# Internet hangs, sloow computer, memory leak



## Sboutte (Jul 2, 2012)

I know I've done this just a few minutes ago, went to preview it and came back to add something and it was gone! so here goes aqgain and I do apologize. I'm having a baad day! My internet hangs up continually, I got notice through Poolmon that I have a memory leak and my computer loads windows very slowly. I sometimes have problems shutting down and have to use task manager and when I do it sometimes has tons of processes going on.

I ran most of this before I did a restore but the TSG is back to June 1st now, though I know somewhere early this morning I posted all of this before doing the restore. The DDS.txt is after the restore too as I can't find it. All the rest is from before the restore.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel Celeron processor, x86 Family 6 Model 22 Stepping 1
Processor Count: 1
RAM: 503 Mb
Graphics Card: Intel(R) 82945G Express Chipset Family, 64 Mb
Hard Drives: C: Total - 71939 MB, Free - 44938 MB; D: Total - 4368 MB, Free - 1751 MB;
Motherboard: ELITEGROUP, 945GCT-M3
Antivirus: PC Cleaners, Updated: Yes, On-Demand Scanner: Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:01:25 PM, on 7/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\WeatherBug\Weather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3622
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\WeatherBug\Weather.exe 1
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.opinionsquare.com/Config/packages/op/opsetup.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} (TrivialPursuit Control) - http://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} (SpiderSolitaire Control) - http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} (Jeopardy Control) - http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1340944331468
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} (Clue Control) - http://www.worldwinner.com/games/v68/clue/clue.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} (Monopoly Control) - http://www.worldwinner.com/games/v46/monopoly/monopoly.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v54/wwspades/wwspades.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12918 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:05:36 on 2012-07-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.71 [GMT -5:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\WeatherBug\Weather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3622
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [Weather] c:\program files\weatherbug\Weather.exe 1
uRun: [Itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe
uRun: [RDReminder] c:\program files\drcleanup\drCleanup.exe -rem
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki...
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} - hxxps://www.opinionsquare.com/Config/packages/op/opsetup.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284189973031
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
TCP: Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 MpKslb5665d21;MpKslb5665d21;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f3a43e3-8059-45c2-9009-149a03ccb5a5}\MpKslb5665d21.sys [2012-7-5 29904]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-11-12 266240]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
.
=============== Created Last 30 ================
.
2012-07-05 23:45:03 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f3a43e3-8059-45c2-9009-149a03ccb5a5}\MpKslb5665d21.sys
2012-07-05 19:46:17 -------- d-----w- c:\windows\Downloaded Program Files
2012-07-05 19:13:51 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f3a43e3-8059-45c2-9009-149a03ccb5a5}\mpengine.dll
2012-07-05 18:01:02 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-05 11:17:41 -------- d-----w- C:\New Folder (2)
2012-07-05 10:34:47 -------- d-----w- C:\New Folder
2012-07-03 01:28:55 -------- d-----w- C:\backup
2012-07-02 22:06:23 -------- d-----w- c:\documents and settings\owner\application data\Windows Search
2012-07-02 15:28:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogMeIn Rescue Applet
2012-07-01 15:08:54 -------- d-----w- c:\program files\common files\ParetoLogic
2012-07-01 15:08:51 -------- d-----w- c:\program files\ParetoLogic
2012-07-01 14:51:40 -------- d-----w- c:\documents and settings\owner\application data\SpeedyPC Software
2012-07-01 14:51:18 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-07-01 14:31:50 -------- d-----w- c:\documents and settings\owner\application data\CompuClever
2012-07-01 14:31:46 -------- d-----w- c:\program files\CompuClever
2012-06-30 06:48:51 -------- d-----w- c:\documents and settings\owner\application data\AppGraffiti
2012-06-30 06:44:53 -------- d-----w- c:\program files\AppGraffiti
2012-06-28 17:19:47 -------- d-----w- c:\documents and settings\owner\application data\ParetoLogic
2012-06-13 00:48:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 18:18:37 -------- d-----w- c:\program files\Ask.com
2012-06-07 18:18:33 -------- d-----w- c:\documents and settings\owner\local settings\application data\AskToolbar
2012-06-07 18:07:45 -------- d-----w- c:\documents and settings\all users\application data\Ask
2012-06-07 18:06:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-07 18:06:54 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-06-09 15:49:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 15:49:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-07 18:06:22 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-01-17 17:35:38 1008936 -c--a-w- c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04:02 38147376 -c--a-w- c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 19:06:14.71 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-05 05:03:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST380815AS rev.4.AAA
Running: 51ybgl5s.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awrcyfod.sys

---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[228] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2676] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

OK I hope this goes through this time. I'm an old lady so please excuse my ineptitude. Like I said I'm just having a bad day

God Bless you all for all you do to pay it forward!

Sharron


----------



## flavallee (May 12, 2002)

Sharron:

Two primary reasons why that computer is running slow is because it has only 512 MB of RAM and has too many apps auto-starting and running in the background, but there are other issues that need to be dealt with.

Do the following in the order that they're listed.

-----------------------------------------------

Go to Control Panel - Add Or Remove Programs, then uninstall/remove

*AppGraffiti

Ask Toolbar

Ask Toolbar Updater

AVG

Inbox.com Toolbar

MarketResearch

Microsoft Default Manager

PC Cleaners

RegCure Pro

Windows Live OneCare Safety Scanner*

Note: They may not all be in the list.

-----------------------------------------------

Download and save and then install the free version of

*Malwarebytes Anti-Malware*

*SUPERAntiSpyware*

Make sure to update their definition files during the install process.

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

After they're installed and updated, restart the computer.

-----------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------

Start SUPERAntiSpyware.

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------


----------



## Sboutte (Jul 2, 2012)

1.Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.07.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-3DC5C40E2A [administrator]
Protection: Enabled
7/6/2012 10:22:26 PM
mbam-log-2012-07-06 (22-22-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208816
Time elapsed: 19 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 35
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2E4A92AB-F2C0-456A-9935-B715439790D7} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E4A92AB-F2C0-456A-9935-B715439790D7} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C2743F0-A2E2-41A0-9E65-798943109F42} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Files Detected: 5
C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)

2. Protection Log 7-6

2012/07/06 22:21:48 -0500 YOUR-3DC5C40E2A Owner MESSAGE Starting protection
2012/07/06 22:22:07 -0500 YOUR-3DC5C40E2A Owner MESSAGE Protection started successfully
2012/07/06 22:22:10 -0500 YOUR-3DC5C40E2A Owner MESSAGE Starting IP protection
2012/07/06 22:22:20 -0500 YOUR-3DC5C40E2A Owner MESSAGE IP Protection started successfully
2012/07/06 22:33:18 -0500 YOUR-3DC5C40E2A Owner MESSAGE Executing scheduled update: Daily
2012/07/06 22:33:23 -0500 YOUR-3DC5C40E2A Owner MESSAGE Database already up-to-date

3. Protection Log 7-7

2012/07/07 00:49:07 -0500 YOUR-3DC5C40E2A Owner MESSAGE Starting protection
2012/07/07 00:49:29 -0500 YOUR-3DC5C40E2A Owner MESSAGE Protection started successfully
2012/07/07 00:49:32 -0500 YOUR-3DC5C40E2A Owner MESSAGE Starting IP protection
2012/07/07 00:49:46 -0500 YOUR-3DC5C40E2A Owner MESSAGE IP Protection started successfully

Super Anti Spyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/06/2012 at 11:50 PM
Application Version : 5.5.1006
Core Rules Database Version : 8860
Trace Rules Database Version: 6672
Scan type : Quick Scan
Total Scan Time : 00:15:38
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 656
Memory threats detected : 0
Registry items scanned : 29009
Registry threats detected : 1
File items scanned : 7298
File threats detected : 15
PUP.MyWebSearch/FunWebProducts
HKU\S-1-5-21-2951212231-3065092772-446880446-1003\SOFTWARE\FunWebProducts
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\K3CII1A8.txt [ /kontera.com ]
C:\Documents and Settings\Owner\Cookies\R4NDNDVO.txt [ /clickbooth.com ]
C:\Documents and Settings\Owner\Cookies\KCB2DRMI.txt [ /mm.chitika.net ]
C:\Documents and Settings\Owner\Cookies\6H4S1K8S.txt [ /interclick.com ]
C:\Documents and Settings\Owner\Cookies\WZ0AKPQ6.txt [ /a1.interclick.com ]
C:\Documents and Settings\Owner\Cookies\47FTURTH.txt [ /revsci.net ]
C:\Documents and Settings\Owner\Cookies\B6LZUJPX.txt [ /at.atwola.com ]
C:\Documents and Settings\Owner\Cookies\MH5RTXTG.txt [ /collective-media.net ]
C:\Documents and Settings\Owner\Cookies\0QXWNOJ2.txt [ /invitemedia.com ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\JOS0T3RE.txt [ Cookie[email protected]/adserving ]
Trace.Known Threat Sources
C:\DOCUMENTS AND SETTINGS\OWNER\Local Settings\Temporary Internet Files\Content.IE5\OQWM0ND2\login_verify2[1].htm [ cachecmightymax.net ]
C:\DOCUMENTS AND SETTINGS\OWNER\Local Settings\Temporary Internet Files\Content.IE5\RIH9FQLI\favicon[1].ico [ cachecmightymax.net ]
C:\DOCUMENTS AND SETTINGS\OWNER\Local Settings\Temporary Internet Files\Content.IE5\ZWR149NQ\uninstall[1].htm [ cachecmightymax.net ]
Adware.CouponBar
C:\WINDOWS\CPNPRT2.CID
C:\WINDOWS\SYSTEM32\CPNPRT2.CID

I had downloaded PC MightyMax 2011 and cannot get rid of it! I went to add/Remove Programs and it said it removed it but the icon is still in my taskbar and right clicking it says it is not unlocked. Every now and then it pops up a screen saying to buy now, repair, rescan, register. It is still in the taskbar, any ideas on this?

Thanks Flavallee for all your help!


----------



## flavallee (May 12, 2002)

Sboutte said:


> I had downloaded PC MightyMax 2011 and cannot get rid of it! I went to add/Remove Programs and it said it removed it but the icon is still in my taskbar and right clicking it says it is not unlocked. Every now and then it pops up a screen saying to buy now, repair, rescan, register. It is still in the taskbar, any ideas on this?


Why did you download and install *PC MightyMax 2011*(which is a rogue program)?

It's going to be difficult or impossible to help you if you download and install apps without our knowledge or advice.

Run another quick scan with Malwarebytes and SUPERAntiSpyware, then select and remove everthing they find, then submit the new scan logs here.

The protection logs are not needed.

-------------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

So sorry about dnloading Mighty Max, I thought it was gone because the icon is gone from the tray but I just got through running Malwarebytes and the popup saying rescan and repair now is up again saying 264 problems. Malwarebytes is clean, here is the log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.07.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-3DC5C40E2A [administrator]
Protection: Enabled
7/7/2012 2:10:38 PM
mbam-log-2012-07-07 (14-10-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208097
Time elapsed: 12 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/07/2012 at 02:56 PM
Application Version : 5.5.1006
Core Rules Database Version : 8860
Trace Rules Database Version: 6672
Scan type : Quick Scan
Total Scan Time : 00:26:14
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 649
Memory threats detected : 0
Registry items scanned : 29018
Registry threats detected : 0
File items scanned : 6999
File threats detected : 4
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\R18AFZ25.txt [ /kontera.com ]
C:\Documents and Settings\Owner\Cookies\JOU59PD1.txt [ /mm.chitika.net ]
C:\Documents and Settings\Owner\Cookies\E2PSL7YK.txt [ /at.atwola.com ]
C:\Documents and Settings\Owner\Cookies\OM6TNL5W.txt [ /invitemedia.com ]


----------



## Sboutte (Jul 2, 2012)

This one has appeared again. It states that it is not unlocked. I checked out malwarebytes and found a tool "File Assasin: that can help delete locked files. Or would it be better to run a full scan? I didn't want to do anything else that you don't approve. I know a full scan will take a looonnnggg time but if it would help get rid of this rogue program I will do it. I went through Windows Explorer looking for this program and couldn't find it but I did find leftover RegcurePro and AppGraffiti which I deleted. I also found a folder "Software Distribution" under C: Windows which looks doubtful, it has a download files which I'm not sure of and the dates are all within the last few days but just listed with file numbers instead of names.

Thanks

Sharron


----------



## Sboutte (Jul 2, 2012)

I found a site that says it completely removes Mighty max BUT it requires a download of PC clean and I was told to uninstall PC clean so I don't want to reinstall it unless you say to.

Thanks

Sharron


----------



## flavallee (May 12, 2002)

You need to be careful about what you research because there's a lot of BAD advice out there.

You also need to be careful about poking around and deleting files and registry entries without REALLY knowing what you're doing.

we're probably beating our heads against the wall here, but I've requested a gold shield removal specialist jump in to assist you.

It's unknown how much damage *RegCure* and *PC Cleaners* and whatever other "cleaner/fixer" apps you've been using has done to that computer.

--------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

thank you Flavallee for all you've done

Sincerely
Sharron


----------



## flavallee (May 12, 2002)

Let's see a new HiJackThis scan log.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

------------------------------------------------------------


----------



## flavallee (May 12, 2002)

Let's see how much RAM that computer supports and what type RAM module it uses.

Go here and allow the Crucial System Scanner to load and run.

After it's finished and it displays a report, copy-and-paste the link to that report here so we can go there and view it.

------------------------------------------------------------


----------



## Byteman (Jan 24, 2002)

Hi Sharron, I was helping you here: http://forums.techguy.org/all-other-software/1059652-internet-hang-master-file-disabled.html

Then I had to take some time off....... Back on 5th of July:



Byteman said:


> *Antivirus: PC Cleaners, *
> 
> Is this your antivirus program? That's malware I am pretty sure. You may have been infected.....
> 
> ...


AND......



Sharron said:


> Hi Byteman,
> 
> No my virus program is *Microsoft Security Essentials*. I did use AVG for awhile. I ran RegCurePro yesterday. It is supposed to be a Microsoft partner so thought it was safe but it did no good. I'm having even more problems now even though it says I am looking good. I posted in the Malware forum all the info requested.
> 
> ...


 You did start the thread in the right place as I advised....I now see the older DDS log etc......but there was a System Restore or something along the way....so I need to see brand new DDS logs, etc please.

PC MightyMax is difficult to remove as there are some Registry entries to delete but I can help you with that.

*1. Please download HijackThis:*
Please go * here* to download *HijackThis*.

Save the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*.

*you only need Hijackthis once...... if you have it already, use that one, but make sure you are posting the fresh LOG it makes.....*

2*. Please download DDS by sUBs to your desktop from one of the following locations:*
http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.infospyware.net/sUBs/dds/

Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.

((SCRIPT BLOCKER MIGHT BE INCLUDED WITH YOUR ANTIVIRUS SO DISABLE THE REAL TIME PROTECTION FOR YOUR REAL ANTIVIRUS, Microsoft Security Essentials....))

*How to disable MSE when you run a scan with something else......*


MICROSOFT SECURITY ESSENTIALS- how to turn it off to run a DDS scan etc

 Open MSE and go to Settings > Real Time Protection.
Then uncheck "Turn on real time protection".
Exit MSE when done.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. POST here in a reply the DDS.txt and if you can, include the attach.txt or you can attach it to this reply....... or, you can submit a second reply with the attach.txt log, that is OK to do.


----------



## flavallee (May 12, 2002)

Byteman:

I wasn't aware of Sharron's other thread. Thanks for jumping in. I'll leave it with you.

-------------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

Good Lord, this hijack is lengthy and has things on it I haven't even seen before!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:10:43 AM, on 7/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\WeatherBug\Weather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\New Folder (2)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3622
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PC MightyMax 2011 Tray Icon] "C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe
O4 - HKCU\..\Run: [RDReminder] C:\Program Files\DrCleanUp\drCleanup.exe -rem
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10843 bytes

.
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 9:27:38 on 2012-07-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.77 [GMT -5:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\WeatherBug\Weather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3622
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [Weather] c:\program files\weatherbug\Weather.exe 1
uRun: [Itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe
uRun: [RDReminder] c:\program files\drcleanup\drCleanup.exe -rem
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PC MightyMax 2011 Tray Icon] "c:\documents and settings\owner\local settings\application data\pc mightymax 2012\TrayIcon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
TCP: Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 MpKsla23e1727;MpKsla23e1727;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c236b4c-168e-40da-ac93-0c504d90728c}\MpKsla23e1727.sys [2012-7-9 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-11-12 266240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-6 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-6 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
.
=============== Created Last 30 ================
.
2012-07-09 14:17:11 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c236b4c-168e-40da-ac93-0c504d90728c}\MpKsla23e1727.sys
2012-07-09 07:50:51 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c236b4c-168e-40da-ac93-0c504d90728c}\mpengine.dll
2012-07-08 06:35:33 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-07 22:54:04 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2012-07-07 04:10:56 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-07-07 04:09:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-07 04:09:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-07-07 03:13:40 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-07-07 03:13:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-07 03:13:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-07 03:13:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-06 06:54:32 -------- d-----w- c:\documents and settings\owner\application data\licenses
2012-07-06 06:54:30 -------- d-----w- c:\documents and settings\owner\application data\PCMM2009
2012-07-06 06:54:22 -------- d-----w- c:\documents and settings\owner\application data\PCMM2012
2012-07-06 06:54:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\PC MightyMax 2012
2012-07-05 19:46:17 -------- d-----w- c:\windows\Downloaded Program Files
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-05 11:17:41 -------- d-----w- C:\New Folder (2)
2012-07-03 01:28:55 -------- d-----w- C:\backup
2012-07-02 22:06:23 -------- d-----w- c:\documents and settings\owner\application data\Windows Search
2012-07-02 15:28:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogMeIn Rescue Applet
2012-07-01 14:51:40 -------- d-----w- c:\documents and settings\owner\application data\SpeedyPC Software
2012-07-01 14:51:18 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-07-01 14:31:50 -------- d-----w- c:\documents and settings\owner\application data\CompuClever
2012-07-01 14:31:46 -------- d-----w- c:\program files\CompuClever
2012-06-28 17:19:47 -------- d-----w- c:\documents and settings\owner\application data\ParetoLogic
2012-06-13 00:48:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-07-06 02:13:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 02:13:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-07 18:06:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-07 18:06:23 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-07 18:06:22 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-01-17 17:35:38 1008936 -c--a-w- c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04:02 38147376 -c--a-w- c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 9:28:38.68 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2009 1:29:30 PM
System Uptime: 7/9/2012 8:42:08 AM (1 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel Celeron processor | Socket 775 | 1599/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 43.618 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.711 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1018: 5/5/2012 9:03:46 PM - System Checkpoint
RP1019: 5/6/2012 2:26:17 AM - Software Distribution Service 3.0
RP1020: 5/7/2012 12:47:11 PM - System Checkpoint
RP1021: 5/7/2012 8:27:27 PM - Software Distribution Service 3.0
RP1022: 5/8/2012 9:30:15 PM - Software Distribution Service 3.0
RP1023: 5/9/2012 3:00:17 AM - Software Distribution Service 3.0
RP1024: 5/9/2012 10:36:37 PM - Software Distribution Service 3.0
RP1025: 5/11/2012 12:12:07 AM - Software Distribution Service 3.0
RP1026: 5/12/2012 12:54:14 AM - System Checkpoint
RP1027: 5/12/2012 7:01:32 PM - Software Distribution Service 3.0
RP1028: 5/13/2012 1:56:12 AM - Software Distribution Service 3.0
RP1029: 5/14/2012 2:37:12 AM - System Checkpoint
RP1030: 5/14/2012 5:33:01 AM - Software Distribution Service 3.0
RP1031: 5/15/2012 6:26:24 AM - System Checkpoint
RP1032: 5/15/2012 7:33:35 AM - Software Distribution Service 3.0
RP1033: 5/16/2012 9:00:28 AM - Software Distribution Service 3.0
RP1034: 5/17/2012 8:59:47 AM - Software Distribution Service 3.0
RP1035: 5/18/2012 9:31:57 AM - Software Distribution Service 3.0
RP1036: 5/18/2012 6:14:58 PM - Restore Operation
RP1037: 5/18/2012 6:30:32 PM - Installed HP Product Detection
RP1038: 5/18/2012 6:33:03 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP1039: 5/19/2012 3:00:25 AM - Software Distribution Service 3.0
RP1040: 5/20/2012 2:19:36 AM - Software Distribution Service 3.0
RP1041: 5/21/2012 10:45:43 AM - Software Distribution Service 3.0
RP1042: 5/22/2012 12:51:55 PM - Software Distribution Service 3.0
RP1043: 5/23/2012 1:43:55 PM - System Checkpoint
RP1044: 5/24/2012 8:51:17 AM - Software Distribution Service 3.0
RP1045: 5/25/2012 11:23:23 AM - Software Distribution Service 3.0
RP1046: 5/26/2012 11:22:45 AM - Software Distribution Service 3.0
RP1047: 5/27/2012 2:21:34 AM - Software Distribution Service 3.0
RP1048: 5/27/2012 11:22:33 AM - Software Distribution Service 3.0
RP1049: 5/28/2012 11:22:57 AM - Software Distribution Service 3.0
RP1050: 5/29/2012 11:23:17 AM - Software Distribution Service 3.0
RP1051: 5/30/2012 11:22:48 AM - Software Distribution Service 3.0
RP1052: 5/31/2012 11:23:36 AM - Software Distribution Service 3.0
RP1053: 5/31/2012 11:13:41 PM - Installed iTunes
RP1054: 6/1/2012 11:38:32 PM - System Checkpoint
RP1055: 6/2/2012 3:25:34 AM - Software Distribution Service 3.0
RP1056: 6/3/2012 10:00:32 AM - Software Distribution Service 3.0
RP1057: 6/4/2012 9:11:04 AM - Software Distribution Service 3.0
RP1058: 6/4/2012 9:59:11 AM - Software Distribution Service 3.0
RP1059: 6/5/2012 10:50:28 AM - System Checkpoint
RP1060: 6/6/2012 2:02:27 AM - Software Distribution Service 3.0
RP1061: 6/7/2012 2:28:09 AM - System Checkpoint
RP1062: 6/7/2012 11:35:34 AM - Software Distribution Service 3.0
RP1063: 6/7/2012 1:05:04 PM - Removed Java(TM) 6 Update 19
RP1064: 6/7/2012 1:05:49 PM - Installed Java(TM) 6 Update 32
RP1065: 6/7/2012 1:07:36 PM - Installed Java Runtime Environment
RP1066: 6/8/2012 11:41:18 AM - Software Distribution Service 3.0
RP1067: 6/9/2012 5:24:52 PM - Software Distribution Service 3.0
RP1068: 6/10/2012 2:22:13 AM - Software Distribution Service 3.0
RP1069: 6/10/2012 5:24:19 PM - Software Distribution Service 3.0
RP1070: 6/11/2012 5:26:00 PM - Software Distribution Service 3.0
RP1071: 6/12/2012 7:52:02 PM - Software Distribution Service 3.0
RP1072: 6/13/2012 3:00:22 AM - Software Distribution Service 3.0
RP1073: 6/14/2012 3:02:10 AM - System Checkpoint
RP1074: 6/14/2012 4:09:34 AM - Software Distribution Service 3.0
RP1075: 6/14/2012 11:35:08 PM - Software Distribution Service 3.0
RP1076: 6/15/2012 11:58:22 PM - System Checkpoint
RP1077: 6/16/2012 11:06:50 AM - Software Distribution Service 3.0
RP1078: 6/17/2012 11:14:49 AM - System Checkpoint
RP1079: 6/17/2012 1:22:24 PM - Software Distribution Service 3.0
RP1080: 6/18/2012 1:52:10 PM - Software Distribution Service 3.0
RP1081: 6/19/2012 7:45:20 PM - Software Distribution Service 3.0
RP1082: 6/20/2012 8:12:57 PM - System Checkpoint
RP1083: 6/22/2012 4:06:17 AM - Software Distribution Service 3.0
RP1084: 6/23/2012 4:21:35 AM - System Checkpoint
RP1085: 6/23/2012 10:18:40 AM - Software Distribution Service 3.0
RP1086: 6/24/2012 1:45:30 AM - Software Distribution Service 3.0
RP1087: 6/24/2012 10:18:48 AM - Software Distribution Service 3.0
RP1088: 6/25/2012 11:13:52 AM - System Checkpoint
RP1089: 6/25/2012 10:21:06 PM - Software Distribution Service 3.0
RP1090: 6/27/2012 6:50:12 AM - Software Distribution Service 3.0
RP1091: 6/28/2012 7:23:43 AM - System Checkpoint
RP1092: 6/28/2012 10:31:03 AM - Software Distribution Service 3.0
RP1093: 6/28/2012 6:57:37 PM - Installed Microsoft Fix it 50157
RP1094: 6/29/2012 12:13:11 AM - Software Distribution Service 3.0
RP1095: 6/29/2012 12:30:00 AM - Software Distribution Service 3.0
RP1096: 6/30/2012 12:37:35 AM - Software Distribution Service 3.0
RP1097: 7/1/2012 5:49:04 AM - Software Distribution Service 3.0
RP1098: 7/2/2012 9:39:26 AM - Software Distribution Service 3.0
RP1099: 7/2/2012 5:24:48 PM - RegCure Pro Backup
RP1100: 7/2/2012 5:50:32 PM - RegCure Pro Backup
RP1101: 7/2/2012 9:15:22 PM - RegCure Pro Restore Point
RP1102: 7/4/2012 8:15:27 AM - Software Distribution Service 3.0
RP1103: 7/5/2012 10:12:04 AM - Software Distribution Service 3.0
RP1104: 7/5/2012 12:57:21 PM - Restore Operation
RP1105: 7/5/2012 2:13:45 PM - Software Distribution Service 3.0
RP1106: 7/6/2012 5:24:43 PM - System Checkpoint
RP1107: 7/6/2012 6:34:40 PM - Software Distribution Service 3.0
RP1108: 7/7/2012 7:06:23 PM - Software Distribution Service 3.0
RP1109: 7/8/2012 1:35:31 AM - Software Distribution Service 3.0
RP1110: 7/9/2012 2:50:21 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
AIO_Scan
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Boatload of Crosswords
Bonjour
BufferChm
CCScore
Copy
Coupon Printer for Windows
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD Suite
eMachines Connect
eMachines Games
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
F2100
F2100_doccd
F2100_Help
fflink
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Product Detection
HP Solution Center 9.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
Itibiti RTC
iTunes
Java Auto Updater
Java(TM) 6 Update 29
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
netbrdg
Notifier
OfotoXMI
Passport to Paradise
PSSWCORE
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Soft Data Fax Modem with SmartCP
Solar Fire Gold
Solar Spark v2.2
SolutionCenter
staticcr
Status
SUPERAntiSpyware
Three Cards to Midnight
Toolbox
tooltips
TrayApp
TurboTax 2009 wrapper
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
VPRINTOL
WeatherBug
WebFldrs XP
WebReg
Windows Backup Utility
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WIRELESS
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
7/5/2012 5:11:20 AM, error: System Error [1003] - Error code 0000007a, parameter1 c07c1310, parameter2 c000009a, parameter3 f8262204, parameter4 1a7a7860.
7/5/2012 5:04:56 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
7/5/2012 3:22:43 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'EasyShare.me-journal' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/5/2012 3:22:43 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'drivetable.txt' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/5/2012 3:06:25 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
7/5/2012 2:00:12 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
7/5/2012 1:16:22 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/5/2012 1:12:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1121.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
7/5/2012 1:01:20 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/5/2012 1:01:02 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.127.1121.0;1.127.1121.0 Engine version: 1.1.8403.0
7/4/2012 11:17:48 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
7/3/2012 7:24:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.857.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
7/3/2012 5:15:49 PM, error: Dhcp [1002] - The IP address lease 207.254.232.25 for the Network Card with network address 0019212EE670 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/2/2012 8:27:21 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
7/2/2012 5:33:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
7/2/2012 5:33:50 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2012 5:33:50 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/2/2012 5:33:35 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
.
==== End Of File ===========================
Flavalee has asked for a crucial scan so that will be included in the reply following his message if you wish to look at that too.

Thanks so much Byteman you are much appreciated!


----------



## Sboutte (Jul 2, 2012)

Thanks for the link to this site!
*Your W3622 System Specs *

Scan Id: C3726FE031D926C3

*Memory:*

DDR2 PC2-5300, DDR2 PC2-6400








*Memory Type: *DDR2 PC2-5300, DDR2 PC2-6400, DDR2 (non-ECC)
*Maximum Memory: *2GB 
*Currently Installed Memory: *512MB
*Total Memory Slots: *2
*Available Memory Slots: *1
512MB
DDR PC2-5300

EMPTY

Each memory slot can hold DDR2 PC2-5300, DDR2 PC2-6400 with a maximum of 1GB per slot.*
*Not to exceed manufacturer supported memory.








Although the memory can be installed one module at a time, the best performance comes from using matched pairs of modules.








How much memory your Windows OS will recognize depends on which version of Windows you are running. 32-bit versions of Windows will see (and utilize) only 3GB or 3.5GB. To utilize more memory, install a 64-bit version of your OS. More information about OS memory maximums can be found here.








_*Memory or DRAM* is the 'working' memory of the computer. It's used to store data for programs (sequences of instructions) on a temporary basis. _









video - installing memory

*Guaranteed-compatible upgrades for your W3622*

*Quick Configurations*

512MB 
512MB current memory

EMPTY

We've created quick upgrade options for your system! *View Quick Configurations*



1GB view details

512MB current memory

512MB

$NaN
Part No: 
Qty: 1​
*$NaN ea. *

*Total Price: $NaN*

1.5GB view details

512MB current memory

1GB

$NaN
Part No: 
Qty: 1​
*$NaN ea. *

*Total Price: $NaN*

2GB view details

1GB 512MB removed

1GB

$NaN
Part No: 
Qty: 2​
*$NaN ea. *

*Total Price: $NaN*

*Computer Memory*

512MB
2GB
512MB
2GB

density
Single2-piece kit
shop by: All Parts Price Low to High Price High to Low


----------



## flavallee (May 12, 2002)

Sharron:

What I wanted you to do was to submit the website address

http://www.crucial.com/systemscanner/viewscanbyid.aspx?id=C3726FE031D926C3#

to that report here so I could go there and view it.

There was no need for you to submit the entire scan report here.

Anyway, thanks for doing that.

It appears that your eMachines W3622 desktop has a *512 MB* DDR2 PC2-5300 module in one slot and has the other slot empty.

You need to add another *512 MB* DDR2 PC2-5300 module to the empty slot.

Better yet, add a matching pair of *1 GB* DDR2 PC2-5300 modules in both slots.

Once you no longer have only 512 MB of RAM in that desktop, you should notice an improvement in speed and "snappiness".

---------------------------------------------------


----------



## Byteman (Jan 24, 2002)

flavalee said:


> Once you no longer have only 512 MB of RAM in that desktop, you should notice an improvement in speed and "snappiness".
> 
> ---------------------------------------------------


That's for sure!~:up:


----------



## Sboutte (Jul 2, 2012)

Thanks for the advice Flavallee. Will do! As soon as I have the money


----------



## Sboutte (Jul 2, 2012)

Hi again Byteman,

While I was running the items you requested that rogue program Mighty max threw me a popup so I wanted to see what Hijackthis would do with that up and sure enough when I compared the 2 Hijacks the second one reported:

"C:/ Documents and Settings/Owner/Local Settings Application Data/PC MightyMax 2012 Tray Icon.exe"

Can I go there and delete this and will it get rid of Mighty Max once and for all?

Thanks 

Sharron


----------



## Byteman (Jan 24, 2002)

It will get rid of that one file, which displays the tray icon, that is not the right thing to do........

If you would just be patient>>> I am actually at work and I do not mean working here at TSG!

At TSG, we are volunteers....... I may be able to reply with what to do later on, OK?


----------



## Byteman (Jan 24, 2002)

Download *Combofix* from either of the links below, and save it to your desktop. 
*Link 1*
*Link 2*

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------
 (( In your logs from just a while ago today you had already DIS-abled what we need to so you are good to go and finish this scan for me, if you need to DIS-able the antivirus again, please do so!))

IMPORTANT - *Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here 

--------------------------------------------------------------------

When you are ready, close all other windows etc. It helps to have these instructions printed out. or a laptop next to you with this thread open on it!

Double click on *ComboFix.exe* & follow the prompts. This can take awhile so pick a time when you can let it run.

And no, you cannot be doing other things on this computer during it's run time!


When finished, it will produce a report for you. 
Please post the *C:\ComboFix.txt * for further review.


----------



## Sboutte (Jul 2, 2012)

Yes, I will be more patient  I'm so sorry for having interrupted you ate work, I always hated that when it happened!

ComboFix 12-07-08.02 - Owner 07/09/2012 16:12:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.228 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Owner\WINDOWS
c:\program files\FilmFanaticEI
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 21:01 . 2012-07-09 21:01 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96D69D90-2190-4EFC-AF65-54166D9FFE9C}\offreg.dll
2012-07-09 15:08 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96D69D90-2190-4EFC-AF65-54166D9FFE9C}\mpengine.dll
2012-07-08 22:34 . 2012-07-08 22:47 -------- d-----w- c:\windows\debug
2012-07-08 06:35 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-07 22:54 . 2012-07-07 22:54 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2012-07-07 04:10 . 2012-07-07 04:10 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-07-07 04:09 . 2012-07-07 04:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-07 04:09 . 2012-07-07 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-07-07 03:13 . 2012-07-07 03:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-07-07 03:13 . 2012-07-07 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-07 03:13 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-07 03:13 . 2012-07-07 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-06 06:54 . 2012-07-06 06:54 -------- d-----w- c:\documents and settings\Owner\Application Data\licenses
2012-07-06 06:54 . 2012-07-06 06:54 -------- d-----w- c:\documents and settings\Owner\Application Data\PCMM2009
2012-07-06 06:54 . 2012-07-06 06:54 -------- d-----w- c:\documents and settings\Owner\Application Data\PCMM2012
2012-07-06 06:54 . 2012-07-06 07:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012
2012-07-06 02:19 . 2012-07-06 02:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-07-06 02:14 . 2012-07-06 02:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-07-06 02:13 . 2012-07-06 02:14 -------- d-----w- c:\program files\Google
2012-07-05 19:46 . 2012-07-05 19:46 -------- d-----w- c:\windows\Downloaded Program Files
2012-07-05 17:59 . 2012-07-05 17:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-05 11:17 . 2012-07-09 15:48 -------- d-----w- C:\New Folder (2)
2012-07-03 01:28 . 2012-07-03 01:29 -------- d-----w- C:\backup
2012-07-02 22:06 . 2012-07-02 22:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2012-07-02 15:28 . 2012-07-02 22:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet
2012-07-01 14:51 . 2012-07-01 14:51 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedyPC Software
2012-07-01 14:51 . 2012-07-02 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-07-01 14:31 . 2012-07-01 14:31 -------- d-----w- c:\documents and settings\Owner\Application Data\CompuClever
2012-07-01 14:31 . 2012-07-02 23:10 -------- d-----w- c:\program files\CompuClever
2012-06-29 05:14 . 2012-06-29 05:14 -------- d-----w- c:\program files\Microsoft.NET
2012-06-28 17:19 . 2012-06-28 17:19 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic
2012-06-13 00:48 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 02:13 . 2012-03-30 13:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 02:13 . 2011-05-15 03:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-07 18:06 . 2012-06-07 18:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-07 18:06 . 2012-06-07 18:06 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-07 18:06 . 2010-05-26 19:03 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-04 22:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19 . 2009-08-07 03:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2006-05-07 00:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2006-05-07 00:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2006-05-07 00:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-08-07 03:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2006-05-07 00:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2006-05-07 00:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2006-05-07 00:24 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 03:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2006-05-07 00:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2006-05-07 00:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2010-09-11 17:38 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2010-09-11 17:38 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-05-07 00:24 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-05-07 00:24 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2006-05-07 00:24 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2006-05-07 00:24 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-05-07 00:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-05-07 00:24 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2006-05-07 00:24 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 05:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2006-05-07 00:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-01-17 17:35 . 2011-01-17 17:35 1008936 -c--a-w- c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04 . 2010-12-17 21:03 38147376 -c--a-w- c:\program files\QuickTimeInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
"Weather"="c:\program files\WeatherBug\Weather.exe" [2010-10-29 1652736]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-06 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"PC MightyMax 2011 Tray Icon"="c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe" [2012-05-29 126888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-8-18 21504]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-6-21 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/6/2012 10:13 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/6/2012 10:13 PM 22344]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [11/12/2010 10:07 PM 266240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2012 9:14 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 8:32 AM 257224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2012 9:14 PM 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:13]
.
2012-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-07-09 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2012-07-09 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2012-07-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-07 02:33]
.
2012-07-09 c:\windows\Tasks\User_Feed_Synchronization-{E8CF57D3-0A42-4F7C-A14A-8B742D99AA68}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
2012-07-09 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 03:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exe
HKCU-Run-RDReminder - c:\program files\DrCleanUp\drCleanup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-09 16:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(512)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-07-09 16:27:54
ComboFix-quarantined-files.txt 2012-07-09 21:27
.
Pre-Run: 46,879,997,952 bytes free
Post-Run: 47,102,279,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 864764F5667F3288372F6DFE3E58C680

Thanks so much for being here,

Sharron


----------



## Byteman (Jan 24, 2002)

Please *download* *OTM* 
 *Save* it to your *desktop*.
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe
:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe"=-

:Files
C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe
c:\documents and settings\Owner\Application Data\licenses
c:\documents and settings\Owner\Application Data\c:\documents and settings\Owner\Application Data\PCMM2012
c:\documents and settings\Owner\Application Data\PCMM2009
c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012
c:\documents and settings\Owner\Application Data\SpeedyPC Software
c:\documents and settings\All Users\Application Data\SpeedyPC Software
c:\documents and settings\Owner\Application Data\CompuClever
c:\program files\CompuClever
c:\documents and settings\Owner\Application Data\ParetoLogic
c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM* and reboot your PC.
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

*NEXT> Please re-run Malwarebytes but this time, please do the FULL scan and post the log results, even if it does not find any bad guys!*


----------



## Sboutte (Jul 2, 2012)

Hi Byteman

Ifollowed all your instructions. Nothing ever showed up in the Results Window and I couldn't get OTM to go to reboot it quit responding. I had to just shut my puter down as I couldn't even get task manager to pull up. No option to select "yes" came up when it did reboot. I went ahead and opened Notepad and named file *.log hit enter and went to C:\OTM...there was a file listed under it called Moved Files, I clicked on that and 3 files opened but they were all empty. There was a logfile under C: but it was too large to paste here and seemed repetitive. It had a correct timestamp, also another systemfile with timestamp current.

Should I go ahead and rerun Malwarebytes full Scan now. I tried the OTM 3 times with no luck. 

Thx

Sharron


----------



## Sboutte (Jul 2, 2012)

I noticed in the code setting you sent the first line stating documents and settings/owner/local settings...I looked sor that file setting the other day and there is no local settings, That was when I asked you about going there to delete mighty max and you asked me to be patient.  Just Just a little more info you probably don't need!

Have a great day 

Sharron


----------



## Sboutte (Jul 2, 2012)

Went in another route and found local settings along with a temp folder which has 430 items. There was also an Apps file...Don't worry all I'm doing is looking


----------



## Byteman (Jan 24, 2002)

You did the OTM right, you can break that .log file up into as many parts as it takes to post it, OR you can just attach it to your next reply. The log file is what I need to see. 

RE: that pesky trayicon.exe for PCMM. 

The right location may be easier to find if we have you check the folder display settings, we may not be seeing All Files....

Here is what to do:

Instructions so you can see hidden files in XP:

Click "Start".
Click 'My Computer'
Select the 'Tools' menu tab up top....
Click 'Folder Options'.
Select the 'View' tab.
Under the 'Hidden files and folders' heading, select 'Show hidden files and folders'.
Uncheck the 'Hide protected operating system files (recommended)' option.
Click 'Yes' to confirm.
Uncheck the 'Hide file extensions for known file types'.
Click 'OK'.


OK, now open Windows Explorer (right click drive C: in My Computer is an easy way to do this)

Expand the folders down to > C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe

The specific file is in the PC MightyMax 2012 FOLDER, delete the TrayIcon.exe FILE if you find it. Then, delete the PC MM folder if you have that. 

__________________next 

Please Post a new DDS log....I will put the directions here for you. Thanks!



Disable any script blocker (your antivirus again) you may have as they may interfere and then double-click the DDS.scr to run the tool.

((SCRIPT BLOCKER MIGHT BE INCLUDED WITH YOUR ANTIVIRUS SO DISABLE THE REAL TIME PROTECTION FOR YOUR REAL ANTIVIRUS, Microsoft Security Essentials....))

How to disable MSE when you run a scan with something else......

MICROSOFT SECURITY ESSENTIALS- how to turn it off to run a DDS scan etc
Open MSE and go to Settings > Real Time Protection.
Then uncheck "Turn on real time protection".
Exit MSE when done.


When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. POST here in a reply the DDS.txt and if you can, include the attach.txt or you can attach it to this reply....... or, you can submit a second reply with the attach.txt log, that is OK to do.


----------



## Sboutte (Jul 2, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 20:18:45 on 2012-07-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.45 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [Weather] c:\program files\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PC MightyMax 2011 Tray Icon] "c:\documents and settings\owner\local settings\application data\pc mightymax 2012\TrayIcon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
TCP: Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-11-12 266240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-6 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-6 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
.
=============== Created Last 30 ================
.
2012-07-10 14:14:47 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{536b27cc-eb8a-4e69-b188-091b2f55efd4}\mpengine.dll
2012-07-10 03:52:34 -------- d-----w- C:\_OTM
2012-07-09 21:59:21 6762896 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-09 21:08:15 -------- d-sha-r- C:\cmdcons
2012-07-09 21:05:12 98816 ----a-w- c:\windows\sed.exe
2012-07-09 21:05:12 518144 ----a-w- c:\windows\SWREG.exe
2012-07-09 21:05:12 256000 ----a-w- c:\windows\PEV.exe
2012-07-09 21:05:12 208896 ----a-w- c:\windows\MBR.exe
2012-07-07 22:54:04 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2012-07-07 04:10:56 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-07-07 04:09:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-07 04:09:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-07-07 03:13:40 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-07-07 03:13:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-07 03:13:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-07 03:13:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-06 06:54:32 -------- d-----w- c:\documents and settings\owner\application data\licenses
2012-07-06 06:54:30 -------- d-----w- c:\documents and settings\owner\application data\PCMM2009
2012-07-06 06:54:22 -------- d-----w- c:\documents and settings\owner\application data\PCMM2012
2012-07-06 06:54:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\PC MightyMax 2012
2012-07-05 19:46:17 -------- d-----w- c:\windows\Downloaded Program Files
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-05 11:17:41 -------- d-----w- C:\New Folder (2)
2012-07-03 01:28:55 -------- d-----w- C:\backup
2012-07-02 22:06:23 -------- d-----w- c:\documents and settings\owner\application data\Windows Search
2012-07-02 15:28:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogMeIn Rescue Applet
2012-07-01 14:51:40 -------- d-----w- c:\documents and settings\owner\application data\SpeedyPC Software
2012-07-01 14:51:18 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-07-01 14:31:50 -------- d-----w- c:\documents and settings\owner\application data\CompuClever
2012-07-01 14:31:46 -------- d-----w- c:\program files\CompuClever
2012-06-28 17:19:47 -------- d-----w- c:\documents and settings\owner\application data\ParetoLogic
2012-06-13 00:48:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-07-06 02:13:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 02:13:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-07 18:06:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-07 18:06:23 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-07 18:06:22 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-01-17 17:35:38 1008936 -c--a-w- c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04:02 38147376 -c--a-w- c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 20:20:12.37 ===============


----------



## Sboutte (Jul 2, 2012)

Tray Icon.exe wouldn't let me delete, said access was denied So I didn't try to delete PC MM Folder. Let me know when you want me to run malwarebytes full scan.

Blessings

Sharron


----------



## Byteman (Jan 24, 2002)

Hi,

You could run a full scan with Malwarebytes any time you want to.

Please do this::: Delete that old OTM you downloaded. Get a new one here: Download *OTM by OldTimer*.

*Alternative Mirror 1*
*Alternative Mirror 2*

Save it to your *desktop. *

I don't think you got the copy and paste exactly right in OTM we ran before. I want to try again, OK?

Double click *OTM.exe* to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):

Using the Code box>> you have to make sure you get * all the text highlighted with your mouse cursor*.....it should turn dark like when you copy and paste a section of any text..... highlight in one sweep, all the way to the end of the code inside the box


```
:Processes
C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe
:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe"=-

:Files
C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe
c:\documents and settings\Owner\Application Data\licenses
c:\documents and settings\Owner\Application Data\c:\documents and settings\Owner\Application Data\PCMM2012
c:\documents and settings\Owner\Application Data\PCMM2009
c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012
c:\documents and settings\Owner\Application Data\SpeedyPC Software
c:\documents and settings\All Users\Application Data\SpeedyPC Software
c:\documents and settings\Owner\Application Data\CompuClever
c:\program files\CompuClever
c:\documents and settings\Owner\Application Data\ParetoLogic
c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe

:Commands
[purity]
[emptytemp]
[Reboot]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button. (In OTM window)

(((You should see some items listed in the *Results* area......

*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Paste the log in next reply.


----------



## Sboutte (Jul 2, 2012)

Well, I tried twice with each link and still no go. I checked both times and my paste began with rocesses and ended with [reboot] so unless there is something else I'm not seeing it just didn't work. As you said each time it has cleared the desktp and the taskbar. The last 2 times Microsoft Essentials tried a popup telling me my puter wasnj't protected so I don't know if that interfered or not. I also looked for the file under _ot but they were all empty. The logfile looked the same so if you need it I will send it, attached this time LOL

While I was at it I went to try and remove the MM tray icon with no luck but the first time I accidentally went to app Data before local settings and found a copy of MM from 2009 and another one for 2012 but it has different stuff in it (no tray icon) I also saw a folder for PCcleaners and I thought that was supposed to be deleted! Man those programs leave traces all over the place!

I'm going to do malwarebytes now and just let it run while I go to bed.

Sweet Dreams

Sharron


----------



## Sboutte (Jul 2, 2012)

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.10.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-3DC5C40E2A [administrator]
Protection: Enabled
7/11/2012 12:34:34 AM
mbam-log-2012-07-11 (04-56-42).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361758
Time elapsed: 1 hour(s), 29 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\Owner\My Documents\VideoDownloadConvert.exe (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1110\A0103250.exe (PUP.FunWebProducts) -> No action taken.
(end)

This doesn't say anything about malicious software. Should I delete them? I'm not even sure what they are.

Have a great day!


----------



## Sboutte (Jul 2, 2012)

Last night I got another message about my virtual memory being too low and windows was having to increase the size, Is this something that will be repaired when I get another memory bar to install...and install it! LOL


----------



## Byteman (Jan 24, 2002)

I think you have the trial FULL version of Malwarebytes and you also need to disable that program as it prevents letting the computer make changes we need such as the script we are using for OTM

Right-click on the MBAM icon in the System Tray and *uncheck* Enable Protection.

When asked, "Are you sure you want to disable the MBAM Protection Module?", click *Yes.*

Right-click on the MBAM icon again and then *uncheck* Start with Windows.

The Protection Module is now disabled and will not restart.

Then please try OTM once again. Use this link, to download the file to your dekstop>>> OTMbyOldTimer

The alternates are in different format for folks having trouble starting programs, it's OK, just try once more, using OTMoveit.exe

Remember, have your antivirus disabled AND Malwarebytes turned off. If you do get the OTM script to work, it will take care of those folders and files you mentioned, that is what it is for, to delete things listed!

The reason you are having trouble is something and I hope it is MBAM, is protecting the files from being removed/moved.

Oh, the two things found are optional to remove, the FunWebProducts freebies are unsecure, that is why they are found, but they are not terribly harmful, they can lead to other spyware/adware though.

Virtual memory running low= the system is running out of resources, usually a restart will help if you see that.

We can work on that later and yes, adding RAM module should help.


----------



## Sboutte (Jul 2, 2012)

Well it failed again and I sis so want to come back with good news. That popup from MSE saying I was unprotected came up again. I went on a search through my Explorer and founf an old copy of AVG in my backup and I'm trying to think of the other antivirus program I had on my puter but my head is so full right now I can't seem to think. Of course it was a long time ago and I'm not even sure it was on this computer unless it came with it. 

I'm going to try again and this time wait until MSE opens it's little popup JIC, then I'll open OTM. BTW how long should it take for the results screen to show results? Since my puter has been running so slowly I have been giving it 15 minutes.

Later!


----------



## Sboutte (Jul 2, 2012)

It worked, the only thing I did differently was go back into MSE and unchecked the Default actions, the popup still came up. I did have to reboot. I went to _OT even though it created its own notepad report and found a folder which has the mighty max in it. I just closed the folder and did the copying so here it is!

All processes killed
========== PROCESSES ==========
No active process named C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe not found.
========== FILES ==========
C:\Documents and Settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe moved successfully.
c:\documents and settings\Owner\Application Data\licenses folder moved successfully.
File/Folder c:\documents and settings\Owner\Application Data\c:\documents and settings\Owner\Application Data\PCMM2012 not found.
c:\documents and settings\Owner\Application Data\PCMM2009\diagnostic folder moved successfully.
c:\documents and settings\Owner\Application Data\PCMM2009 folder moved successfully.
c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012 folder moved successfully.
c:\documents and settings\Owner\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
c:\documents and settings\Owner\Application Data\SpeedyPC Software folder moved successfully.
c:\documents and settings\All Users\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
c:\documents and settings\All Users\Application Data\SpeedyPC Software folder moved successfully.
c:\documents and settings\Owner\Application Data\CompuClever\PC TuneUp Maestro\defragbackup folder moved successfully.
c:\documents and settings\Owner\Application Data\CompuClever\PC TuneUp Maestro folder moved successfully.
c:\documents and settings\Owner\Application Data\CompuClever folder moved successfully.
c:\program files\CompuClever folder moved successfully.
c:\documents and settings\Owner\Application Data\ParetoLogic\RegCure Pro folder moved successfully.
c:\documents and settings\Owner\Application Data\ParetoLogic folder moved successfully.
File/Folder c:\documents and settings\Owner\Local Settings\Application Data\PC MightyMax 2012\TrayIcon.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33036 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 38304 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 24883978 bytes
->Temporary Internet Files folder emptied: 8176064 bytes
->Java cache emptied: 37334236 bytes
->Flash cache emptied: 1012 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 147413 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 5221934 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 73.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 07112012_124732
Files moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll moved successfully.
Registry entries deleted on Reboot...

Now waiting for further instructions
Have a great day!


----------



## Byteman (Jan 24, 2002)

Hi, * No need for you to do another full scan with Malwarebytes....we will take care of the 2 items found in your last scan by a different route, they are in Windows System Restore Points and we will be taking care of those shortly, OK?*

I'm not sure if you did see my reply earlier (Post #34 ) about *turning off the Malwarebytes protection-* the trial version you have is their full version, which includes real-time protection, similar to an antivirus program...... that is what I had in mind as keeping the OTM fix from running....

When Malwarebytes or MSE, gives you a message that "protection is disabled"--- then that is OK when we want it set that way, because we are trying to fix malware and move or delete files, OK?

If you changed the defaults in Microsoft Security Essentials and that caused the script to run then at least we accomplished what we needed to do and I am OK with that! I do think though, that it was turning off the Malwarebytes program's protection (it protects the files and programs on your computer, not protection FOR the Malwarebytes program itself)

*Need to see a brand new DDS log please, hopefully the last one!*


----------



## Sboutte (Jul 2, 2012)

I have been turning off real protection, just this time I also turned off the default.

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 21:00:18 on 2012-07-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.202 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\WeatherBug\Weather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [Weather] c:\program files\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PC MightyMax 2011 Tray Icon] "c:\documents and settings\owner\local settings\application data\pc mightymax 2012\TrayIcon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
TCP: Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-11-12 266240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-6 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-6 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-11 40776]
.
=============== Created Last 30 ================
.
2012-07-11 19:39:09 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48d8f775-3db5-4b81-bf46-88ed828ae900}\mpengine.dll
2012-07-11 13:16:46 6762896 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-11 05:33:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-10 03:52:34 -------- d-----w- C:\_OTM
2012-07-09 21:08:15 -------- d-sha-r- C:\cmdcons
2012-07-09 21:05:12 98816 ----a-w- c:\windows\sed.exe
2012-07-09 21:05:12 518144 ----a-w- c:\windows\SWREG.exe
2012-07-09 21:05:12 256000 ----a-w- c:\windows\PEV.exe
2012-07-09 21:05:12 208896 ----a-w- c:\windows\MBR.exe
2012-07-07 22:54:04 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2012-07-07 04:10:56 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-07-07 04:09:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-07 04:09:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-07-07 03:13:40 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-07-07 03:13:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-07 03:13:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-07 03:13:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-06 06:54:22 -------- d-----w- c:\documents and settings\owner\application data\PCMM2012
2012-07-05 19:46:17 -------- d-----w- c:\windows\Downloaded Program Files
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-05 11:17:41 -------- d-----w- C:\New Folder (2)
2012-07-03 01:28:55 -------- d-----w- C:\backup
2012-07-02 22:06:23 -------- d-----w- c:\documents and settings\owner\application data\Windows Search
2012-07-02 15:28:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogMeIn Rescue Applet
2012-06-13 00:48:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-07-06 02:13:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 02:13:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-07 18:06:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-07 18:06:23 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-07 18:06:22 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-01-17 17:35:38 1008936 -c--a-w- c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04:02 38147376 -c--a-w- c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 21:01:27.51 ===============


----------



## Sboutte (Jul 2, 2012)

Hi Byteman,
Hope I didn't seem short, I was just looking at my last post and I didn't even say goodnight or anything. My dogs were all barking at once! So I just hit reply and let them out. anyway...have a great evening and tomorrow!

Sharron


----------



## Byteman (Jan 24, 2002)

Hi, Please look in your Control Panel>>then in Add/Remove programs and UNinstall this if you see it:

MarketResearch

or- any of the PCMightyMax'w

OR_ any CompuClever -OR-

SpeedyPC SpeedupMyPC etc et5c

Then please:: We are this time going to use ComboFix to run a script. Follw these directions! You won't have them in front of you so print them or SAVE this whole post in text as a Notepad file...that you can have open to read while you are fixing things. OK when you are ready, do not do anything else while you do the below.............

Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._

```
KillAll::
DDS::
mRun: [PC MightyMax 2011 Tray Icon] "c:\documents and settings\owner\local settings\application data\pc mightymax 2012\TrayIcon.exe"

Folders::
c:\documents and settings\owner\application data\PCMM2012

Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.








This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.

When the computer has restarted and after the ComboFix log is available, copy and paste the log to a Reply here.

Then I would like to see a new DDS log. Thank you!

*Tomorrow I will be not here until later Eastern DST around ....... 3 PM New York time probably. *


----------



## Sboutte (Jul 2, 2012)

None of the programs you listed were under ADD/Remove Programs. I did see MM where it was moved yesterday, not sure about the others and I didn't open MM up so I don't know about an install or delete.

ComboFix 12-07-12.02 - Owner 07/12/2012 9:45.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.245 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 14:57 . 2012-07-12 14:57 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-07-12 14:57 . 2012-07-12 14:57 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-07-12 14:57 . 2012-07-12 14:57 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-07-12 14:57 . 2012-07-12 14:57 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-07-12 14:57 . 2012-07-12 14:57 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-07-11 19:39 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{48D8F775-3DB5-4B81-BF46-88ED828AE900}\mpengine.dll
2012-07-11 13:16 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 05:33 . 2012-07-11 05:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-10 03:52 . 2012-07-10 03:52 -------- d-----w- C:\_OTM
2012-07-08 22:34 . 2012-07-11 19:15 -------- d-----w- c:\windows\debug
2012-07-07 22:54 . 2012-07-07 22:54 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2012-07-07 04:10 . 2012-07-07 04:10 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-07-07 04:09 . 2012-07-07 04:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-07 04:09 . 2012-07-07 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-07-07 03:13 . 2012-07-07 03:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-07-07 03:13 . 2012-07-07 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-07 03:13 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-07 03:13 . 2012-07-07 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-06 06:54 . 2012-07-06 06:54 -------- d-----w- c:\documents and settings\Owner\Application Data\PCMM2012
2012-07-06 02:19 . 2012-07-06 02:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-07-06 02:14 . 2012-07-06 02:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-07-06 02:13 . 2012-07-06 02:14 -------- d-----w- c:\program files\Google
2012-07-05 19:46 . 2012-07-05 19:46 -------- d-----w- c:\windows\Downloaded Program Files
2012-07-05 17:59 . 2012-07-05 17:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-05 11:17 . 2012-07-11 19:12 -------- d-----w- C:\New Folder (2)
2012-07-03 01:28 . 2012-07-03 01:29 -------- d-----w- C:\backup
2012-07-02 22:06 . 2012-07-02 22:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2012-07-02 15:28 . 2012-07-02 22:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet
2012-06-29 05:14 . 2012-06-29 05:14 -------- d-----w- c:\program files\Microsoft.NET
2012-06-13 00:48 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 02:13 . 2012-03-30 13:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 02:13 . 2011-05-15 03:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2006-05-07 00:24 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-07 18:06 . 2012-06-07 18:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-07 18:06 . 2012-06-07 18:06 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-07 18:06 . 2010-05-26 19:03 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 15:50 . 2009-08-19 23:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-05-07 00:24 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-05-07 00:24 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-08-07 03:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2006-05-07 00:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2006-05-07 00:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2006-05-07 00:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-08-07 03:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2006-05-07 00:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2006-05-07 00:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2006-05-07 00:24 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 03:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2006-05-07 00:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2006-05-07 00:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2010-09-11 17:38 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2010-09-11 17:38 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-05-07 00:24 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-05-07 00:24 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2006-05-07 00:24 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-05-07 00:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-05-07 00:24 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2006-05-07 00:24 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 05:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2006-05-07 00:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-01-17 17:35 . 2011-01-17 17:35 1008936 -c--a-w- c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04 . 2010-12-17 21:03 38147376 -c--a-w- c:\program files\QuickTimeInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-06 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-8-18 21504]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-6-21 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [11/12/2010 10:07 PM 266240]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/6/2012 10:13 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/6/2012 10:13 PM 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2012 9:14 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 8:32 AM 257224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2012 9:14 PM 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/11/2012 12:33 AM 40776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:13]
.
2012-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-07-12 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2012-07-12 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2012-07-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-07 02:33]
.
2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{E8CF57D3-0A42-4F7C-A14A-8B742D99AA68}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
2012-07-12 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 03:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 09:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WININET.dll
c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-07-12 10:09:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 15:09
ComboFix2.txt 2012-07-09 21:27
.
Pre-Run: 46,775,136,256 bytes free
Post-Run: 46,764,515,328 bytes free
.
- - End Of File - - D070CE7A615411A825BF98F1F7113472


----------



## Sboutte (Jul 2, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 10:16:23 on 2012-07-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.159 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
TCP: Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-11-12 266240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-6 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-6 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-11 40776]
.
=============== Created Last 30 ================
.
2012-07-11 19:39:09 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48d8f775-3db5-4b81-bf46-88ed828ae900}\mpengine.dll
2012-07-11 13:16:46 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-11 05:33:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-10 03:52:34 -------- d-----w- C:\_OTM
2012-07-09 21:08:15 -------- d-sha-r- C:\cmdcons
2012-07-09 21:05:12 98816 ----a-w- c:\windows\sed.exe
2012-07-09 21:05:12 518144 ----a-w- c:\windows\SWREG.exe
2012-07-09 21:05:12 256000 ----a-w- c:\windows\PEV.exe
2012-07-09 21:05:12 208896 ----a-w- c:\windows\MBR.exe
2012-07-07 22:54:04 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2012-07-07 04:10:56 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-07-07 04:09:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-07 04:09:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-07-07 03:13:40 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-07-07 03:13:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-07 03:13:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-07 03:13:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-06 06:54:22 -------- d-----w- c:\documents and settings\owner\application data\PCMM2012
2012-07-05 19:46:17 -------- d-----w- c:\windows\Downloaded Program Files
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-05 17:59:07 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-05 11:17:41 -------- d-----w- C:\New Folder (2)
2012-07-03 01:28:55 -------- d-----w- C:\backup
2012-07-02 22:06:23 -------- d-----w- c:\documents and settings\owner\application data\Windows Search
2012-07-02 15:28:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogMeIn Rescue Applet
2012-06-13 00:48:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-07-06 02:13:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 02:13:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-07 18:06:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-07 18:06:23 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-07 18:06:22 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-01-17 17:35:38 1008936 -c--a-w- c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04:02 38147376 -c--a-w- c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 10:17:19.09 ===============


----------



## Byteman (Jan 24, 2002)

Please download this and run it from your Desktop:

AVG Removal utility

This is to look for and get rid of any remnants of the old AVG antivirus program you used previously.

Believe it or not, the scripts we have used to get rid of a folder are not working.

The PCMM 2012 folder still shows in the latest DDS log. After running the AVG tool, please do this:

Using Windows Explorer navigate to *c:\documents and settings\owner\application data\PCMM2012*

Highlight PCMM 2012 folder on the left side and see if and *files or sub-folders show on the right pane...if so, try manually deleting them all. Let me know what you find and if they delete. Lastly- delete the main folder if you can.

Then, need to see a HijackThis log.*


----------



## Sboutte (Jul 2, 2012)

You didn't say if you wanted this or not but I sent it JIC. I'm having problems finding Application Data folder. I've looked through My computer on start menu and through Win Explorer so I'm going to reboot and try again. I know I saw that MM folder just the other day


----------



## Sboutte (Jul 2, 2012)

Never did find MM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:19 PM, on 7/13/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\New Folder (2)\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9478 bytes


----------



## Sboutte (Jul 2, 2012)

ok, I finally found PCMM and deleted all of it, there was only several icons at 1 kb. However there is a CompuClever with PC TuneUp Maestro with 161 kb and another folder titled defragBackUp which has 6.2 mb. Do you want those deleted as well?

These were found under Local settings\app data

later


----------



## Sboutte (Jul 2, 2012)

just realized that where I found this stuff was in the OT file\Moved files. The current app data file has nothing


----------



## Sboutte (Jul 2, 2012)

Local Settings/temp is ladHide5.dll with 24 kb. do you want that deleted?


----------



## Byteman (Jan 24, 2002)

Hi, Could not reply yesterday due to cable internet service being out........

No need to delete that file > * ladHide5.dll * It belongs to a program known as Backweb that comes installed on
several brands of computers as a game portal....... anyway it's appaently been already moved by OTM, and will be gone shortly....

If a future scan done with any security program picks it up, it's usually an Optional one to remove, that is, in Malwarebytes it may appear but be UNcheckmarked for removal as the more serious items would be. It's a manual removal,
you can do that by putting a checkmark into it's selection box when you do a FULL scan. Up to you, but it looks like the main Backweb program has been already UNinstalled at some point.

Anyway.....

I think we need you to complete this online antimalware scan which will show us if anything remains on the system to remove: Note, this is a long scan, and it has to be done with the special settings I have below, so make sure you do set things that way in your scan settings before you scan. And, be sure to post the log....

Please run a free online scan with the *ESET Online Scanner*
*Note*_: You will need to use Internet Explorer for this scan_
Tick the box next to *YES, I accept the Terms of Use*
Click *Start*
When asked, allow the ActiveX control to install
Click *Start*
Make sure that the options *Remove found threats* is _NOT_ selected and the option *Scan unwanted applications* is selected.
Click *Scan* (This scan can take several hours, so please be patient)
If there are threats that are found, please press *List of found threats* and then in the next window that opens press *Export to text file...*
Copy and paste/or attach that log as a reply to this topic
**Note** *If no threats are found there will not be a log created.*


----------



## Sboutte (Jul 2, 2012)

Hi Byteman,

No problem with yesterday...everyone should take a day off once a week! It's a mandate LOL If you go too long then the universe takes over and makes sure you get the message.

Have a great day

C:\My Backup -- 07-12-09 1213\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\VideoDownloadConverter_4zEI\Installr\2.bin\4zEIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\VideoDownloadConverter_4zEI\Installr\2.bin\4zEZSETP.dll Win32/Toolbar.MyWebSearch.Q application
C:\Program Files\VideoDownloadConverter_4zEI\Installr\2.bin\NP4zEISb.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1038\A0091798.exe Win32/Adware.RK application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1038\A0091799.exe a variant of Win32/Adware.RK application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1039\A0092699.dll probably a variant of Win32/Adware.RK application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1039\A0092700.exe a variant of Win32/Adware.RK.AE application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1100\A0099464.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1100\A0099465.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1100\A0099466.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1100\A0099467.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1100\A0099468.exe Win32/SpeedUpMyPC application


----------



## Byteman (Jan 24, 2002)

Hi,

UNinstall this program, apparently is adware type stuff. *VideoDownloadConverter_4zEI*

It should be in your Control Panel> Add/Remove Programs

There may also be an uninstaller file located right in the Program Files folder for VideoDownloadConverter, find it in
Windows Explorer

c:\program files\VideoDownloadConverter_4zEI

Highlight that folder and on the right hand side, you may find the uninstaller, similar to>>> * uninst000.exe* like that....

and you can double click that to start the Uninstall for VideoDownloadConverter. This thing seems to have been part of the MyWebSearch .... or it became part of the toolbar later.

The rest of the stuff is in your System Restore Points and we will be getting rid of all that in just a sec.

Let's clean up: (Thanks to kevinf80 for some of these instructions)

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.

*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*

We need to remove ESET Online Scanner.


 Click Start, click Run, type *control appwiz.cpl* in the Open box, and then press ENTER.
 Click to select *ESET Online Scanner* from the application list, and then click Remove. Only re-boot if prompted

*Step 3*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

*Any tools/logs remaining on the Desktop can be deleted.*

*Step 4*

NEXT: Can't remember if I already posted this for you, get it and use it, keep it, very simple but effective way to clean up the temp files.

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop
 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*.
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

How are things now?


----------



## Sboutte (Jul 2, 2012)

Things seem to be running more quickly now. Somehow MyWebSearch got into my browser and opened earlier when I signed into Explorer. It had taken out my homepage and all other toolbars. 

I ran OTC and it only cleared a couple of items so I ran it again and same thingg so I deleted them, I got SuperAntiSpyware through Add/Remove but the rest of them including Hijackthis and Gmer weren't listed so I just deleted them. i haven't ran TFC as yet but will when I get through with this reply.

I found the source of that VideoConverter file. While I was working with the .bup extension I needed to run my daughter's Brainetics one of the techs Bite....something I can't recall right now suggested a program VCL so I went to the site and downloaded it. It took me to the next page which had a button named Download now so I did and that was the converter. When it didn't work I got rid of it but it left that file behind so I downloaded it again and ran uninstall and it got the file..

I still have a popup when I reboot from HP informiing me that I am out of ink as if I didn't know and it takes 6 minutes for that message to appear and the desktop to settle down. So if you have any idea how to rid myself of that I'd appreciate it. I know there were a couple of other things but you said we'd have to take that to another forum.

Thank you so much for all your hard work, I truly appreciate it! I feel like I've really gotten an education here LOL

Have a great Day!

Sharron


----------



## Sboutte (Jul 2, 2012)

For some reason the System Restore was turned off so I had to turn it back on and create a restore point. Done! BTW reboot was faster after running TFC. I didn't know there were so many temp file points on my puter!


----------



## Byteman (Jan 24, 2002)

OK, sounds like you have good grip on things! OTC can only delete certain things.... as long as you cleaned up the rest, it should be fine.

Here is one thing I would like you to do: Security checker.....very small, just tells us if you might need for example....latest Java Update which I think you will need....

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Next:

Keep *TFC * > as you saw, it is a useful tool to have! (safer too than some other cleaneruppers)

By now you should have your antivirus back on with real-time protection running.... make sure that it is.

For Malwarebytes:

I think you have version 1.60 On July 11th, Malwarebytes released ver. 1.62 which is an improvement....

If you did purchase the full version during the time you used the free trial then you are OK and the program should update itself. If not> there is a known problem with a trial period loop in the ver 1.60 & that the new version avoids.

I would advise you to remove the older trial version and get the new *again, either the free or PRO version*)

Use This  it's their removal tool which will uninstall the old version of MBAM....

You can save the Logs if you wish to, just copy and paste one and save it in your Documents if you wish to refer to it) You can Delete the Quaranitined items from MBAM now, too. They can be accidentally released from Quarantine!! We don't need that to happen- OK to Delete items in Quarantine just be SURE you do not hit the Restore button!

*NOTE: IF you are going to use the paid version (Full or PRO if you purchase it) YOu will benefit from changing a couple of settings to Exclude MBAM from the antivirus program (Microsoft's) and from MBAM for Microsoft Security Essentials.... an explanation is here:*

*http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=181018&#entry181018*

Please change the Microsoft Security Essential settings now, if you plan to install the TRIAL of the PRO version of MBAM since that enables the realtime features that could conflict with MSE's....

After you have run the MBAM removal tool, install the new version 1.62 to your choice and Update it....here is a link to get it and information

*http://www.malwarebytes.org/products/malwarebytes_free* < from this link you can select either the Free version....
or PRO 14-day trial,,,,, or purchase the full version right then......your choice.

*Free version :: * I think during the first time it runs *after you install it, you see a* * "TRIAL"* button....and also, you see the* "DECLINE"* button and that is when you choose to use the 14-day trial PRO or the free version ( yes you have to pick which you want, you get the free version which does not have the real time protection by DECLINING the TRIAL one)

OK......

*As long as you have turned System Restore back on, and have created the first Restore Point, you are good to go.*

If you see a folder named "Qoobox" in Drive C: in your Windows Explorer ----that is from ComboFix. It can be deleted but you have to empty the files etc first.

You could have kept SuperAntispyware if it was the free version....that does not interfere with anything, as it is a scan/remove utility similar to the free version of Malwarebytes..... only the *paid version includes the active protection features.*

You have been a good "student"!


----------



## Sboutte (Jul 2, 2012)

OK> if some time you want to read up on computer security features here is a quote from a malware specialist here:
***************

Is this the library? I've already been going there to learn some and thank you very much for the "good student" statement  You have been a wonderful teacher!

I just can't express how much I appreciate all you've done for me. I know it was a *****! You are something else to work and volunteer so much of your time.

Have a great life! (((((((((Byteman))))))))))

Sharron


----------



## Sboutte (Jul 2, 2012)

Results of screen317's Security Check version 0.99.42 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
*`````````Anti-malware/Other Utilities Check:`````````* 
Java(TM) 6 Update 29 
*Java version out of Date!* 
Adobe Reader 9 *Adobe Reader out of Date!* 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 2% 
*````````````````````End of Log``````````````````````*


----------



## Sboutte (Jul 2, 2012)

When do I get to progress from beginner?


----------



## Byteman (Jan 24, 2002)

Sboutte said:


> When do I get to progress from beginner?


 um.... you cannot be a beginner once you have begun!:up:

I left out what I wanted to post about some things to read> After you have installed the newest Adobe Flash Player AND newest version of the Java Plugin you can check your other apps

FIRST:: Read down through this and then, do them!

Check for the latest version of Flash Player here > http://www.adobe.com/software/flash/about/

I have * version 11,3,300,265 * installed on mine.

Next, do Java:

*HERE*

Save the file somewhere you can find it, My Documents folder is fine, or Downloads if you are using Firefox browser....

Find the Java install file you downloaded and double click it. During install, There will probably be a checkbox with a checkmark in it, offering you a bundled app like GoogleToolbar, Ask Toolbar, etc you can UNcheck that box..........you have a good supply of "extras" already!!

It may poke along...normal.....when finished, you should UNinstall all the older versions of the Java plugin you find in your Add/Remove Programs list, like this below:


Windows XP - Uninstall old java
Click Start
Select Control Panel
Click the Add/Remove Programs control panel icon
The Add/Remove control panel displays a list of software on your system, including any Java software products that are on your computer. Remove the OLDEST version first... *Older versions of Java may appear in the program list as J2SE Runtime Environment or Java 2 Runtime Environment. Your old version is shown as Java(TM) 6 Update 29 *
Select any that you want to uninstall by clicking on it, and then click the Remove button.
Leave the new version there of course!

NEXT:: To check versions of apps so you are up to date::

*Go here*>> http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any *Beta* updates.

You will see you need an update for Adobe *Reader* and there may be others for you to update.

*Use a safer web browser* I prefer Opera or Google Chrome right now. You CAN use more than one or two. You may have an alternative to Internet Explorer already, in that case, if you are happy skip getting more= *optional*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Get WOT Saves guesswork, keeps you safer*
*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

That's about it! You do have a LOT of startup things trying to load when you start the computer.

Once you are all done with the updates etc....(and you have had time to catch your breath), let me know how you are doing and I can have flavalee help you with trimming down the startups which should make things even better.


----------



## Sboutte (Jul 2, 2012)

Well...Add/Remove has listed Java 6.29 and it cannot find the program. I did a manual search and found Java 6.19 (I know there are other numbers in there but you get my drift...I hope) and no uninstaller with the program. I didn't want to just delete without asking first. I'm not that far past being a beginner! LOL I will look some more for 29, but it is looking for it in Docs & setngs/local settings/owner (or vice-versa) and I can't find that. I was even looking for it the other night and couldn't find the local settings.

I think my brain is fried!

Later...


----------



## Sboutte (Jul 2, 2012)

Ok...I have done a manual search of everyplace I would think Java might be...
Version 6.0.170.4 (not 19 like I did a typo of in last post) is in a backup file. Does that need to get deleted or uninstalled since it is backup?

The other version is 6.0.320.5 in the same file as today's download. No sign of 6.29 which is listed in add/remove, no sign of Local Settings under Docs and Sets

I'm totally at a loss here as to what to do. so I guess I should stop right here before I go on to your NEXT list


----------



## Byteman (Jan 24, 2002)

Hi,

Seems that the older Java ver. 6 Update 29 has already been removed...prehaps the System Restore you did changed it and the entry in Add/Remove is a leftover....

Go to it again, this time click as if you wanted to Remove the old Java version....are you then prompted about the program being uninstalled and do you want to remove the entry from the A/R list? If so.....say Yes.

Then version of Java you should have is> *Version 7 Update 5* and it should show up in the Add/Remove Program's list in Control Panel, if so, leave it alone, that is the one to keep.

If no other versions are listed> you are OK.

The reason you now cannot see your *Local Settings* folder is that we have re-hidden it by using OTClean

Remember, I had you UNhide system, and hidden folders by changing settings? We had to do that to work but it is not the best way to have settings. There really isn't any need to chase down those "leftovers" for Java.

We were only interested in UNINSTALLING the older versions which is not quite the same as deleting items.

If you have the Java 7 installed..... continue.


----------



## Sboutte (Jul 2, 2012)

Hi Byteman

Tonight on Google I tried to go to a page and got the message that Google couldn't find Java. After reading your message I went to Add/Remove and tried again. The messages I got were...

The feature you are trying to remove is on a network resource that is unavailable.

Then...

click ok to try again or enter an alternate path to a folder containing the install package jre1.6.0_19-c.msi in the box below.

Next...

The path C:\Documents and Settings\Owner\Application Data\Sun\Java\jre 1.6.0_19\jre 1.6.0_19-c.msi can't be found. Verify that you have access to this location and try again or try to find the install package jre 1.6.0_19-c.msi in a folder from which you can install the product Java (TM) 6 Update 29.

Last...

The installation source for this product is not available. Verify that the source exists and that you can access it.

I think I told you in my last post that I did a manual search, I even did a computer search and couldn't find it. I did find an empty folder entitled Sun with another folder which said jre6 but it was empty too.

Later ...


----------



## Byteman (Jan 24, 2002)

Then that old version of Java has been UNinstalled and you now need to follow the installation steps in my last reply.....

Here is one step---- to check at the www.java.com site which will confirm what version, *if any, is installed now * before you do install the latest version. I was asking you to try the steps in the Control Panel>Add/Remove Programs, since you said there was an entry for Java 6 Update 29, right? Sometimes the entry remains in the list there.... you told me there was an entry there.

You last told me that when you used a Google page, a message indicated you did not have Java....following my steps should take care of that for you.

Searching through folders on your hard drive is not what you need to do..... it seems that part of Java at least has been removed.... you COULD re-download that same old version, and then UNinstall it, that is one way often have to advise you fix a problem with a partial or messed up uninstall.

*http://www.oldapps.com/java.php?old_java=6728?download*

Click that link, which will eventually pop up the File Download small window......Save the file onto your Desktop, or other location of the hard drive where you can find it.....then double click it to let it install.

When it finishes......from the Start button, Settings>Control Panel>Add/Remove Programs

Find Java 6 Update 29 and click it then click *Uninstall* and let it be uninstalled. We need to UNinstall the Java 6 Update 29, as it is a security risk, and malware makers target the older versions..... this is one way your computer can get infected.

Always get updated when Java or Flash updates prompt you to do so.

_ _ _ _ _ _ _ _ Then:

So, after you UNinstall that older version to see if it will help with more complete removal, we need you to INSTALL the newest version of the Java software, which is Java 7 Update 5....

*HERE*

The file name and type is this>>>>> *Windows Offline filesize: 20.1 MB * and at the Java site, you will be seeing a clickable link to download the installer.

Save the file somewhere you can find it, the My Documents folder is fine, or Downloads if you are using Firefox browser....

Find the Java install file for Java 7 you downloaded and double click it. During install, There will probably be a checkbox with a checkmark in it, offering you a bundled app like GoogleToolbar, Ask Toolbar, etc you can UNcheck that box..........you have a good supply of "extras" already!!

And then, go and confirm that you have the latest version here>>> http://www.java.com/en/download/installed.jsp

You should see a message come up that you do have the latest version - simple!


----------



## Sboutte (Jul 2, 2012)

I did that today with Java 7...uninstalled through add/remove and then reinstalled it. My check through folders found that the version 6 which is actually on my puter is 6.32 so I have 6.29 in add/remove and 6.32 in program files. Sheesh! I wish all these programs would be required to put an uninstaller with them! Of course I'm sure I'm not the only one who wishes that. I also updated MBAM with the MSE exclusions. So now I am running the download for old Java 2.29 then I gues I have to do the 6.32.

Have a great weekend!

BTW Am I the one supposed to close this out or will you do it when we are done?


----------



## Byteman (Jan 24, 2002)

Gosh, you did not understand my directions it seems.

You were to see if the entry for "a" version, which I understood to be showing there as java 6 Update 29....... was still there, and try the Uninstall button..... normally, if the Java itself had already been uninstalled or partially uninstalled.....and an entry was just left in the Add/Remove Programs list, you would get a pop up message that you could Remove the program's entry in that same list by clicking OK for the message.....

I did not mean for you do anything with Java 7 Update 5 but install it.

I did ask you to try REinstalling Java 6 Update (whatever update of *6* you SAW in the Control Panel, not in Windows Explorer's folders....just in Add/Remove Programs list.)

But, it's OK, you can do the reinstall for both Java 6 Update 32 and also with java 6 Update 29 and then UNinstall any Java *other than the newest (which is Java 7 Update 5). * I do not advise you to go hunting for any Java folders.

As I said, something happened to your old Java 6 Update (whatever version it applies to) and as you saw and posted....there was still an entry in Add/Remove Programs..... maybe the computer needed to be restarted?

This is not uncommon, to have just the program's name in Add/Remove Program's list in Control Panel and you are prompted by Windows to OK the removal of that program's name.

And, by first reinstalling that "messed up" old version, you then stand a good shot at a good UNinstall, which is all you need to do, then just install the Java 7 Update 5 as I posted....simple.

Please post back if your uninstall of the old Java 6's goes normally and you are able to get version 7 installed.


----------



## Sboutte (Jul 2, 2012)

Well I uninstalled java 7 again, then went to Java and got the installer for java 6.29 and tried to install it and it wouldn't let me, says same thing I wrote in prior reply...it's on a network resource that is unavailable. So I dug into java again and it is telling me I have to go into registry editor. Wish me luck!


----------



## Sboutte (Jul 2, 2012)

Oh Lord, I chickened out! Instead I tried to find the installer package that Windows is telling me is missing and java can't find it. That jre 1.6.0_19-c.msi file. I don't understand why it isputting the 1 there since its a version 6. Why is Windows looking for 6.19 anyway when I'm trying to remove 6.29? And yes I have been working through add/remove and that is where the popup is coming from, this comes in after the question if I'm sure I want to remove it and I click ok.

So just to be sure 6.29 is in add/remove and I should just ignore the 6.32 folder? 7 goes into same folder as 6.32. I guess you shouldn't have told me I was a good student. 

Later...


----------



## Sboutte (Jul 2, 2012)

Forgot to tell you I did use the link for older versions and 6.29 was all they found. They gave a download of jre-6u29-windows-i586-s and that is not what windows is looking for so I don't have any idea what is going on.


----------



## Byteman (Jan 24, 2002)

OK- need to see some logs before we try anything else

Please post a brand new DDS log. You will have to get DDS again here:

*. Please download DDS by sUBs to your desktop from one of the following locations:*
http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.infospyware.net/sUBs/dds/

Disable any script blocker (your antivirus program Microsoft Security Essentials) as they may interfere and then double-click the DDS.scr to run the tool.

*How to disable MSE when you run a scan with something else......*


MICROSOFT SECURITY ESSENTIALS- how to turn it off to run a DDS scan etc

 Open MSE and go to Settings > Real Time Protection.
Then uncheck "Turn on real time protection".
Exit MSE when done.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. POST here in a reply the DDS.txt and if you can, include the attach.txt or you can attach it to this reply....... or, you can submit a second reply with the attach.txt log, that is OK to do.


----------



## Sboutte (Jul 2, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 17:14:56 on 2012-07-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.203 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=21
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
TCP: Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-11-12 266240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-20 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-20 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-5 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
.
=============== Created Last 30 ================
.
2012-07-21 07:46:05	6891424	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43f39fae-1444-42fb-aa87-4babb63bd642}\mpengine.dll
2012-07-21 03:17:50	6891424	------w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-20 15:18:40	--------	d-----w-	c:\documents and settings\owner\application data\Malwarebytes
2012-07-20 15:18:19	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-20 15:18:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-20 15:18:19	--------	d-----w-	c:\documents and settings\all users\application data\Malwarebytes
2012-07-18 19:04:13	--------	d-----w-	c:\documents and settings\owner\local settings\application data\Sun
2012-07-18 03:10:58	--------	d-----w-	c:\program files\FileHippo.com
2012-07-09 21:08:15	--------	d-sha-r-	C:\cmdcons
2012-07-07 04:09:57	--------	d-----w-	c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-07-06 06:54:22	--------	d-----w-	c:\documents and settings\owner\application data\PCMM2012
2012-07-05 19:46:17	--------	d-----w-	c:\windows\Downloaded Program Files
2012-07-05 17:59:07	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2012-07-05 17:59:07	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-07-05 11:17:41	--------	d-----w-	C:\New Folder (2)
2012-07-03 01:28:55	--------	d-----w-	C:\backup
2012-07-02 22:06:23	--------	d-----w-	c:\documents and settings\owner\application data\Windows Search
2012-07-02 15:28:52	--------	d-----w-	c:\documents and settings\owner\local settings\application data\LogMeIn Rescue Applet
.
==================== Find3M ====================
.
2012-07-17 21:48:49	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-17 21:48:48	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 03:06:30	772544	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-07-06 03:06:20	687544	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-13 13:19:59	1866112	----a-w-	c:\windows\system32\win32k.sys
2012-06-07 18:06:24	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-06-05 15:50:25	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:50:25	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 22:35:26	222448	----a-w-	c:\windows\system32\muweb.dll
2012-06-04 04:32:08	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 20:19:44	22040	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38	15384	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34	15384	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30	17944	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 20:18:58	17136	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09	599040	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:08:26	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-11 14:42:33	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02	385024	------w-	c:\windows\system32\html.iec
2012-05-04 13:12:30	2192640	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19	2069120	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2011-01-17 17:35:38	1008936	-c--a-w-	c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04:02	38147376	-c--a-w-	c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 17:16:10.35 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2009 1:29:30 PM
System Uptime: 7/21/2012 2:34:32 AM (15 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel Celeron processor | Socket 775 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 46.965 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.711 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: 
.
==== System Restore Points ===================
.
RP1: 7/16/2012 4:22:29 PM - System Checkpoint
RP2: 7/16/2012 4:24:37 PM - 071612 after tech guy
RP3: 7/17/2012 3:01:05 PM - Software Distribution Service 3.0
RP4: 7/17/2012 6:41:38 PM - Installed Java(TM) 7 Update 5
RP5: 7/17/2012 6:42:31 PM - Installed JavaFX 2.1.1
RP6: 7/18/2012 7:48:54 PM - Software Distribution Service 3.0
RP7: 7/19/2012 2:12:04 AM - Software Distribution Service 3.0
RP8: 7/20/2012 2:12:38 AM - Software Distribution Service 3.0
RP9: 7/20/2012 7:44:23 AM - Removed Java(TM) 7 Update 5
RP10: 7/20/2012 7:45:44 AM - Removed JavaFX 2.1.1
RP11: 7/20/2012 7:53:51 AM - Installed Java(TM) 7 Update 5
RP12: 7/20/2012 7:54:38 AM - Installed JavaFX 2.1.1
RP13: 7/20/2012 7:55:21 PM - Removed iTunes
RP14: 7/20/2012 8:58:05 PM - Removed Java(TM) 7 Update 5
RP15: 7/20/2012 9:08:16 PM - Removed JavaFX 2.1.1
RP16: 7/21/2012 2:46:01 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
AIO_Scan
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Boatload of Crosswords
Bonjour
BufferChm
CCScore
Copy
Coupon Printer for Windows
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD Suite
eMachines Connect
eMachines Games
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
F2100
F2100_doccd
F2100_Help
fflink
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Product Detection
HP Solution Center 9.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
Itibiti RTC
Java Auto Updater
Java(TM) 6 Update 29
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
netbrdg
Notifier
OfotoXMI
Passport to Paradise
PSSWCORE
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Soft Data Fax Modem with SmartCP
Solar Fire Gold
Solar Spark v2.2
SolutionCenter
staticcr
Status
Three Cards to Midnight
Toolbox
tooltips
TrayApp
TurboTax 2009 wrapper
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
VPRINTOL
WebFldrs XP
WebReg
Windows Backup Utility
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WIRELESS
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
7/20/2012 8:00:34 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/20/2012 2:26:45 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================


----------



## Byteman (Jan 24, 2002)

Go to Start> Settings > Control Panel> Add/Remove Programs list 
Make sure there is a check-mark in "Show Updates" box at the top

and click on

Java(TM) 6 Update 29 once

when that entry is highlighted in dark blue, click Remove and OK the uninstall to run and let it finish.

Do NOT do anything with any folders....no going and deleting anything! We do NOT need to open the *Java icon in control panel* to delete or find anything.......and I think that is what you may have been doing....... we are only using the Add/Remove Programs entry that runs the uninstall. If you get a message I need it word for word

*IF when you highlight the entry, and do click on it once, and then click Remove, you get some weird message, STOP and just give me the message........ I MUST have it word for word....so have a pen ready and write it out and then include it in your reply. *

Restart the computer.

*IF things go right and the version 6 is uninstalled do the following*

Now, either use a download of the Java 7 Update 5 installer you saved and double click it to install this version of Java,

*OR  *

get a fresh download of it here >>>> *HERE*

save the file, double click to run the installer

((Remember, there is some bundled toolbar or software which you most likely are not interested in, so UNcheck that little box before you run the install.!)) The install can take several minutes....let it finish.

and you are done. Post a fresh DDS log, hopefully the last one.

I don't see what is the matter. I posted for you to install the Java 6 Update 29 in order to fix what was apparently a messed up uninstall...... reinstalling over top usually fixes things up so when you go to UNinstall the version 6, it will work correctly...we want to be rid of version 6 Update 29 ..... but we only want to run the uninstaller & we do not have to mess around with any folders.

Then, we want to install Java 7 Update 5 ......or leave it installed...... in the last log, it was showing that you had uninstalled it
so you will need to install it as I have given you the steps either from a previous downloaded installer package or a new one.

Then, show me new DDS and attach logs.


----------



## Sboutte (Jul 2, 2012)

Hello Byteman,

I know you are tired of this and you are not alone. OK, taking deep breath...

I close down Chrome, turn off real protection from MSE and open Add/Remove Programs

*Click once on Jave(TM) 6 Update 29:
Remove
Are you sure you want to remove Java(TM) 6 Update 29 from your computer? Yes and windows is preparing to remove...

Windows Installer;

The feature you are trying to use is on a network resource that is unavailable.

Click ok to try again or enter an alternate path to a folder containing the installation package 'jre 1.6.0_19-c.msi' in the box below.

Box below;

Use Source
C:\Documents and Settings\Owner\Application Data\Sun\Java\jre 1.6.0_19-c.msi
Click OK

Windows Installer;

The path C:\Documents and Settings\Owner\Application Data\Sun\Java\jre1.6.0_19\jre 1.6.0_19-c.msi cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'jre 1.6.0_19-c.msi' in a folder from which you can install the product Java(TM) 6 Update 29.
Click OK

and Windows Installer automatically tries again and I get another popup from...

Add or Remove Programs
! The installation source for this product is not available. Verify that the source exists and that you can access it.

So I go to folder My Documents/Downloads and click on installer package jre-6u29-windows-i586-s

Welcome to Java screen:

Java Setup
This software has already been installed on your computer. Would you like to reinstall it? 
Click Yes

Windows Installer

The feature you are trying to use is on a network resource that is unavailable.

Click ok to try again, or enter an alternate path to a folder containing the installation package 'jre 1.6.0_19-c.msi' in the box below.
C:\Documents and Settings\Owner\Application Data\Sun\Java\jre 1.6.0_19\
Click OK

Windows Installer

The path C:\Documents and Settings\Owner\Application Data\Sun\Java\jre 1.6.0_19-c.msi cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'jre 1.6.0_19-c.msi' in a folder from which you can install the product Java(TM) 6 Update 29.
Click OK

Note that this time it didn't put the two addresses in it only used the one with the c.msi on it instead of the first instance when I was trying to remove Java 6.29.

So that's what I get first in trying to remove 6.29 within Add or Remove Programs and then when I try to install 6.29 it does the same thing.

I am on ignore as far as folders go! I have looked and looked for that alternate path and even used the computer search. I think you said in an earlier post the 'Documents and Settings\Owner\Application Data\' path was removed by OTC. There is no Java Icon in my Control Panel.

Hope you have a great weekend! I understand if you need a break from this Take care...*


----------



## Byteman (Jan 24, 2002)

Hi,

For right now let's skip trying to remove any old entries in Add/Remove Programs.



> Do this: We are installing the newest version of Java plugin software.
> 
> Either use a download of the Java 7 Update 5 installer you have saved previously - double click it to install this version of Java,
> 
> ...


 *Regarding the "leftovers" from old Java versions-* part of the problem was most likely the various optimizing utilities you may have used, these things can cause problems. The Windows Installer is another part of the problem and I have been reading many posts around the Net about the same thing you are seeing. I will eventually come up with a "plan" and post some things for you to do. Get the new Java installed for now and get back to me.


----------



## Sboutte (Jul 2, 2012)

Hi Byteman,

Java 7u5 is up and running!

Thx and have a great day


----------



## Sboutte (Jul 2, 2012)

I went to a game site *Pogo.com to test the Java and it worked just fine. sometimes Imy puter runs slowly but it is after I've left it on over night and a scan has run and I didn't realize it or maybe just because it was on for so long. I;ve been trying to shut it completely down at night. My ac went out last Saturday and I don't want it running in this heat.

Upon close for a long time I've been getting popups about what task mgr is having to close...Device IQ or IO and lately Windowname saying thr=ey are not responding. Not sure where that belongs. I'm going to get that memory stick next week!

Later


----------



## Sboutte (Jul 2, 2012)

My49 yr old daughter played some game today through Google. I had the roller coaster put onmy New Tab and she started by clickin on that then chose another game but she doesn;t recall which one. When I came in the monitor was turned off and there looked to be a lot of interference on the screen. I had to do a cold boot (just turning it off. Couldn;t pull up task mgr even.)Everything was ok after it rebooted, just thought I should tell you. 



Should I close out this string or do you do it. Perhaps it is time to get on with the start stuff and then if we have to come back to this one. It is fine with me if you wish to leave it open for now. I've really enjoyed working with you. My air conditioning bit the dust during a storm last Saturday so it is rather hot in here right now. The one I want is out of stock right now, seems to be a popular one! Can't afford another central unit and research tells me that window units are a lot more efficient now than they used to be. I might install an attic fan to reduce the heat coming from the attic.

Take care and will see you later!


----------



## Sboutte (Jul 2, 2012)

...which clears up when I reboot. I have to just turn the puter off because I can't even pull up task mgr. Also I am having some problems with pages freezing. I ran Malwarebytes but it was ok. Maybe the low memory problem? I have to go back and check one of flavallee's posts where he sent me to analyze my memory. Perhaps they have good prices.


----------



## flavallee (May 12, 2002)

Sharron:

I received your private message. 

Byteman has been assisting you for the past 3 weeks, so it'll be his decision if I can jump back in.

Your daughter nor anyone else needs to be using that computer while you're being assisted here. 

----------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

gotcha!


----------



## Byteman (Jan 24, 2002)

Hi flavalee, I just checked my PM sent list....the PM I had written to you must not have actually got sent! Anyway, it is fine with me that you help here with startups or anything else. There does seem to be a RAM or perhaps a video issue.


----------



## flavallee (May 12, 2002)

Sharron:

Let's see a new HiJackThis log.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste the entire log here.

----------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

Hi Flavallee,

Looks like a bunch of stuff and puter is running slowly once more

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:25:29 PM, on 8/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Desktop\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9465 bytes


----------



## flavallee (May 12, 2002)

Go to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Write down ONLY the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them EXACTLY as you see them there.

-------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

igfxtray
hkcmd
igfxpers
RECGUARD
HPWuSchd2
YMailAdvisor
RTHDCPL
DefMgr
Reader_sl
AdobeARM
msseces
APSDaemon
qttask
mbamgui
cdloader 2
YspService
GoogleToolbarNotifier
ctfmon
HP Digital Imaging ...
Kodak EasyShare s...
KODAK Software U...
Windows Search
WkCalRem


----------



## flavallee (May 12, 2002)

Go to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Remove the checkmark in these startup entries:

*igfxtray

hkcmd

igfxpers

HPWuSchd2

RTHDCPL

DefMgr

Reader_sl

AdobeARM

qttask

mbamgui* - unless you have the paid version of Malwarebytes Anti-Malware

*GoogleToolbarNotifier

Kodak EasyShare software

Kodak Software Update

Windows Search

WkCalRem* - unless you need the calender reminder in Microsoft Works to alert you of dates

After you're all done, click Apply - OK/Close - Exit With Restart.

Go to Start - Run - *SERVICES.MSC* - OK.

Expand the services window so you can see the list more clearly.

Double-click these service entries, one at a time, to open their properties window:

*Adobe Flash Player Update Service

GameConsoleService

Google Update Service

Google Update Service

Google Software Updater

Java Quick Starter

PrismXL

Yahoo! Updater*

Set "Startup Type" on Manual, then click Apply - OK.

After you're all done, close the services window and then restart the computer.

When the small "System Configuration Utility" window appears during restart, ignore its message about the computer being in diagnostic/selective startup mode.

Do NOT change it to normal startup mode!!!

Put a checkmark in the lower left of that window, then click OK to close it.

--------------------------------------------------------------

Use the computer for awhile to see how it's running now and to make sure that everything is working okay.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

--------------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

I have to go to doctor and will run it a bit when I get back. I couldn't find startup type to put on manual. but did everything else you said. Double clicked and it turned the settings off and back on.

Will check back in about 3 hours.


----------



## flavallee (May 12, 2002)

I have no idea what you mean by this comment and what you did:

*Double clicked and it turned the settings off and back on.*

It's very simple to change the "Startup Type" setting in a service entry.

When you double-click a service entry, it brings up a properties window that looks like the screenshot below.

If "Startup Type" is on other than Manual, you click the "down" arrow to expand its list of settings, then select Manual.

You then click Apply - OK.


----------



## Sboutte (Jul 2, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:00:08 PM, on 8/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Desktop\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7668 bytes


----------



## Sboutte (Jul 2, 2012)

Sorry to get off on the wrong foot Flavallee, my daughter was talking to me and I was in a rush. When I clicked on Run it put up the last item I ran which was misconfig and I clicked on the services button there. Nothing was changed though


----------



## Sboutte (Jul 2, 2012)

Well, I've had a few problems this afternoon. Google froze up when I tried to open my Yahoo mail, it doesn't usually do that. I tried to run TFC and it wouldn't run. I watched a YouTube video and when I had it in full screen the audio was garbled, it worked fine when not in full screen mode. Yahoo mail opened under Google after I tried to open it in IE. Google opened with it and closed down IE. Another program took awhile to load.


----------



## flavallee (May 12, 2002)

I don't use Yahoo or U-Tube, so I'm not familiar with what issues they may have.

-------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

Hi Flavallee,

Was the HJT log I posted ok?


----------



## flavallee (May 12, 2002)

You haven't submitted a HiJackThis log in a week, so let's see a new one.

How is the computer running?

-----------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

It is still freezing up on me ata times, usually when I have left Google Chrome running for awhile. It also takes forever to open Google. When it is shutting down I get several popups stating that certain programs are ending like Task Mgr does. One of the programs is Device IO. I still haven't found the way to open BIOS to correct the SMART program. I tried F2 and delete like you said but that didn't work.

Have a good night!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:25:56 PM, on 8/15/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Desktop\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7511 bytes


----------



## Sboutte (Jul 2, 2012)

Quick note...I did purchase Malwarebytes and I do use the weekly reminder


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

*R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)

O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe*

ONLY after you confirm that you selected the correct log entries, click "Fix Checked - Yes".

Close HiJackThis.

-------------------------------------------------------

You might want to run another quick scan with *Malwarebytes Anti-Malware* and *SUPERAntiSpyware* AFTER you first run their update feature to get their definition files up-to-date.

Make sure to select and remove EVERYTHING they find.

-------------------------------------------------------

We've been working on your issues since July 5th, and it's pretty obvious that we're NOT going to get everything resolved.

-------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

MBAM didn't find anything, I went for the free trial version of SuperAntiSpyware and it found a bunch of stuff! I did as you said and removed everything and rebooted. I know it has been a long time working with me and I sure appreciate all you and Byteman have done. I think I'm gonna miss you guys! I've asked Byteman a few times if I was the one who had to mark this as being resolved or if you guys did it. My next step is to get more memory like you suggested. Is there a special place you recommend?

Blessings to you!

Sharron

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/16/2012 at 00:05 AM

Application Version : 5.5.1012

Core Rules Database Version : 9066
Trace Rules Database Version: 6878

Scan type : Quick Scan
Total Scan Time : 00:11:14

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 29029
Registry threats detected : 11
File items scanned : 7051
File threats detected : 360

Adware.HBHelper
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

PUP.PC MightyMax
C:\Documents and Settings\Owner\Application Data\PCMM2012\diagnostic\trace.log
C:\Documents and Settings\Owner\Application Data\PCMM2012\diagnostic
C:\Documents and Settings\Owner\Application Data\PCMM2012

Adware.Tracking Cookie
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.xadnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.xadnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.xadnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.healthinsurancefinders.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.comscore.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
int.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
int.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.care2.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wfkyciazakp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6whlismajkgp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wfl4ujcpceo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.geconsumerfinance.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cn.clickable.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.clickmanage.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.clickmanage.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.firstadsolution.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.socialclicks.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.socialclicks.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.electronicarts.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.discountacparts.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.discountacparts.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.discountacparts.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.i4commerce.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbsdigitalmedia.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.automobileclubofsoutherncalifornia.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ehg-aaa.hitbox.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hitbox.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hitbox.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
action.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.charter.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
count.channeladvisor.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webservices.evolvemediacorp.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webservices.evolvemediacorp.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webservices.evolvemediacorp.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webservices.evolvemediacorp.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ghmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
oascentral.ghmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediacdn.disqus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.prd1.netshelter.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.ancestry.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.ancestry.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.ancestry.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cms.ad.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.match.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.cardstore.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.charter.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wjl4andpwdp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usautoparts.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.synacor.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
myaccount.samhouston.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
webresponse.joelosteen.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
webresponse.joelosteen.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wbkoamdzsap.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wckogncjkep.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
count.channeladvisor.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.andomedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.andomedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


----------



## Sboutte (Jul 2, 2012)

oops, that was the free Professional version and it did find more definitions.


----------



## flavallee (May 12, 2002)

That *eMachines W3622* desktop currently has a 512 MB DDR2 PC2-5300 module in one slot and has the second slot empty.

You have the choice of adding a 512 MB module to the empty slot or adding 1024 MB(1 GB) modules in both slots.

The 2 GB DDR2 PC2-5300 kit(1 GB X 2) is the recommended upgrade at the CRUCIAL site.

Personally, I would go with the 2 GB upgrade and max out the supported amount of RAM in that desktop.

Here is another site that I use for buying RAM modules:

NEWEGG

-------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

I ordered 2 G from Crucial


----------



## flavallee (May 12, 2002)

Sboutte said:


> I ordered 2 G from Crucial


  :up:


----------



## Sboutte (Jul 2, 2012)

Well, I went to install the new kit and the memory sticks are too long to fit in the slots in this computer. Not only that but the 512 when I pulled it out has spaces missing to fit into the slots. There are 2 white slots and above that is a red one. I can't figure out what that is. Is it another memory slot? Since it's Saturday I suppose Crucial is closed but I will try to call them anyway.

Later...


----------



## flavallee (May 12, 2002)

The RAM modules are inserted in the slots that have white locking levers on both sides.

http://www.computerhope.com/jargon/m/memoslot.htm

It sounds like you're trying to insert them in the white PCI slots that are reserved for add-on cards.

http://www.kids-online.net/learn/click/details/pci2.html

You need to get someone to assist you before you damage the slots and the RAM modules and wind up with a non-working desktop.

-------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

Finally! I know this puter is old but the last one I changed memory in I don't think had card slots! That was back in about 94 or 95 I think. You were right I was looking for white slots. Google booted up in no time. Thank God it's still working. I called the electronic dept at Walmart, they actually have a guy there who knows what he's doing. He's retired from an electronics place. I was looking for an antistatic bracelet but (you know Walmart) they didn't have anything except for a pad for notebooks and it's not antistatic and he said there was no place around here to get one. So I read just about everything you sent from Computer Hope before I started and said a prayer! The slots were hidden behind the wiring harness so I had to look. Thank God they don't make them like new vehicles...the car makers really do want you to take them to the dealership where they take half your life's wages to repair!

I've got 2 more computers and I'm thinking of trying to fix the 98 Compaq for my daughter, it went to sleep and I can't get it to wake up! I haven't decided as yet if I want to tackle them but I do recall seeing something about stripping your old computers for the gold and silver in them? It doesn't seem as though there would be enough for that. The local compter guy said he could wake up the Compaq and disable sleep mode for $50 so I might just do that.

Any paces you want me to go through again on this one? Since I just changed the memory?

Have a great day Flavallee! And thanks for putting up with me!


----------



## flavallee (May 12, 2002)

Sboutte said:


> Finally! I know this puter is old but the last one I changed memory in I don't think had card slots! That was back in about 94 or 95 I think. You were right I was looking for white slots. Google booted up in no time. Thank God it's still working.
> 
> Any paces you want me to go through again on this one? Since I just changed the memory?


Let's confirm the amount of RAM that's being recognized and utilized.

Right-click MY COMPUTER, then click Properties.

Advise what's listed in the *Computer:* section at the bottom of the "General" tab - EXACTLY as you see it there.

--------------------------------------------------------


----------



## Sboutte (Jul 2, 2012)

1.99 GB Ram

I forgot to tell you but before I started with this process my sound went out. Nothing from my 2 side speakers, they are inexpensive ones and i checked the sound out and it says everything is working properly so maybe I just need some new speakers. I haven't noticed anything else.


----------



## Sboutte (Jul 2, 2012)

Actually the entire thing says...
computerMachines
w3622
Intel(R)Celeron(R) CPU
420 @ 1.60 GHz
1.60 GHz 1.99 GB of Ram
Physical Address Extension


----------



## flavallee (May 12, 2002)

> Intel(R)Celeron(R) CPU
> 420 @ 1.60 GHz
> 1.60 GHz 1.99 GB of Ram
> Physical Address Extension


The processor is running at its full rated speed and all 2 GB of RAM is being recognized and used. :up:

-------------------------------------------------------------


----------

