Solved Have Redirect/Rootkit Virus. Need Help with Removal

Status
Not open for further replies.
New OTL Scans

Greetings. Ran the OTL scan this morning. First one is the OTL paste.


OTL logfile created on: 1/17/2011 9:41:05 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator.MCC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 551.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 112.39 Gb Free Space | 75.43% Space Free | Partition Type: NTFS

Computer Name: JAMIEB | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/17 09:38:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MCC\Desktop\OTL.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (SafeList) ==========

MOD - [2011/01/17 09:38:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MCC\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (QuickBooksDB17)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/24 08:13:05 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/06/01 10:13:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/07/07 05:56:08 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/04/27 06:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/15 21:56:50 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/05/25 23:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/29 18:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/03/24 10:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-604191134-3721971982-2742143469-1253\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-604191134-3721971982-2742143469-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-1801674531-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-763659546-3860924458-1812877018-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 2E B8 6B 80 39 CB 01 [binary data]
IE - HKU\S-1-5-21-763659546-3860924458-1812877018-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/10 02:13:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/26 08:39:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/26 08:39:34 | 000,000,000 | ---D | M]

[2010/10/26 08:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.MCC\Application Data\Mozilla\Extensions
[2011/01/14 14:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.MCC\Application Data\Mozilla\Firefox\Profiles\so55ahpw.default\extensions
[2010/10/28 13:06:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.MCC\Application Data\Mozilla\Firefox\Profiles\so55ahpw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/14 14:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/12/05 09:59:47 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2005/11/08 13:24:00 | 000,065,536 | ---- | M] (STF Services Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npwebsrv.dll
[2011/01/05 07:42:32 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/01/14 17:41:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-604191134-3721971982-2742143469-1253\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-604191134-3721971982-2742143469-1253\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-604191134-3721971982-2742143469-1253\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-604191134-3721971982-2742143469-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-763659546-3860924458-1812877018-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-763659546-3860924458-1812877018-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135..\Run: [SE11] File not found
O4 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135..\Run: [Slide.exe] File not found
O4 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135..\Run: [SpybotSD TeaTimer] File not found
O4 - HKU\S-1-5-21-763659546-3860924458-1812877018-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-682003330-1801674531-839522115-1011..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-682003330-1801674531-839522115-1011..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\jamie\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-604191134-3721971982-2742143469-1253\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-604191134-3721971982-2742143469-1253\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-604191134-3721971982-2742143469-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-604191134-3721971982-2742143469-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1801674531-839522115-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-1801674531-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-763659546-3860924458-1812877018-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-763659546-3860924458-1812877018-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-763659546-3860924458-1812877018-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-763659546-3860924458-1812877018-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab (StagingUI Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/bingame/pacz/default/pandaonline.cab (TGOnlineCtrl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159542893046 (WUWebControl Class)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219326447803 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (MSN Games - Installer)
O16 - DPF: {BBF0D44D-14E6-4DB3-8211-AEF1ABA7EE84} http://esupport.cabinetvision.com/ATLWebKeyButton.CAB (WebKeyBtn Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/gold/default/gf.cab (TikGames Online Control)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/isan/default/popcaploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MCC.local
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/01 00:01:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/17 09:38:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MCC\Desktop\OTL.exe
[2011/01/16 03:00:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/01/14 17:57:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/13 16:33:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/13 16:30:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/13 16:30:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/13 16:30:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/13 16:30:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/13 16:29:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/13 16:28:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/11 09:40:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.MCC\Recent
[2011/01/11 09:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/01/07 12:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MCC\Application Data\Real
[2011/01/07 09:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MCC\Application Data\Malwarebytes
[2011/01/05 11:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/01/05 07:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/29 12:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/12/29 12:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2005/11/30 13:12:18 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 30 Days ==========

[2011/01/17 09:38:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MCC\Desktop\OTL.exe
[2011/01/17 09:36:38 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/17 09:36:36 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Outlook.job
[2011/01/17 09:36:36 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/01/16 16:26:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-763659546-3860924458-1812877018-500Core.job
[2011/01/16 03:05:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/16 03:05:29 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/16 03:01:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/15 01:00:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/01/14 17:41:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/14 16:56:29 | 004,154,944 | R--- | M] () -- C:\Documents and Settings\Administrator.MCC\Desktop\ComboFix.exe
[2011/01/14 03:22:27 | 000,552,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/14 03:02:38 | 000,454,012 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/14 03:02:38 | 000,076,346 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/13 16:33:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/13 09:44:13 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\Administrator.MCC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/11 08:51:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/01/11 08:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/07 07:42:39 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7gPr8HTks.dat
[2010/12/29 12:49:24 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\Improve Your PC.lnk

========== Files Created - No Company Name ==========

[2011/01/14 03:00:24 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/01/13 16:33:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/13 16:33:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/13 16:30:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/13 16:30:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/13 16:30:07 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/13 16:30:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/13 16:30:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/13 16:25:37 | 004,154,944 | R--- | C] () -- C:\Documents and Settings\Administrator.MCC\Desktop\ComboFix.exe
[2011/01/05 07:45:01 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7gPr8HTks.dat
[2010/12/29 12:49:24 | 000,001,072 | ---- | C] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2008/09/10 08:15:03 | 000,000,339 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/12 10:18:51 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2008/06/12 10:18:23 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/06/12 10:18:21 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/06/12 10:13:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2008/06/12 10:13:47 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2008/06/12 10:13:47 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2008/06/12 10:13:47 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2008/03/06 11:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/12/13 09:50:40 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/10/15 09:12:18 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/10/15 09:12:17 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2007/10/15 09:12:14 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2007/10/15 09:08:49 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2007/10/15 09:08:49 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2007/10/15 09:05:08 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\DymoQBInst.dll
[2007/09/24 11:04:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\hpw9600k.ini
[2007/09/24 11:03:18 | 000,006,286 | ---- | C] () -- C:\WINDOWS\hpdj9600.ini
[2007/09/19 12:47:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2007/08/16 11:41:56 | 000,008,245 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/01/07 23:48:36 | 000,548,864 | R--- | C] () -- C:\WINDOWS\System32\hpgt4850.dll
[2006/12/05 11:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/03/01 08:53:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2005/11/30 13:12:18 | 000,024,410 | ---- | C] () -- C:\WINDOWS\System32\OLE2PROX.DLL
[2005/11/30 13:12:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\eztw32.dll
[2005/11/30 13:12:10 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2005/11/29 10:37:43 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/29 10:37:43 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/10 11:39:44 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/22 08:43:27 | 000,002,884 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/06/22 15:24:57 | 000,027,600 | ---- | C] () -- C:\WINDOWS\MSUMLT_1.ini
[2005/05/31 12:20:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2005/05/04 11:55:44 | 000,002,693 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2005/05/02 07:22:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2004/12/22 17:56:28 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2004/12/01 11:08:33 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/01 11:08:33 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/12/01 11:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2004/12/01 00:55:33 | 000,004,005 | ---- | C] () -- C:\WINDOWS\hpdj6500.ini
[2004/12/01 00:45:43 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/12/01 00:28:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/11/30 18:55:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 15:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/03/08 14:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MCC\Application Data\Dropbox
[2004/12/01 08:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/04/24 08:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/26 08:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2011/01/13 16:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2007/01/02 14:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/07/03 09:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2005/04/20 10:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2005/04/20 10:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/04/29 13:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/03/02 10:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/26 15:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/24 08:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie\Application Data\Autodesk
[2010/10/04 13:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie\Application Data\Dropbox
[2009/11/03 15:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie\Application Data\FileZilla
[2007/04/20 08:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\ACD Systems
[2008/04/22 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Facebook
[2010/04/09 13:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\FireShot
[2006/06/20 12:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Kinko's
[2008/04/10 09:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Leadertech
[2007/10/11 13:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\LinkedIn
[2006/09/22 07:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Netscape
[2008/09/19 07:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\OfficeUpdate12
[2007/08/27 08:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Opera
[2006/06/08 07:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Simple Star
[2010/04/13 07:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Slide
[2008/06/12 10:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\SmarThru4
[2006/12/05 09:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Snapfish
[2008/08/15 06:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\SPAMfighter
[2007/10/05 11:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Stamps.com Internet Postage
[2010/07/26 08:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\TurboMeeting
[2008/04/14 13:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Uniblue
[2007/02/06 15:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Z-Firm LLC
[2006/03/01 08:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Kinko's
[2004/12/01 12:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ACD Systems
[2006/03/01 08:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Downloaded Installations
[2006/03/01 08:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Kinko's
[2004/12/01 12:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Leadertech
[2011/01/15 01:00:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2011/01/17 09:36:36 | 000,000,514 | ---- | M] () -- C:\WINDOWS\Tasks\Outlook.job
[2011/01/17 09:36:36 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========
 
This is the second part of the OTL paste.


========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/12/01 00:01:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/11 08:51:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/01/13 16:33:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/14 17:43:47 | 000,013,133 | ---- | M] () -- C:\ComboFix.txt
[2004/12/01 00:01:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/16 03:05:29 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys
[2004/12/01 00:01:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/12/01 00:01:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/20 09:03:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/16 03:05:27 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/04/06 08:56:47 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 14:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/04/06 04:46:46 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/06 08:39:09 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2006/04/06 04:46:46 | 029,622,272 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/06 04:46:48 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/12 07:32:26 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/09/15 07:59:32 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator.MCC\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/09/15 07:59:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator.MCC\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/14 16:56:29 | 004,154,944 | R--- | M] () -- C:\Documents and Settings\Administrator.MCC\Desktop\ComboFix.exe
[2011/01/17 09:38:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MCC\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/15 07:59:31 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator.MCC\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2006/05/06 14:18:25 | 000,011,050 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/17 09:37:39 | 000,098,304 | -HS- | M] () -- C:\Documents and Settings\Administrator.MCC\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 04:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/07/16 15:32:13 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/07/16 15:38:45 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/07/16 15:38:46 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/07/16 15:40:43 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/10/05 14:26:15 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
 
OTL Extras Paste

Here is the OTL Extras.txt paste.



OTL Extras logfile created on: 1/17/2011 9:41:05 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator.MCC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 551.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 112.39 Gb Free Space | 75.43% Space Free | Partition Type: NTFS

Computer Name: JAMIEB | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager" = %ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager
"%ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application" = %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application
"%ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager" = %ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Minolta\PageScope Cabinet\Bin\MPSCFTPS.exe" = C:\Program Files\Minolta\PageScope Cabinet\Bin\MPSCFTPS.exe:*:Enabled:pageScope Cabinet FTP Server -- (MINOLTA)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Documents and Settings\jboggess\Local Settings\Temp\RHSysTmp\wcserver.exe" = C:\Documents and Settings\jboggess\Local Settings\Temp\RHSysTmp\wcserver.exe:*:Enabled:Server for Win32
"C:\Program Files\DropBox\DropBox\DropBox.exe" = C:\Program Files\DropBox\DropBox\DropBox.exe:*:Enabled:DropBox -- (DropShots)
"C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe" = C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe:*:Enabled:Toolbox for HP Printing System for Windows
"C:\WINDOWS\system32\explorer.exe" = C:\WINDOWS\system32\explorer.exe:*:Disabled:mIRC
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager
"C:\Documents and Settings\jboggess\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\jboggess\Application Data\Facebook\facebook.exe:*:Enabled:facebook
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server
"C:\Documents and Settings\Administrator.MCC\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator.MCC\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Documents and Settings\jamie\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\jamie\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Minolta\PageScope Cabinet\Bin\MPSCFTPS.exe" = C:\Program Files\Minolta\PageScope Cabinet\Bin\MPSCFTPS.exe:*:Enabled:pageScope Cabinet FTP Server -- (MINOLTA)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{098CD624-5EBE-45BB-9DB7-38A555B00A52}" = CR115
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C3EC2CF-CC86-4950-B0CB-8CCF5FE8EA04}" = Smead Viewables
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1E60FEDF-20ED-4245-A14E-20EDA8538D3A}" = Solid 4.1
"{25F6C900-C138-4888-A56C-91D3D063023A}" = HP Update
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{469436E4-A436-4a2f-8113-239EE6D1A60F}" = HP Scanjet 4800 series
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{565E29BB-5863-46FD-ABF3-8074FBB5BAFF}" = QBFC 4.0
"{5783F2D6-7028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2009
"{5783F2D7-0309-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2005 - English
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5A613A09-8F96-4F7E-BD71-69A89F37150D}" = hpg4850QFolder
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62B74257-2E1B-48FB-843C-0FBA43FE1327}" = Sentinel System Driver Installer 7.4.0
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8658342C-43E0-43CA-B831-7E1FAB33311D}" = hpg4850
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A2B151C-23FC-4A21-B6DA-263E8BF93E23}" = HP Scanjet 4800 series 7.0
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A6CFCFBD-8AEE-4401-BD56-5D4A793BFC99}" = TracManager 2010
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.5
"{B2586CA8-0F12-11D3-8258-00C04F6843FE}" = Microsoft Office 2000 Web Archive Add-On
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF14F314-1711-494F-BE80-4784CF0B2617}" = PageScope Cabinet
"{D76E8E9D-1198-4585-BEFB-D11A68BBC194}" = hpg4850QFolder
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F5DA4BCE-78D3-4B15-A74B-1688A6EF38E3}" = hpg4850
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F96368D6-ECE9-4502-B5C4-A4200637F2A3}" = ArcSoft Software Suite
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"A86F74A8853ED6B1102811674C7B366AF1B276BB" = Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.1 Standard
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DWG TrueView 2009" = DWG TrueView 2009
"DYMO Label Software" = DYMO Label Software
"DYMO QuickBooks Add-In" = DYMO QuickBooks Add-In
"DYMO Stamps" = DYMO Stamps
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1E60FEDF-20ED-4245-A14E-20EDA8538D3A}" = Solid 4.1
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"RealPlayer 6.0" = RealPlayer
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"Shockwave" = Shockwave
"Slide" = Slide
"TightVNC_is1" = TightVNC 1.3.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-604191134-3721971982-2742143469-1253\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/15/2011 10:32:27 AM | Computer Name = JAMIEB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/15/2011 10:32:27 AM | Computer Name = JAMIEB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/15/2011 6:32:27 PM | Computer Name = JAMIEB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/16/2011 2:32:27 AM | Computer Name = JAMIEB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/16/2011 4:05:33 AM | Computer Name = JAMIEB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/16/2011 4:05:34 AM | Computer Name = JAMIEB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/16/2011 12:05:34 PM | Computer Name = JAMIEB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/16/2011 8:05:34 PM | Computer Name = JAMIEB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/17/2011 4:05:34 AM | Computer Name = JAMIEB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/17/2011 10:36:36 AM | Computer Name = JAMIEB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ ODiag Events ]
Error - 7/2/2010 9:00:14 AM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 7/2/2010 9:00:17 AM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 7/16/2010 3:12:12 PM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 8/13/2010 12:01:38 PM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 8/13/2010 12:01:42 PM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 10/19/2010 12:43:35 PM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 10/19/2010 12:43:49 PM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 10/19/2010 12:43:52 PM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 10/19/2010 12:48:09 PM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 10/19/2010 12:48:11 PM | Computer Name = JAMIEB | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

[ System Events ]
Error - 1/16/2011 4:05:33 AM | Computer Name = JAMIEB | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MCC due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 1/16/2011 4:05:45 AM | Computer Name = JAMIEB | Source = Print | ID = 33
Description = The PrintQueue Container could not be found because the DNS Domain
name could not be retrieved. Error: 54b

Error - 1/16/2011 10:28:15 AM | Computer Name = JAMIEB | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MCC due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 1/16/2011 5:26:00 PM | Computer Name = JAMIEB | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MCC due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 1/17/2011 4:00:26 AM | Computer Name = JAMIEB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office 2003 (KB2288613).

Error - 1/17/2011 4:00:26 AM | Computer Name = JAMIEB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for the 2007 Microsoft Office System (KB972581).

Error - 1/17/2011 4:00:26 AM | Computer Name = JAMIEB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office Web Components (KB947319).

Error - 1/17/2011 4:00:26 AM | Computer Name = JAMIEB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office 2007 System (KB2289158).

Error - 1/17/2011 7:13:57 AM | Computer Name = JAMIEB | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/17/2011 10:29:18 AM | Computer Name = JAMIEB | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MCC due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >
 
You're not running any AV program.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
[2011/01/05 07:42:32 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
O3 - HKU\S-1-5-21-604191134-3721971982-2742143469-1253\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-604191134-3721971982-2742143469-1253\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-604191134-3721971982-2742143469-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-763659546-3860924458-1812877018-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135..\Run: [SE11] File not found
O4 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135..\Run: [Slide.exe] File not found
O4 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135..\Run: [SpybotSD TeaTimer] File not found
O4 - Startup: C:\Documents and Settings\jamie\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O15 - HKLM\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-763659546-3860924458-1812877018-1135\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/isan/def...ploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2011/01/07 07:42:39 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7gPr8HTks.dat
[2005/03/02 10:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/04/14 13:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jboggess\Application Data\Uniblue
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
New OTL Scan

here is the new otl scan. Updated Java. Also ran the JavaRa. All good.



All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-604191134-3721971982-2742143469-1253\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-604191134-3721971982-2742143469-1253\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-604191134-3721971982-2742143469-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Windows\CurrentVersion\Run\\SE11 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Windows\CurrentVersion\Run\\Slide.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-1135\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Documents and Settings\jamie\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fastestdeploy.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fastestdeploy.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fastestdeploy.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ not found.
Registry key HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fastestdeploy.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-763659546-3860924458-1812877018-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\office\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\WINDOWS\Downloaded Program Files\popcaploader.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Starting removal of ActiveX control {E5D419D6-A846-4514-9FAD-97E826C84822}
C:\WINDOWS\Downloaded Program Files\heartbeat.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E5D419D6-A846-4514-9FAD-97E826C84822}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\Application Data\7gPr8HTks.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_07 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_06 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_05 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_04 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\jboggess\Application Data\Uniblue\Registry Booster2 folder moved successfully.
C:\Documents and Settings\jboggess\Application Data\Uniblue folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JAMIEB
->Flash cache emptied: 0 bytes

User: Administrator.MCC
->Temp folder emptied: 10177706 bytes
->Temporary Internet Files folder emptied: 359219 bytes
->Java cache emptied: 132516 bytes
->FireFox cache emptied: 72035137 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 18659 bytes

User: All Users

User: Break Time
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: General User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: James Mitchell
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jamie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jamie_old domain
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jboggess
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 966790 bytes
->Flash cache emptied: 38942 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 6355 bytes

User: QBDataServiceUser18
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ryan
->Flash cache emptied: 0 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1383597 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 62712928 bytes

Total Files Cleaned = 141.00 mb


[EMPTYFLASH]

User: administrator

User: Administrator.JAMIEB
->Flash cache emptied: 0 bytes

User: Administrator.MCC
->Flash cache emptied: 0 bytes

User: All Users

User: Break Time
->Flash cache emptied: 0 bytes

User: Default User

User: General User

User: James Mitchell
->Flash cache emptied: 0 bytes

User: jamie
->Flash cache emptied: 0 bytes

User: jamie_old domain
->Flash cache emptied: 0 bytes

User: jboggess
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: QBDataServiceUser18

User: Ryan
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01172011_171445

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\V6UMAI3N\background_button_grey_small[1].png moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\V6UMAI3N\icon-question[1].png moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\JAWRLZW0\background_button_green_upgrade[1].png moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\BNUXPA3Y\background_yellow_title[1].png moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\BNUXPA3Y\i05-background[1].png moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\BNUXPA3Y\stamp[1].png moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\3444B1G3\background_footer[1].png moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\3444B1G3\list-item-disc[1].png moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_678.dat not found!

Registry entries deleted on Reboot...
 
Security Check Log

this is the security check log.



Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 7.0.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
 
Update Firefox to the latest 3.6.13 version.

=========================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

I still need Eset scan....
 
Eset scan

Here is the eset scan. Reread your instructions and now not sure if I asked eset to scan archives. If it looks like i didn't let me know and i will rescan. I am really blown away at how deep this infection goes. All these different scans and there is still stuff coming up. Maybe you have a site that describes for me how programmers are able to accomplish this.




C:\Documents and Settings\Break Time\Local Settings\Application Data\Ihecutudiwoniq.dat Win32/Adware.SpywareProtect2009 application
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AUD trojan
C:\Program Files\Tractivity\TracManager 2010\Biometric Installation\M2SYS-BioPlugIn-Server-FV-6.6.msi Win32/Iframer.NAF virus
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\2ki3RIv6.exe.vir a variant of Win32/Kryptik.HFN trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Application Data\dwm.exe.vir a variant of Win32/Kryptik.JME trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Application Data\net.bat.vir MSIL/Autorun.N worm
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Application Data\Sys32Disp.exe .exe.vir a variant of MSIL/Injector.CJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Application Data\WTWum.exe.vir a variant of MSIL/Injector.CJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Application Data\yMZ5k.exe.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Application Data\Microsoft\conhost .exe.vir a variant of Win32/Kryptik.JLM trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\abesucefu.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\apekatikun.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\aravoajk.exe.vir a variant of Win32/Kryptik.JNK trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\asiroquqofolinin.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\axotonudo.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\ekudizir.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\etoyikovuviyaki.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\ewabakezako.dll.vir a variant of Win32/Cimag.FO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\ezaqupalir.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\odasoletunux.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\orasaqitih.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\uhubuhuwonezonus.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\useyutezezuq.dll.vir Win32/Adware.SpywareProtect2009 application
C:\Qoobox\Quarantine\C\Documents and Settings\Break Time\Local Settings\Application Data\xdkbebe.exe.vir a variant of Win32/Kryptik.JNK trojan
C:\Qoobox\Quarantine\C\WINDOWS\drweb.exe.vir Win32/Agent.SDK trojan
C:\Qoobox\Quarantine\C\WINDOWS\hexdump.exe.vir Win32/Agent.SDK trojan
C:\Qoobox\Quarantine\C\WINDOWS\win.exe.vir Win32/Agent.SDK trojan
C:\Qoobox\Quarantine\C\WINDOWS\wininst.exe.vir Win32/Agent.SDK trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lspB.dll.vir Win32/TrojanClicker.Agent.NMF trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\task.exe.vir Win32/TrojanClicker.Agent.NME trojan
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000027.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000029.exe a variant of MSIL/Injector.CJ trojan
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000030.exe Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000031.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000032.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000033.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000034.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000035.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000036.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000037.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000038.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000039.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000040.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000041.dll Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000042.exe Win32/TrojanClicker.Agent.NME trojan
C:\System Volume Information\_restore{5EB831BC-C5DC-4A50-BFD6-9CA3F7243353}\RP1\A0000061.exe Win32/Adware.SecurityEssentials.AA application
 
Actually, Eset didn't find much.
Most of findings are either in Combofix quarantine folder (safe, about to be deleted) and in your system restore point (about to be reset).
Nothing to worry about :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Documents and Settings\Break Time\Local Settings\Application Data\Ihecutudiwoniq.dat 
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt 
C:\Program Files\Tractivity\TracManager 2010\Biometric Installation\M2SYS-BioPlugIn-Server-FV-6.6.msi

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
First OTL scan

sorry, I forgot to turn off avast and it blocked something when I ran OTL. I went ahead and gave you the paste, but before I resume with your instructions I want to make sure everything is on the up and up.




All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Break Time\Local Settings\Application Data\Ihecutudiwoniq.dat moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt moved successfully.
C:\Program Files\Tractivity\TracManager 2010\Biometric Installation\M2SYS-BioPlugIn-Server-FV-6.6.msi moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JAMIEB
->Flash cache emptied: 0 bytes

User: Administrator.MCC
->Temp folder emptied: 355273 bytes
->Temporary Internet Files folder emptied: 323991 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56870417 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 912 bytes

User: All Users

User: Break Time
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: General User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: James Mitchell
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jamie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jamie_old domain
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jboggess
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: QBDataServiceUser18
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ryan
->Flash cache emptied: 0 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3997804 bytes

Total Files Cleaned = 59.00 mb


[EMPTYFLASH]

User: administrator

User: Administrator.JAMIEB
->Flash cache emptied: 0 bytes

User: Administrator.MCC
->Flash cache emptied: 0 bytes

User: All Users

User: Break Time
->Flash cache emptied: 0 bytes

User: Default User

User: General User

User: James Mitchell
->Flash cache emptied: 0 bytes

User: jamie
->Flash cache emptied: 0 bytes

User: jamie_old domain
->Flash cache emptied: 0 bytes

User: jboggess
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: QBDataServiceUser18

User: Ryan
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01182011_120052

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\CWWZF6MH\background-banner-right-v9a[1].jpg moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\CWWZF6MH\background_banner_green_50_v9a[1].jpg moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\CWWZF6MH\list-item-plus[1].png moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\C97W9Y61\background_button_green_full[1].png moved successfully.
C:\Documents and Settings\Administrator.MCC\Local Settings\Temporary Internet Files\Content.IE5\6XXOEHZW\background-banner-middle-v9a[1].jpg moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1c8.dat not found!

Registry entries deleted on Reboot...
 
Next OTL Scan

thanks. Here is the otl scan.



All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JAMIEB
->Flash cache emptied: 0 bytes

User: Administrator.MCC
->Temp folder emptied: 355273 bytes
->Temporary Internet Files folder emptied: 206756 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35165397 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Break Time
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: General User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: James Mitchell
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jamie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jamie_old domain
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jboggess
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: QBDataServiceUser18
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ryan
->Flash cache emptied: 0 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb


[EMPTYFLASH]

User: administrator

User: Administrator.JAMIEB
->Flash cache emptied: 0 bytes

User: Administrator.MCC
->Flash cache emptied: 0 bytes

User: All Users

User: Break Time
->Flash cache emptied: 0 bytes

User: Default User

User: General User

User: James Mitchell
->Flash cache emptied: 0 bytes

User: jamie
->Flash cache emptied: 0 bytes

User: jamie_old domain
->Flash cache emptied: 0 bytes

User: jboggess
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: QBDataServiceUser18

User: Ryan
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.2 log created on 01182011_140636

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_154.dat not found!

Registry entries deleted on Reboot...
 
did windows update and these could not be updated. Is that a problem?


Security Update for Microsoft Office 2003 (KB2288613)
Security Update for the 2007 Microsoft Office System (KB972581)
Security Update for Microsoft Office Web Components (KB947319)
Windows Genuine Advantage Notification (KB905474)
Security Update for Microsoft Office 2007 System (KB2289158)
 
office

yes, full suite and no error messages. I think I am all the way through your final set of instructions. Installing PSI right now. The computer sounds much better, there are no redirects happening and no alerts on reboot or anything.
 
Ran PSI and it said there was still a problem with Adobe Reader. I guess the update I did earlier was a fail. This time it went through the right motions but I got an error message. The install finished and it looks ok.

error 1402. Could not open key:
HKEY_LOCAL_MACHINE\SOFWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient access to that key, or contact your support personnel.
 
Also, it would appear that I didn't do a good job removing the older versions of Adobe Reader. I have 6.0, 7.0.5, and 8.0. I tried removing 7 because it actually shows up in the PSI scan and its saying it cannot run a uninstaller because the source is not there. Thoughts? I checked program files and the installer is there and the source files exist.
 
um, lets see. In the system tray the yellow shield came up and said that windows had updates to install. I right clicked on that and it asked for custom install or express install. I pressed express because it was recommended. It went through its processes and you can see it running updates on different programs and the os. It got to what looked like a completed state and then finished and popped up the alert that those particular programs would not allow for updates.
 
installed revo uninstaller. This piece of software is interesting. It also couldn't run an unistall but it then ran a scan of unistall remnants and there is a whole list of stuff for Adobe 7.0 and some of it is in the registry. Can I delete this stuff or....


pkbrooks
 
Registry entries can be left alone.

As for updates...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Any other issues?
 
nope. I think you have got me where I wanted to be. Thanks for all your help. I might come back in the future with other computers that are beyond my expertise. Thanks again.

pkbrooks
 
oh, just so you know, the windows installer issue seemed to go away. I rebooted and now there is no update shield. dont know what that means. Will persue it in the other forum. Thanks again.
 
Status
Not open for further replies.

Similar threads

liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back