daveusmc

Honorary Members
  • Content count

    110
  • Joined

  • Last visited

About daveusmc

  • Rank
    Advanced Member
  • Birthday 06/03/1962

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Ohio, U.S.A.
  1. Clean up complete and the system seems ok at this time! Thanks so much for your support!! I really appreciate it.......
  2. VIPRERESCUE folder ''still'' present on Local Dick C:...how do I rid of this? It contains the Quarantined items? I've uninstalled ALL IN THE RED and installed the latest. Ok, how do I rid of OTL and Security Check? Not showing up in my ADD/REMOVE...
  3. Results of screen317's Security Check version 0.99.57 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.6 Malwarebytes Anti-Malware version 1.61.0.1400 CCleaner Java 6 Update 14 Java 6 Update 31 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox 15.0.1 Firefox out of Date! Mozilla Thunderbird 15.0.1 Thunderbird out of Date! Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.52 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 4% ````````````````````End of Log``````````````````````
  4. # AdwCleaner v2.107 - Logfile created 01/22/2013 at 21:24:56 # Updated 21/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : DAVE - HOME-0395F5FC51 # Boot Mode : Normal # Running from : C:\Documents and Settings\DAVE\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : IB Updater ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\DAVE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd File Deleted : C:\Documents and Settings\DAVE\Application Data\Mozilla\Firefox\Profiles\tpgzersa.default\searchplugins\MyStart Search.xml Folder Deleted : C:\Documents and Settings\DAVE\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\IB Updater ***** [Registry] ***** Key Deleted : HKCU\Software\AGI Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IB Updater Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKCU\Software\Nexus_Radio Key Deleted : HKCU\Software\Web Assistant Key Deleted : HKLM\Software\AGI Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\Software\IB Updater Key Deleted : HKLM\Software\ImInstaller Key Deleted : HKLM\Software\InstallCore Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Nexus Radio Toolbar Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Key Deleted : HKLM\Software\Nexus_Radio Key Deleted : HKLM\Software\Web Assistant Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) File : C:\Documents and Settings\DAVE\Application Data\Mozilla\Firefox\Profiles\tpgzersa.default\prefs.js C:\Documents and Settings\DAVE\Application Data\Mozilla\Firefox\Profiles\tpgzersa.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "MyStart Search"); Deleted : user_pref("extensions.likethepage.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20[...] Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...] Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] -\\ Google Chrome v24.0.1312.52 File : C:\Documents and Settings\DAVE\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4973 octets] - [22/01/2013 18:59:08] AdwCleaner[s1].txt - [4980 octets] - [22/01/2013 21:24:56] ########## EOF - C:\AdwCleaner[s1].txt - [5040 octets] ##########
  5. # AdwCleaner v2.107 - Logfile created 01/22/2013 at 18:59:08 # Updated 21/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : DAVE - HOME-0395F5FC51 # Boot Mode : Normal # Running from : C:\Documents and Settings\DAVE\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** Found : IB Updater ***** [Files / Folders] ***** File Found : C:\Documents and Settings\DAVE\Application Data\Mozilla\Firefox\Profiles\tpgzersa.default\searchplugins\MyStart Search.xml Folder Found : C:\Documents and Settings\DAVE\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\DAVE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\IB Updater ***** [Registry] ***** Key Found : HKCU\Software\AGI Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\IB Updater Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Found : HKCU\Software\Nexus_Radio Key Found : HKCU\Software\Web Assistant Key Found : HKLM\Software\AGI Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\Software\IB Updater Key Found : HKLM\Software\ImInstaller Key Found : HKLM\Software\InstallCore Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Nexus Radio Toolbar Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Key Found : HKLM\Software\Nexus_Radio Key Found : HKLM\Software\Web Assistant Key Found : HKU\S-1-5-21-682003330-1647877149-2147331303-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) File : C:\Documents and Settings\DAVE\Application Data\Mozilla\Firefox\Profiles\tpgzersa.default\prefs.js Found : user_pref("browser.search.defaultenginename", "MyStart Search"); Found : user_pref("extensions.likethepage.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20[...] Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...] Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] -\\ Google Chrome v24.0.1312.52 File : C:\Documents and Settings\DAVE\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4844 octets] - [22/01/2013 18:59:08] ########## EOF - C:\AdwCleaner[R1].txt - [4904 octets] ##########
  6. ComboFix 13-01-21.04 - DAVE 01/22/2013 15:06:55.9.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1693 [GMT -5:00] Running from: c:\documents and settings\DAVE\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\DAVE\Application Data\PriceGong c:\documents and settings\DAVE\Application Data\PriceGong\Data\1.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\a.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\b.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\c.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\d.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\e.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\f.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\g.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\h.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\i.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\j.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\k.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\l.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\m.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\mru.xml c:\documents and settings\DAVE\Application Data\PriceGong\Data\n.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\o.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\p.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\q.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\r.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\s.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\t.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\u.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\v.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\w.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\x.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\y.txt c:\documents and settings\DAVE\Application Data\PriceGong\Data\z.txt c:\documents and settings\DAVE\Recent\Thumbs.db c:\documents and settings\DAVE\WINDOWS c:\progra~1\AIRCAN~1\TRAVel~1.exe c:\windows\system32\sqlite3.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\msvcr71.dll.int c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 ))))))))))))))))))))))))))))))) . . 2013-01-21 23:33 . 2012-05-25 17:14 42864 ----a-w- c:\windows\system32\sbbd.exe 2013-01-21 23:33 . 2012-05-25 17:14 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2013-01-21 23:32 . 2013-01-22 09:27 -------- d-----w- C:\VIPRERESCUE 2013-01-16 06:14 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F921FC6-F611-4BCD-B143-9103683D1C32}\mpengine.dll 2013-01-15 03:08 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-13 01:11 . 2012-04-03 17:59 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-13 01:11 . 2011-05-22 17:10 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2011-02-09 05:36 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2009-08-19 22:07 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2011-02-09 05:36 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-09-11 21:11 . 2012-09-11 21:11 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808] . [HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] [HKEY_CLASSES_ROOT\agihelper.AGUtils] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016] "hplampc"="c:\windows\System32\hplampc.exe" [2002-01-17 40448] "Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768] "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "CTHelper"="CTHELPER.EXE" [2006-08-11 17920] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 39408] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Yahoo! Autosync.lnk - c:\program files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe [2007-8-21 391680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] [bU] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^Alaska Airlines Update Conduit.lnk] path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\Alaska Airlines Update Conduit.lnk backup=c:\windows\pss\Alaska Airlines Update Conduit.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^CNET TechTracker.lnk] path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\CNET TechTracker.lnk backup=c:\windows\pss\CNET TechTracker.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^Smile Desktop.lnk] path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\Smile Desktop.lnk backup=c:\windows\pss\Smile Desktop.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^United Airlines Timetable Update Application.lnk] path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\United Airlines Timetable Update Application.lnk backup=c:\windows\pss\United Airlines Timetable Update Application.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3 . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoBAUP_FilesBackup_2] AUTOBAUP2 [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu] /L:ENG [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2008-09-22 23:42 90112 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2006-02-10 01:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet] 2002-09-30 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] 2006-08-11 18:56 17920 ----a-w- c:\windows\CTHELPER.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] 2006-08-11 18:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] 2005-03-16 10:33 127037 -c--a-w- c:\windows\system32\dla\tfswctrl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2006-04-06 14:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] 2012-12-03 19:46 366576 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 20:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2004-04-12 00:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-01-21 16:17 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-09-24 22:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2012-09-12 20:17 896912 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Spindown Utility] 2004-08-09 19:15 278528 ----a-w- c:\program files\Western Digital Technologies\Spindown\ExSpinDn.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Name of App"=c:\program files\Samsung\FW LiveUpdate\LiveUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\msconfig.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12345:TCP"= 12345:TCP:Motorola Helper . R1 MpKslf7e754ad;MpKslf7e754ad;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F921FC6-F611-4BCD-B143-9103683D1C32}\MpKslf7e754ad.sys [1/22/2013 3:20 PM 29904] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/21/2013 6:33 PM 101112] R2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [12/3/2012 2:49 PM 188760] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 Auto File Backup Service;AutoBAUP Service;c:\program files\AutoBAUP\AutoBAUP.exe --> c:\program files\AutoBAUP\AutoBAUP.exe [?] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360] S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [9/22/2008 12:38 AM 9312] S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [9/9/2010 10:47 PM 49377] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/12/2010 6:09 PM 22344] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [4/9/2010 2:39 PM 42752] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/12/2010 6:09 PM 654408] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLF7E754AD *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-16 06:46 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2008-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2012-11-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 19:38] . 2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 03:27] . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 03:27] . 2013-01-22 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25] . 2013-01-22 c:\windows\Tasks\User_Feed_Synchronization-{3917B950-7D37-43A7-A444-D3158FE290D4}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 08:31] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.254 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\DAVE\Application Data\Mozilla\Firefox\Profiles\tpgzersa.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/|http://att.my.yahoo.com/ FF - ExtSQL: 2012-12-03 14:49; {336D0C35-8A85-403a-B9D2-65C292C39087}; c:\program files\IB Updater\Firefox FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - ORPHANS REMOVED - - - - . BHO-{2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file) Toolbar-{2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-{31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file) Toolbar-Locked - (no file) WebBrowser-{2462D2D8-B36E-44AB-84BF-C5A9383D2429} - (no file) SafeBoot-MCODS MSConfigStartUp-Acronis True Image Monitor - c:\program files\Acronis\TrueImage\TrueImageMonitor.exe MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe MSConfigStartUp-WsdtReplacer - c:\documents and settings\DAVE\Local Settings\Temp\WebshotSupplantLauncher.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-22 15:20 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a9,60,07,25,40,6d,44,bd,3f,88,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,7f,87,e3,d3,82,7b,4d,a9,21,da,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,9c,eb,28,da,a1,9f,4a,a0,88,eb,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(8104) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\Iomega\DriveIcons\IMGHOOK.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\windows\system32\CTsvcCDA.exe c:\progra~1\Iomega\System32\AppServices.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Retrospect\Retrospect 7.5\retrorun.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\MsPMSPSv.exe c:\program files\Skyhook Wireless\Wi-Fi Driver\WPSScannerSvc.exe c:\program files\Iomega\AutoDisk\ADService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Common Files\Intellisync\PushSyncService\PushSyncService.exe . ************************************************************************** . Completion time: 2013-01-22 15:27:08 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-22 20:27 ComboFix2.txt 2010-10-08 19:24 . Pre-Run: 74,048,622,592 bytes free Post-Run: 72,308,334,592 bytes free . - - End Of File - - F4AD0BBA3564CD15179EF4ACAB59F81B ............................................................................................................... System seems ok on normal boot ...not in safe mode anymore. What next?
  7. Forgot to ask you, can I run Combofix from a Flash drive or drag/drop from flash to desktop in Safe Mode? Can't seem to find a Log from my last scan...VIPRES Quarantine folder? I see 3 CSV files outside of the Quarantine folder. Sorry, nothing spelling out LOG! Running Combofix now......I'll get a log for ya'! Will it clean up the VIPRES scanner Folder and Quarantined items, too? That's my main concern.....
  8. Ok, scan completed and a folder was created in C:\VIPRERESCUE and I think I need to locate the log? I shut down the pc, so I'll locate it later. I did see 6 infections were Quarantine'd. I'll get with you in the pm to figure out what I'm supposed to do next......
  9. The scan is going on --over 4 hours--. May have to let the pc run overnight, but I do NOT like doing this. Why such a long scan? Had this problem with another AV years ago getting support. Woke up in the AM and ''There was No log'' produced........SMH at this! We'll see!
  10. I started running the VIPRE AV while I got some chow, about 45 min.'s ago. Have a 250gb drive and it's still getting scanned. I'll post what I can, then at your discretion, I can run that OTLPE, if needed. Most importantly, I was waiting for you to tell me, that I wouldn't screw anything up! LOL Thanks! I'll keep ya' posted~
  11. Ok, but poking around on the REATOGO desktop, I found an icon (two keys) that says '' MSKeyViewer Plus. Normally, I won't play with things, but I clicked on it and asks ''Do you wish to load the remote registry? Sounds like this is what we need and the scanner at start up bypassed this? What do ya' think, or should we go with VIPRE Rescue? Just pointing this out, that's all! Got the Vipre on my flash at any rate....
  12. I'm at the REATOGO desktop, clicked OTLPE icon and get the same as mentioned by me earlier. I'm always prompted to Browse for folder, then choose windows directory. How can I point this scanner towards a windows directory if my HD's are not found? I have re-read all and am not getting to the FIRST step you noted. Now, at the time I click on OTLPE icon, I see a black dos like screen pop up only for a nano second. I then get the ''browse for folder and directory interface! Normally I'm good at workarounds, but this one has me stumped. Any other suggestions? Thanks~ Browse folder options are; My Computer Floppy (A:) RAMDisk (B:) 98 se (D:) ReatogoPE (X:) Shared Documents These are my only options for pointing the scanner towards and NONE work! Other than everything I've tried, I'm getting nowhere with this scanner. Do you have another scanner we could try, perhaps? Been at this for 2 hours so far....Thanks!