRusr.dll c:\windows\system32\WININET.dll c:\program files\Common Files\AOL\ACS\WLHook.dll c:\program files\Google\Drive\googledrivesync32.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\windows\wanmpsvc.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\msdtc.exe c:\windows\stsystra.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2012-11-19 18:59:38 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-19 23:59 ComboFix2.txt 2012-03-03 23:09 ComboFix3.txt 2012-02-21 20:37 ComboFix4.txt 2012-02-16 02:12 . Pre-Run: 91,982,397,440 bytes free Post-Run: 92,117,921,792 bytes free . - - End Of File - - BABBD38B7E78B2D02FE4EAE844CAF779
  7. Hi, I can't remember where I downloaded Combo-Fix from...sorry. CAE
  8. OMG!!!!!! You're wonderful!!!! I thought I'd never see that desktop again. Yes...it rebooted. A bit slow but I have my desktop back. I haven't done anything else with the computer though. Here is the log. Thank you. Cheryl Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-12-2012 Ran by SYSTEM at 2012-12-11 17:30:45 Run:1 Running from D:\ ============================================== ========= reg add hklm\SYSTEM\ControlSet006\services\iastor /v ImagePath /t REG_EXPAND_SZ /d system32\DRIVERS\iastor.sys /f ========= The operation completed successfully ========= End of Reg: ========= ==== End of Fixlog ====
  9. Hi, Not sure if I did that correctly. I wasn't suppose to download everything again or create another CD, right? I rebooted the computer with the CD ,put the flashdrive in and opened FRST then continued from there. I didn't see anyway to save the iastor.sys file. Sorry. I don't think it found anything. Thanks. Cheryl Farbar Recovery Scan Tool (x86) Version: 06-12-2012 Ran by SYSTEM at 2012-12-09 17:03:28 Running from D:\ ================== Search: "iastor.sys" =================== C:\WINDOWS\system32\drivers\iaStor.sys [2005-09-16 00:26] - [2005-07-08 22:02] - 0871040 ____A (Intel Corporation) d593517879e65167df35f6015814ac59 C:\i386\iaStor.sys [2005-09-25 07:07] - [2005-07-08 22:02] - 0871040 ____A (Intel Corporation) d593517879e65167df35f6015814ac59 C:\drivers\STORAGE\SATA\ONBOARD\iaStor.sys [2005-09-16 00:26] - [2005-07-08 22:02] - 0871040 ____A (Intel Corporation) d593517879e65167df35f6015814ac59 === End Of Search === https://www.virustotal.com/file/1c1fa92707070b254f007e8b649395fa15fac13353cb120d639c6fac8e819ce8/analysis/1355091190/
  10. Hi, That went fairly well except for the 2nd log wouldn't save to the flashdrive so I copied it into the 1st log. Here it is. Thanks. CAE Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2012 Ran by SYSTEM at 08-12-2012 20:57:20 Running from E:\ Microsoft Windows XP (X86) OS Language: English(US) The current controlset is ControlSet006 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-04-14] (ATI Technologies, Inc.) HKLM\...\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 [69632 2005-06-07] () HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-30] (RealNetworks, Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.) HKLM\...\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] () HKLM\...\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions) HKLM\...\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [71216 2006-10-23] (AOL LLC) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [sigmatelSysTrayApp] stsystra.exe [x] HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [729544 2012-11-17] (Webroot) HKU\Administrator\...\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [395776 2006-08-28] (Gteko Ltd.) HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation) HKU\Administrator\...\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe [28739 2000-08-08] (Microsoft® Corporation) HKU\Administrator\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Default User\...\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [395776 2006-08-28] (Gteko Ltd.) HKU\Ekenbarger's\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-07-28] (Google Inc.) HKU\LocalService\...\Policies\system: [DisableCMD] 0 HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0 HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0 HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0 HKU\NetworkService\...\Policies\system: [DisableCMD] 0 HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0 HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0 HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0 Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 ==================== Services (Whitelisted) =================== 2 AOL ACS; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC) 2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd) 3 dlcc_device; C:\WINDOWS\system32\dlcccoms.exe -service [491520 2005-06-21] () 2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation) 3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation) 2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4388192 2008-01-19] (Symantec Corporation) 2 Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe /Processid:{3C74D569-4FFA-47BE-84F0-71B4FCE0AA52} [5120 2008-04-13] (Microsoft Corporation) 3 SymSnapService; "C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [1553896 2007-12-20] (Symantec) 2 WANMiniportService; "C:\WINDOWS\wanmpsvc.exe" [65536 2003-08-27] (America Online, Inc.) 2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) 2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [729544 2012-11-17] (Webroot) 3 AppMgmt; C:\Windows\System32\appmgmts.dll [x] 3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [x] ==================== Drivers (Whitelisted) ==================== 3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1130496 2005-04-15] (ATI Technologies Inc.) 3 bvrp_pci; C:\Windows\System32\Drivers\bvrp_pci.sys [4272 2004-03-24] () 3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) 2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) 3 DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.) 3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) 3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation) 3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation) 3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation) 3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.) 3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.) 3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation) 2 mrtRate; C:\Windows\System32\Drivers\mrtRate.sys [34916 1999-09-27] (Marimba, Inc.) 3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) 3 NAL; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-11-02] (Intel Corporation ) 3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) 3 P17; C:\Windows\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.) 3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) 2 PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.) 1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sy@ [4224 2004-08-04] (Microsoft Corporation) 3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) 3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [34686 2006-01-26] (Service & Quality Technology.) 1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) 1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) 3 STHDA; C:\Windows\System32\drivers\sthda.sys [180096 2005-03-31] (SigmaTel, Inc.) 3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) 2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) 2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) 2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) 2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) 2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) 2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) 2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) 2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) 2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) 3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation) 2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation) 3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15088 2008-01-19] (Symantec Corporation) 3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) 3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2007-04-16] (Jungo) 0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112656 2012-11-17] (Webroot) 3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) 4 Abiosdsk; [x] 4 Atdisk; [x] 3 catchme; \??\C:\ComboFix\catchme.sys [x] 1 Changer; [x] 0 iastor; C:\Windows\System32\drivers\cIdshrGq.sys [x] 1 lbrtfdc; [x] 3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [x] 1 PCIDump; [x] 3 PDCOMP; [x] 3 PDFRAME; [x] 3 PDRELI; [x] 3 PDRFRAME; [x] 4 Simbad; [x] 3 TlntSvr; [x] 3 WDICA; [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-12-08 20:56 - 2012-12-08 20:56 - 00000000 ____D C:\FRST 2012-11-23 08:37 - 2012-11-23 08:37 - 00013388 ____A C:\ComboFix.txt 2012-11-19 18:40 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe 2012-11-19 18:40 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe 2012-11-19 18:40 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-11-19 18:40 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-11-19 18:40 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-11-19 18:40 - 2000-08-30 19:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe 2012-11-19 18:40 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe 2012-11-19 18:40 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe 2012-11-19 18:40 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe 2012-11-19 18:34 - 2012-11-23 08:17 - 05005176 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\ComboFix.exe 2012-11-18 21:10 - 2012-11-18 21:10 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-11-18 21:00 - 2012-11-18 21:00 - 02192309 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller_undetectablew7.zip 2012-11-18 18:40 - 2012-11-18 18:40 - 00090112 ____A C:\Windows\Minidump\Mini111812-01.dmp 2012-11-18 18:37 - 2012-11-18 18:37 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009 2012-11-18 18:36 - 2012-11-18 18:36 - 12961620 ____A C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009.zip 2012-11-18 08:19 - 2012-11-18 08:19 - 00002720 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RKreport[1]_S_11182012_02d0819.txt 2012-11-18 08:18 - 2012-11-18 08:19 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\RK_Quarantine 2012-11-18 08:18 - 2012-11-18 08:18 - 00724992 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RogueKiller.exe 2012-11-18 08:10 - 2012-11-18 08:33 - 00025667 ____A C:\Documents and Settings\Ekenbarger's\Desktop\attach.txt 2012-11-18 08:10 - 2012-11-18 08:33 - 00014250 ____A C:\Documents and Settings\Ekenbarger's\Desktop\dds.txt 2012-11-18 08:03 - 2012-11-18 08:03 - 00688901 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr 2012-11-17 20:26 - 2012-11-17 20:26 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller 2012-11-17 20:19 - 2012-11-17 20:19 - 02195061 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.zip 2012-11-17 20:04 - 2012-11-17 20:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe 2012-11-17 09:19 - 2012-11-18 08:05 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\virus stuff 2012-11-17 08:23 - 2012-11-17 08:23 - 00150712 ____A (Webroot) C:\Windows\System32\WRusr.dll 2012-11-17 08:23 - 2012-11-17 08:23 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys 2012-11-17 08:23 - 2012-11-17 08:23 - 00000000 ____D C:\Program Files\Webroot 2012-11-17 08:21 - 2012-11-24 10:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData 2012-11-17 08:20 - 2012-11-17 08:20 - 00729544 ____A (Webroot) C:\Documents and Settings\Ekenbarger's\Desktop\wsainstall.exe 2012-11-17 07:58 - 2012-11-17 07:59 - 00000000 ____D C:\CCE_Quarantine 2012-11-17 04:33 - 2012-11-17 08:31 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Utduu 2012-11-17 04:33 - 2012-11-17 08:06 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Bykegy 2012-11-11 07:22 - 2012-11-11 07:22 - 00090112 ____A C:\Windows\Minidump\Mini111112-01.dmp 2012-11-11 07:08 - 2012-11-19 18:50 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab 2012-11-11 07:08 - 2012-11-17 08:24 - 00000000 ____D C:\Program Files\DefaultTab ==================== One Month Modified Files and Folders ======== 2012-12-08 20:56 - 2012-12-08 20:56 - 00000000 ____D C:\FRST 2012-11-26 17:21 - 2012-06-29 13:42 - 00000292 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job 2012-11-26 17:21 - 2011-06-30 16:22 - 00000300 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job 2012-11-26 17:21 - 2011-02-15 17:31 - 00000327 ____A C:\Windows\wiadebug.log 2012-11-26 17:21 - 2011-02-15 17:31 - 00000050 ____A C:\Windows\wiaservc.log 2012-11-26 17:21 - 2011-02-15 17:30 - 00032386 ___AH C:\Windows\SchedLgU.Txt 2012-11-26 17:21 - 2011-02-15 17:29 - 01211254 ____A C:\Windows\WindowsUpdate.log 2012-11-26 17:21 - 2005-09-20 18:59 - 00000178 __ASH C:\Documents and Settings\Ekenbarger's\ntuser.ini 2012-11-26 17:21 - 2004-08-10 13:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-26 17:04 - 2012-10-30 17:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-26 16:30 - 2010-01-06 07:17 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-11-26 14:54 - 2009-04-03 05:16 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job 2012-11-26 13:08 - 2010-06-10 16:01 - 00000436 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job 2012-11-26 06:30 - 2010-01-06 07:17 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-11-25 20:46 - 2012-02-25 09:27 - 00002307 ____A C:\Documents and Settings\Ekenbarger's\Desktop\Microsoft Word.lnk 2012-11-24 22:17 - 2011-12-26 12:58 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job 2012-11-24 10:23 - 2012-11-17 08:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData 2012-11-24 09:40 - 2009-01-09 08:50 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\My Documents\recipes 2012-11-23 14:30 - 2010-01-22 14:30 - 00000000 ___HD C:\Windows\System32\NtmsData 2012-11-23 08:37 - 2012-11-23 08:37 - 00013388 ____A C:\ComboFix.txt 2012-11-23 08:37 - 2012-02-15 19:59 - 00000000 ____D C:\Qoobox 2012-11-23 08:34 - 2004-08-10 12:51 - 00000227 ____A C:\Windows\system.ini 2012-11-23 08:17 - 2012-11-19 18:34 - 05005176 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\ComboFix.exe 2012-11-22 21:16 - 2005-09-27 09:22 - 00000000 ____D C:\Program Files\Dl_cats 2012-11-19 18:52 - 2005-09-20 18:59 - 00000062 __ASH C:\Documents and Settings\Ekenbarger's\Local Settings\desktop.ini 2012-11-19 18:52 - 2004-08-10 13:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2012-11-19 18:52 - 2004-08-10 13:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2012-11-19 18:52 - 2004-08-10 13:02 - 00000000 ____D C:\Windows\Registration 2012-11-19 18:51 - 2012-02-15 20:53 - 00008192 ____A C:\Windows\System32\config\SECURITY.tmp.LOG 2012-11-19 18:51 - 2012-02-09 19:42 - 00000000 ____D C:\Windows\ERDNT 2012-11-19 18:51 - 2005-09-16 07:31 - 43253760 ____A C:\Windows\System32\config\SOFTWARE.bak 2012-11-19 18:51 - 2005-09-16 07:26 - 11010048 ____A C:\Windows\System32\config\SYSTEM.bak 2012-11-19 18:51 - 2004-08-10 07:57 - 00159744 ____A C:\Windows\System32\config\SECURITY.bak 2012-11-19 18:51 - 2004-08-10 07:57 - 00020480 ____A C:\Windows\System32\config\SAM.bak 2012-11-19 18:51 - 2004-08-10 07:56 - 05242880 ___AH C:\Windows\System32\config\DEFAULT.bak 2012-11-19 18:50 - 2012-11-11 07:08 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab 2012-11-18 21:10 - 2012-11-18 21:10 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-11-18 21:00 - 2012-11-18 21:00 - 02192309 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller_undetectablew7.zip 2012-11-18 18:40 - 2012-11-18 18:40 - 00090112 ____A C:\Windows\Minidump\Mini111812-01.dmp 2012-11-18 18:37 - 2012-11-18 18:37 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009 2012-11-18 18:36 - 2012-11-18 18:36 - 12961620 ____A C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009.zip 2012-11-18 11:15 - 2011-02-15 19:12 - 00338289 ____A C:\Windows\setupapi.log 2012-11-18 08:36 - 2012-02-06 18:27 - 00000664 ____A C:\Windows\System32\d3d9caps.dat 2012-11-18 08:33 - 2012-11-18 08:10 - 00025667 ____A C:\Documents and Settings\Ekenbarger's\Desktop\attach.txt 2012-11-18 08:33 - 2012-11-18 08:10 - 00014250 ____A C:\Documents and Settings\Ekenbarger's\Desktop\dds.txt 2012-11-18 08:19 - 2012-11-18 08:19 - 00002720 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RKreport[1]_S_11182012_02d0819.txt 2012-11-18 08:19 - 2012-11-18 08:18 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\RK_Quarantine 2012-11-18 08:18 - 2012-11-18 08:18 - 00724992 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RogueKiller.exe 2012-11-18 08:05 - 2012-11-17 09:19 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\virus stuff 2012-11-18 08:03 - 2012-11-18 08:03 - 00688901 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr 2012-11-17 20:26 - 2012-11-17 20:26 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller 2012-11-17 20:19 - 2012-11-17 20:19 - 02195061 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.zip 2012-11-17 20:04 - 2012-11-17 20:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe 2012-11-17 11:31 - 2012-05-18 18:31 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\tools 2012-11-17 09:31 - 2012-07-24 20:13 - 00000000 ____D C:\Program Files\OpenOffice.org 3 2012-11-17 09:22 - 2012-01-11 19:16 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\Cheryl's 2012-11-17 09:11 - 2008-12-28 16:56 - 00000000 ____D C:\Program Files\Yahoo! 2012-11-17 09:10 - 2008-01-04 21:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Napster 2012-11-17 09:10 - 2005-09-16 00:42 - 00000000 ____D C:\Program Files\InstallShield Installation Information 2012-11-17 09:07 - 2011-08-11 19:00 - 00000000 ____D C:\Program Files\Coupons 2012-11-17 08:31 - 2012-11-17 04:33 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Utduu 2012-11-17 08:24 - 2012-11-11 07:08 - 00000000 ____D C:\Program Files\DefaultTab 2012-11-17 08:23 - 2012-11-17 08:23 - 00150712 ____A (Webroot) C:\Windows\System32\WRusr.dll 2012-11-17 08:23 - 2012-11-17 08:23 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys 2012-11-17 08:23 - 2012-11-17 08:23 - 00000000 ____D C:\Program Files\Webroot 2012-11-17 08:20 - 2012-11-17 08:20 - 00729544 ____A (Webroot) C:\Documents and Settings\Ekenbarger's\Desktop\wsainstall.exe 2012-11-17 08:06 - 2012-11-17 04:33 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Bykegy 2012-11-17 07:59 - 2012-11-17 07:58 - 00000000 ____D C:\CCE_Quarantine 2012-11-11 21:28 - 2010-02-13 13:23 - 00000000 ___DC C:\Windows\$NtUninstallKB955069$ 2012-11-11 19:28 - 2012-11-06 17:50 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2012-11-11 19:27 - 2011-05-21 09:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2012-11-11 18:20 - 2009-10-16 19:03 - 00000000 __HDC C:\Windows\$NtUninstallKB975025_0$ 2012-11-11 16:05 - 2010-02-21 21:02 - 00000000 ___DC C:\Windows\$NtUninstallWudf01000$ 2012-11-11 15:53 - 2005-09-24 20:38 - 00000000 __HDC C:\Windows\$NtUninstallKB898458$ 2012-11-11 15:39 - 2006-04-16 02:01 - 00000000 ___DC C:\Windows\$NtUninstallKB908531$ 2012-11-11 11:59 - 2011-12-26 12:45 - 00000000 __HDC C:\Windows\$NtUninstallKB942288-v3$ 2012-11-11 10:59 - 2006-08-15 02:00 - 00000000 __HDC C:\Windows\$NtUninstallKB917422$ 2012-11-11 10:59 - 2005-09-16 00:51 - 00000000 ___HD C:\Windows\occache 2012-11-11 07:22 - 2012-11-11 07:22 - 00090112 ____A C:\Windows\Minidump\Mini111112-01.dmp 2012-11-11 07:22 - 2009-01-14 21:13 - 00000000 ___HD C:\Windows\Minidump 2012-11-11 07:18 - 2010-12-15 20:03 - 00000000 ___DC C:\Windows\$NtUninstallKB2436673$ 2012-11-10 10:31 - 2008-08-26 09:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe 2012-11-08 14:26 - 2012-10-14 06:41 - 00002187 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2012-11-04 13:55 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1419 RP: -> 2012-11-03 10:43 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1418 RP: -> 2012-11-02 09:37 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1417 RP: -> 2012-11-01 08:41 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1416 RP: -> 2012-10-31 07:47 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1415 RP: -> 2012-10-30 07:29 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1414 RP: -> 2012-10-29 07:21 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1413 RP: -> 2012-10-28 06:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1412 RP: -> 2012-10-27 05:17 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1411 RP: -> 2012-10-26 04:22 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1410 RP: -> 2012-10-25 03:46 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1409 RP: -> 2012-10-24 02:59 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1408 RP: -> 2012-10-23 02:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1407 RP: -> 2012-10-22 01:14 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1406 RP: -> 2012-10-21 00:19 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1405 RP: -> 2012-10-19 23:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1404 RP: -> 2012-10-18 23:03 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1403 RP: -> 2012-10-17 22:57 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1402 RP: -> 2012-10-16 22:03 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1401 RP: -> 2012-10-15 21:09 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1400 RP: -> 2012-10-14 20:54 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1399 RP: -> 2012-10-13 20:17 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1398 RP: -> 2012-10-12 19:21 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1397 RP: -> 2012-10-11 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1396 RP: -> 2012-10-11 05:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1395 RP: -> 2012-10-10 04:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1394 RP: -> 2012-10-09 03:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1393 RP: -> 2012-10-08 02:32 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1392 RP: -> 2012-10-07 01:38 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1391 RP: -> 2012-10-06 00:43 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1390 RP: -> 2012-10-04 23:49 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1389 RP: -> 2012-10-03 22:53 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1388 RP: -> 2012-10-02 22:08 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1387 RP: -> 2012-10-01 22:03 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1386 RP: -> 2012-09-30 21:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1385 RP: -> 2012-09-29 20:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1384 RP: -> 2012-09-28 19:48 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1383 RP: -> 2012-09-27 19:46 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1382 RP: -> 2012-09-26 19:31 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1381 RP: -> 2012-09-25 18:37 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1380 RP: -> 2012-09-24 18:01 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1379 RP: -> 2012-09-23 19:59 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1378 RP: -> 2012-09-22 19:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1377 RP: -> 2012-09-21 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1376 RP: -> 2012-09-21 11:06 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1375 RP: -> 2012-09-20 10:12 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1374 RP: -> 2012-09-19 09:17 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1373 RP: -> 2012-09-18 08:23 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1372 RP: -> 2012-09-17 07:31 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1371 RP: -> 2012-09-16 06:58 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1370 RP: -> 2012-09-14 20:45 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1369 RP: -> 2012-09-13 19:50 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1368 RP: -> 2012-09-12 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1367 RP: -> 2012-09-12 17:56 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1366 RP: -> 2012-09-11 17:02 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1365 RP: -> 2012-09-10 16:19 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1364 RP: -> 2012-09-09 15:10 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1363 RP: -> 2012-09-08 14:51 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1362 RP: -> 2012-09-07 13:34 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1361 RP: -> 2012-09-06 13:27 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1360 RP: -> 2012-09-05 12:53 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1359 RP: -> 2012-09-04 12:48 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1358 RP: -> 2012-09-03 11:56 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1357 RP: -> 2012-09-02 10:53 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1356 RP: -> 2012-09-01 10:07 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1355 RP: -> 2012-08-31 07:04 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1354 RP: -> 2012-08-30 06:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1353 RP: -> 2012-08-29 05:16 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1352 RP: -> 2012-08-28 04:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1351 RP: -> 2012-08-27 03:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1350 RP: -> 2012-08-26 02:30 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1349 RP: -> 2012-08-25 01:35 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1348 RP: -> 2012-08-24 00:41 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1347 RP: -> 2012-08-23 00:14 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1346 RP: -> 2012-08-21 23:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1345 RP: -> 2012-08-20 22:26 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1344 RP: -> 2012-08-19 21:55 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1343 RP: -> 2012-08-18 20:33 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1342 RP: -> 2012-08-17 20:14 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1341 RP: -> 2012-08-16 19:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1340 RP: -> 2012-08-15 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1339 RP: -> 2012-08-15 10:15 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1338 RP: -> 2012-08-14 09:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1337 RP: -> 2012-08-13 08:26 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1336 RP: -> 2012-08-12 07:49 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1335 RP: -> 2012-08-11 06:54 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1334 RP: -> 2012-08-10 06:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1333 RP: -> 2012-08-09 05:05 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1332 RP: -> 2012-08-08 04:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1331 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 2558.09 MB Available physical RAM: 2283.9 MB Total Pagefile: 2385.72 MB Available Pagefile: 2324.88 MB Total Virtual: 2047.88 MB Available Virtual: 2002.18 MB ==================== Partitions ============================= 1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 2 Drive c: () (Fixed) (Total:145.58 GB) (Free:86.19 GB) NTFS ==>[Drive with boot components (Windows XP)] 4 Drive e: () (Removable) (Total:3.74 GB) (Free:3.72 GB) FAT32 5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 Online 466 GB 466 GB Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 55 MB 32 KB Partition 2 Primary 146 GB 55 MB Partition 3 Unknown 3459 MB 146 GB ========================================================= Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 FAT Partition 55 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 146 GB Healthy ========================================================= Disk: 0 Partition 3 Type : DB Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT32 Partition 3459 MB Healthy ========================================================= Partitions of Disk 1: =============== There are no partitions on this disk to show. ========================================================= Disk: 1 The specified partition is not valid. Please select a valid partition. ========================================================= ==================== End Of Log ============================ ========================= Memory info ====================== Percentage of memory in use: 8% Total physical RAM: 2558.09 MB Available physical RAM: 2339.91 MB Total Pagefile: 2385.72 MB Available Pagefile: 2331.39 MB Total Virtual: 2047.88 MB Available Virtual: 2009.38 MB ======================= Partitions ========================= 1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 2 Drive c: () (Fixed) (Total:145.58 GB) (Free:86.19 GB) NTFS ==>[Drive with boot components (Windows XP)] 4 Drive e: () (Removable) (Total:3.74 GB) (Free:3.72 GB) FAT32 5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 Online 466 GB 466 GB Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 55 MB 32 KB Partition 2 Primary 146 GB 55 MB Partition 3 Unknown 3459 MB 146 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 FAT Partition 55 MB Healthy ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 146 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : DB Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT32 Partition 3459 MB Healthy ====================================================================================================== Partitions of Disk 1: =============== There are no partitions on this disk to show. ====================================================================================================== Disk: 1 The specified partition is not valid. Please select a valid partition. ====================================================================================================== ****** End Of Log ******
  11. It starts with a black screen offering the choices of safe mode, safe mode with networking, safe mode with command or windows, last known good config or start normally. Then the windows screen pops up for a few seconds then right to the blue screen. Thanks again. Cheryl
  12. Hi, Figured out how to burn disc and followed instructions. When I rebooted normally....blue screen again. Yikes! Help! Cheryl
  13. Hi, Having trouble with the disc. I downloaded NTBR_CD but when I click on the icon I keep getting a warning stating that it wants to make changes to my computer. I am afraid to say yes as I am borrowing this laptop. I burned it directly but when I boot up with it nothing happens....blue death screen. Should I open it on the laptop? Am I missing a step before I burn it? Wanted to let you know I contacted Dell requesting an installation disc for Windows...just waiting now. Please advise. Sorry so inept. Thank you for all your help. Cheryl
  14. Hi, I have been all over the Dell site and am feeling lost. I downloaded the owner's manual and it said there is a diagnostics program F12 but think my problem is beyond that. I did find an article about the bluescreen with my error but I need the windows installation disc to do anything. I cannot find the windows disc and don't recall ever having one. I have the drivers disc and the orginal mcafee backup but no windows. Can you advise me? Thanks. Cheryl
  15. So that wouldn't be an option on the Advanced Menu f8? I will look for Windows CD and ck out Dell after work. Thxs.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.