Solved Iexplore running in background, website redirection

DonD · Nov 11, 2011

Hi,

I ran ComboFix again with the script you mentioned. Here's the log file:

ComboFix 11-11-11.06 - don 11/11/2011 18:01:12.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.352 [GMT -6:00]
Running from: c:\documents and settings\Don DeVoto\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Don DeVoto\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Don DeVoto\Start Menu\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-10 21:50 . 2011-11-10 21:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2011-11-10 21:50 . 2011-11-10 21:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-05 18:26 . 2011-11-05 18:26 -------- d-----w- c:\documents and settings\Don DeVoto\Application Data\Malwarebytes
2011-11-05 18:26 . 2011-11-05 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-05 18:26 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 18:26 . 2011-11-11 14:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-05 17:50 . 2011-11-05 17:50 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-04 21:33 . 2011-11-04 21:34 -------- d-----w- C:\tmp
2011-11-04 19:20 . 2011-11-04 19:20 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2011-11-04 16:47 . 2011-11-04 16:50 -------- d-----w- c:\windows\tmp
2011-11-01 15:43 . 2011-11-01 15:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-11-01 15:43 . 2011-11-01 15:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-11-01 15:43 . 2011-11-01 15:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-11-01 15:43 . 2011-11-01 15:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-11-01 15:43 . 2011-11-01 15:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-11-01 15:43 . 2011-11-01 15:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-11-01 15:43 . 2011-11-01 15:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-11-01 15:42 . 2011-11-01 15:43 -------- d-----w- c:\program files\QuickTime
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 14:16 . 2009-08-12 20:56 70024 ----a-w- c:\windows\system32\drivers\nlem32nt.sys
2011-10-20 14:16 . 2009-08-12 19:56 30072 ----a-w- c:\windows\system32\sectools.dll
2011-10-20 14:16 . 2009-08-12 19:56 55160 ----a-w- c:\windows\system32\nlem32nt.dll
2011-10-20 14:16 . 2009-08-12 19:56 39288 ----a-w- c:\windows\system32\secbuild.dll
2011-10-14 13:24 . 2011-10-14 13:24 -------- d-----w- c:\program files\iPod
2011-10-14 13:24 . 2011-10-14 13:25 -------- d-----w- c:\program files\iTunes
2011-10-14 13:16 . 2011-10-14 13:16 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-10-14 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-09-26 15:29 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2001-08-18 13:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2001-08-18 13:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2009-12-07 22:12 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 23:48 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-09-26 15:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:48 . 2004-09-26 15:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-08-22 10:39 . 2007-01-23 14:23 52080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll
2011-08-22 10:39 . 2004-12-27 14:12 113008 ----a-w- c:\windows\system32\gotomon.dll
2011-08-17 13:49 . 2009-12-07 22:12 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QD FastAndSafe"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-04-04 684032]
"POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2001-08-24 167936]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Outlook.lnk - c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe [2001-8-31 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000
"NoStrCmpLogical"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2011-08-22 10:39 15216 ----a-w- c:\program files\Expertcity\GoToMyPC\G2WinLogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG -off [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2003-04-04 14:33 684032 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2003-02-26 01:27 77887 ----a-w- c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R0 nlem32nt;nlem32nt;c:\windows\system32\drivers\nlem32nt.sys [10/20/2011 8:16 AM 70024]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [4/17/2002 1:02 PM 4064]
R2 K9;K9 Time Synchronization;c:\windows\system32\k9nt.exe [3/28/2002 4:16 PM 57856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/5/2011 12:26 PM 366152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2011 3:48 PM 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/5/2011 12:26 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2010 8:32 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2010 8:32 AM 136176]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2009-09-10 c:\windows\Tasks\b4a_D3 Backups(1).job
- c:\program files\Softland\Backup4all 3\b4aSchedStarter.exe [2008-05-21 20:50]
.
2009-09-10 c:\windows\Tasks\b4a_D3 Backups.job
- c:\program files\Softland\Backup4all 3\b4aSchedStarter.exe [2008-05-21 20:50]
.
2011-11-08 c:\windows\Tasks\b4a_D3 Doc's and Library(1).job
- c:\program files\Softland\Backup4all 3\b4aSchedStarter.exe [2008-05-21 20:50]
.
2011-10-29 c:\windows\Tasks\b4a_D3 Doc's and Library.job
- c:\program files\Softland\Backup4all 3\b4aSchedStarter.exe [2008-05-21 20:50]
.
2008-07-02 c:\windows\Tasks\bkupLogs.job
- c:\library\bkupLogs\bkupLogs.exe [2011-10-28 14:46]
.
2011-11-08 c:\windows\Tasks\cleantmp.job
- c:\batch files\cleantmp.bat [2002-02-21 19:35]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 14:32]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 14:32]
.
2011-11-09 c:\windows\Tasks\outlookc.job
- c:\library\outlookc\outlookc.exe [2011-10-28 14:53]
.
2011-11-11 c:\windows\Tasks\ren1.job
- c:\batch files\ren1.bat [2007-01-22 22:15]
.
2011-11-08 c:\windows\Tasks\ren2.job
- c:\batch files\ren2.bat [2007-01-22 22:15]
.
2008-06-29 c:\windows\Tasks\startNtmsSvc.job
- c:\batch files\startNtmsSvc.bat [2002-12-27 20:17]
.
2008-05-21 c:\windows\Tasks\System Backup - Full.job
- c:\batch files\backupSystem.bat [2004-11-30 14:52]
.
2008-05-21 c:\windows\Tasks\System Backup - Incremental.job
- c:\batch files\backupSystem.bat [2004-11-30 14:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.1.18
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {02E09B2E-2A03-4572-9291-69900C068564} - hxxp://www.learnitcorp.com/cabs/lcsim.cab
DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} - hxxp://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 18:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2856520603-3757435101-1358250142-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\program files\Expertcity\GoToMyPC\G2WinLogon.dll
.
- - - - - - - > 'explorer.exe'(3892)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Expertcity\GoToMyPC\g2svc.exe
c:\program files\Expertcity\GoToMyPC\g2comm.exe
c:\program files\Expertcity\GoToMyPC\g2pre.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\dllhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Expertcity\GoToMyPC\g2tray.exe
c:\windows\system32\dllhost.exe
c:\windows\System32\msdtc.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-11 18:29:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-12 00:29
ComboFix2.txt 2011-11-11 23:28
.
Pre-Run: 42,382,802,944 bytes free
Post-Run: 42,359,832,576 bytes free
.
- - End Of File - - B1780D5B130A441E0051FCF00DFB4CDD

Let me know the next step?

Thanks,

Don

Broni · Nov 11, 2011

Good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

DonD · Nov 12, 2011

Hi,

My computer seems to be doing fine. Here's Part 1 of 2 of the otl.txt log from the OTL process (had to break into two because of the file size).

OTL logfile created on: 11/11/2011 7:52:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Don DeVoto\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 284.30 Mb Available Physical Memory | 27.82% Memory free
1.65 Gb Paging File | 1.13 Gb Available in Paging File | 68.14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 39.49 Gb Free Space | 53.05% Space Free | Partition Type: NTFS
Drive F: | 74.40 Gb Total Space | 35.52 Gb Free Space | 47.74% Space Free | Partition Type: NTFS
Drive G: | 111.79 Gb Total Space | 61.66 Gb Free Space | 55.16% Space Free | Partition Type: NTFS
Drive H: | 74.40 Gb Total Space | 35.52 Gb Free Space | 47.74% Space Free | Partition Type: NTFS
Drive M: | 111.79 Gb Total Space | 61.66 Gb Free Space | 55.16% Space Free | Partition Type: NTFS
Drive P: | 74.40 Gb Total Space | 35.52 Gb Free Space | 47.74% Space Free | Partition Type: NTFS
Drive R: | 145.65 Gb Total Space | 23.28 Gb Free Space | 15.98% Space Free | Partition Type: NTFS
Drive T: | 917.41 Gb Total Space | 833.94 Gb Free Space | 90.90% Space Free | Partition Type: NTFS
Drive W: | 298.03 Gb Total Space | 181.95 Gb Free Space | 61.05% Space Free | Partition Type: NTFS

Computer Name: D3 | User Name: don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 19:50:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don DeVoto\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/22 04:39:44 | 002,995,568 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
PRC - [2011/08/22 04:39:38 | 002,325,360 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2printh.exe
PRC - [2011/08/22 04:39:36 | 002,659,696 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2mainh.exe
PRC - [2011/08/22 04:39:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
PRC - [2011/08/22 04:39:34 | 002,547,568 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2host.exe
PRC - [2011/08/22 04:39:30 | 002,201,968 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2audioh.exe
PRC - [2011/08/22 04:39:28 | 001,686,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
PRC - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 17:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 19:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/04 08:33:53 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [1997/08/04 17:31:44 | 000,057,856 | ---- | M] (H.C. Mingham-Smith) -- C:\WINDOWS\system32\k9nt.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 16:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/05/20 10:12:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [1997/08/04 17:31:44 | 000,057,856 | ---- | M] (H.C. Mingham-Smith) [Auto | Running] -- C:\WINDOWS\system32\k9nt.exe -- (K9)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/11 08:04:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111111.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/11 08:04:02 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111111.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/10 13:43:45 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/10 13:43:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/31 10:05:08 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/03 15:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 15:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 10:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 19:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 19:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 19:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/12 14:56:44 | 000,070,024 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\nlem32nt.sys -- (nlem32nt)
DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/01/27 17:44:24 | 000,150,528 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/25 13:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/02 11:15:26 | 000,016,128 | ---- | M] (Digital Networks North America, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RIOUNIV.SYS -- (RIOUNIV)
DRV - [2003/04/04 08:33:55 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/04/04 08:33:55 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/04/04 08:33:55 | 000,139,674 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2003/04/04 08:33:54 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/04/04 08:33:54 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/04/04 08:33:53 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/04/04 08:33:53 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/08/13 20:27:22 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC)
DRV - [2002/06/12 08:46:06 | 000,284,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2002/06/12 08:46:06 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2002/06/12 08:46:04 | 000,007,424 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(r)
DRV - [2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2001/11/01 10:27:04 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 13:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://smbusiness.dellnet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://smbusiness.dellnet.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/11/11 18:22:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QD FastAndSafe] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Outlook.lnk = C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} http://www.learnitcorp.com/cabs/lcsim.cab (LCSim Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://www.pestscan.com/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab (DownloadManager Control)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://srv1/ConnectComputer/nshelp.dll (NSHelp Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab (DLM Control)
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab (Microsoft.WinRep)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab (OPUCatalog Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250176051031 (MUWebControl Class)
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0 (DigWebHelper Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} http://toolbar.google.com/data/GoogleActivate.cab (Reg Error: Key error.)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37602.2634837963 (Reg Error: Key error.)
O16 - DPF: {A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6} http://www.splashspot.com/ssviewer2/2.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = datalink.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7D6AF23-8707-44F4-A616-DF7283984FAA}: DhcpNameServer = 192.168.1.18
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Expertcity\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Expertcity\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Don DeVoto\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Don DeVoto\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/31 13:00:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: aux1 - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 19:50:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Don DeVoto\Desktop\OTL.exe
[2011/11/11 18:30:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/11 11:35:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/11 11:21:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/11 11:21:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/11 11:21:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/11 11:21:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/11 11:20:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/11 11:20:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/11 11:15:34 | 004,290,913 | R--- | C] (Swearware) -- C:\Documents and Settings\Don DeVoto\Desktop\ComboFix.exe
[2011/11/09 14:57:34 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Don DeVoto\Desktop\FixTDSS.exe
[2011/11/08 20:04:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Don DeVoto\Start Menu\Programs\Administrative Tools
[2011/11/08 20:03:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Don DeVoto\Desktop\dds.scr
[2011/11/05 12:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don DeVoto\Application Data\Malwarebytes
[2011/11/05 12:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/05 12:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/05 12:26:42 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/05 12:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/05 11:49:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Don DeVoto\Recent
[2011/11/04 15:33:49 | 000,000,000 | ---D | C] -- C:\tmp
[2011/11/04 13:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/04 10:47:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/11/01 09:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/01 09:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/14 07:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/14 07:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/14 07:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2004/12/18 13:48:40 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2002/02/04 14:36:23 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1998/08/24 08:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[679 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[52 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/11 19:50:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don DeVoto\Desktop\OTL.exe
[2011/11/11 18:22:46 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Outlook.lnk
[2011/11/11 18:22:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/11 18:21:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/11 18:20:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 17:42:00 | 000,000,433 | R--- | M] () -- C:\boot.ini
[2011/11/11 16:30:07 | 004,290,913 | R--- | M] (Swearware) -- C:\Documents and Settings\Don DeVoto\Desktop\ComboFix.exe
[2011/11/11 16:00:04 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\ren1.job
[2011/11/11 11:56:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/11/11 08:18:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/09 14:57:36 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Don DeVoto\Desktop\FixTDSS.exe
[2011/11/09 09:04:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\outlookc.job
[2011/11/08 20:03:35 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Don DeVoto\Desktop\dds.scr
[2011/11/08 17:51:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/08 09:39:51 | 000,000,316 | ---- | M] () -- C:\boot.ini.hold
[2011/11/08 09:39:51 | 000,000,316 | ---- | M] () -- C:\Boot.bak
[2011/11/08 07:00:01 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\ren2.job
[2011/11/08 02:00:02 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\b4a_D3 Doc's and Library(1).job
[2011/11/07 22:00:06 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\cleantmp.job
[2011/11/07 20:12:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/07 10:54:25 | 000,482,278 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 10:54:25 | 000,079,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 12:02:12 | 000,000,026 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2011/11/05 14:37:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/05 14:36:29 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/02 18:49:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat.hold
[2011/11/02 16:23:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl.hold
[2011/10/29 07:45:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\b4a_D3 Doc's and Library.job
[2011/10/14 07:28:08 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Don DeVoto\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/13 08:47:47 | 000,554,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[679 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[52 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/11 11:51:35 | 000,002,519 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Outlook.lnk
[2011/11/11 11:51:34 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Don DeVoto\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/11 11:36:01 | 000,000,316 | ---- | C] () -- C:\Boot.bak
[2011/11/11 11:35:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/11 11:21:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/11 11:21:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/11 11:21:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/11 11:21:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/11 11:21:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/10 06:53:12 | 000,000,433 | R--- | C] () -- C:\boot.ini
[2011/11/05 15:23:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/04 11:00:35 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/20 08:16:15 | 000,070,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\nlem32nt.sys
[2011/10/20 08:16:15 | 000,055,160 | ---- | C] () -- C:\WINDOWS\System32\nlem32nt.dll
[2011/10/20 08:16:15 | 000,039,288 | ---- | C] () -- C:\WINDOWS\System32\secbuild.dll
[2011/10/20 08:16:15 | 000,030,072 | ---- | C] () -- C:\WINDOWS\System32\sectools.dll
[2011/08/17 07:45:26 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Don DeVoto\Application Data\winscp.rnd
[2010/10/12 15:33:51 | 000,204,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/18 06:51:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/08/16 16:18:14 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4B.DLL
[2010/03/05 11:13:01 | 000,000,228 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/03/05 11:13:01 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/03/05 11:13:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bd9440cn.dat
[2010/03/05 11:11:23 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/03/05 11:11:21 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/10/13 09:42:59 | 000,079,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/23 08:47:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ATRauthentec.dll
[2009/08/11 10:38:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\pwbsp.dll
[2009/08/11 10:38:19 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2009/08/11 10:38:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2009/08/11 10:38:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\bioapi_dummy100.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/10 20:09:00 | 000,009,321 | ---- | C] () -- C:\Documents and Settings\Don DeVoto\Application Data\Tab Separated Values (Windows).EML
[2008/12/16 15:35:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat.hold
[2008/12/09 14:07:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/19 15:11:17 | 000,080,896 | ---- | C] () -- C:\WINDOWS\nlem32nt.dll
[2008/11/19 15:11:17 | 000,052,736 | ---- | C] () -- C:\WINDOWS\secbuild.dll
[2008/11/19 15:11:17 | 000,047,104 | ---- | C] () -- C:\WINDOWS\sectools.dll
[2008/07/23 13:29:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\NOVAEXCH.INI
[2008/07/02 13:15:58 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2008/05/21 12:17:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/04/25 09:38:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2008/04/25 09:38:52 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2008/04/25 09:38:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2008/02/26 14:54:48 | 000,002,698 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/05/02 11:35:41 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2007/04/17 12:17:03 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2006/05/01 11:30:39 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/01/10 10:45:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TINSPECT.INI
[2006/01/10 10:32:11 | 000,145,139 | ---- | C] () -- C:\WINDOWS\UnNova.EXE
[2005/11/14 09:04:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2005/09/28 10:12:20 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\procexp.exe.lnk
[2005/07/06 13:21:54 | 000,001,345 | ---- | C] () -- C:\WINDOWS\AVClock.ini
[2005/07/06 09:58:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\etc~net.dll
[2005/02/23 09:22:12 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2005/02/01 09:56:50 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/02/01 09:56:50 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\8ECC31BCB2.sys
[2004/12/18 13:49:13 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2004/12/18 13:48:40 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/12/18 13:48:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/11/28 12:21:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/11/05 09:48:15 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/13 08:14:40 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Don DeVoto\Local Settings\Application Data\fusioncache.dat
[2004/09/26 09:29:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/01 14:53:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Don DeVoto\Application Data\PFP110JPR.{PB
[2004/04/01 14:53:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Don DeVoto\Application Data\PFP110JCM.{PB
[2003/08/25 15:43:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SPYXX.INI
[2003/06/17 13:27:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/04/14 07:27:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\winafn.dat
[2003/04/14 07:21:05 | 000,000,031 | ---- | C] () -- C:\WINDOWS\winmail1.dat
[2003/04/10 07:43:14 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/03/10 09:12:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don DeVoto\Application Data\dm.ini
[2003/03/10 09:09:24 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2003/02/06 16:12:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.don.ini
[2003/01/27 10:39:19 | 000,000,827 | ---- | C] () -- C:\WINDOWS\SEffects.Ini
[2002/12/12 11:48:57 | 000,001,399 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/09/10 16:16:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TSTCON32.INI
[2002/06/04 10:20:29 | 000,000,431 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2002/05/30 16:08:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/04/19 07:58:47 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll
[2002/03/22 15:52:54 | 000,162,304 | ---- | C] () -- C:\Documents and Settings\Don DeVoto\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/03/19 16:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2002/03/08 14:48:02 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\SEE32.DLL
[2002/02/21 16:28:28 | 000,000,232 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2002/02/21 16:28:08 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2002/02/21 12:51:43 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2002/02/21 12:50:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2002/02/21 12:50:46 | 000,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
[2002/02/21 12:50:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\PFPICK.DLL
[2002/02/21 12:50:39 | 000,000,123 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2002/02/21 12:45:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\NMEVTRPT.dll
[2002/02/21 12:45:15 | 000,015,217 | ---- | C] () -- C:\WINDOWS\BC650Uni.Ini
[2002/02/21 11:55:57 | 000,000,033 | ---- | C] () -- C:\WINDOWS\quark.ini
[2002/02/21 10:56:46 | 000,017,990 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2002/02/20 17:11:07 | 000,000,134 | ---- | C] () -- C:\WINDOWS\WTRMRK.INI
[2002/02/04 15:07:38 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/02/04 14:39:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/02/04 14:35:41 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/02/04 14:34:36 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2002/02/04 14:34:36 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2002/02/04 14:34:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2002/02/04 14:34:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/02/04 14:30:43 | 000,033,963 | ---- | C] () -- C:\WINDOWS\System32\3C90X.ini
[2002/02/04 14:24:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/02/04 14:23:38 | 000,482,278 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/02/04 14:23:38 | 000,079,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/02/04 14:22:10 | 000,554,736 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/08/31 13:24:26 | 000,000,885 | ---- | C] () -- C:\WINDOWS\LRUN32.INI
[2001/08/31 13:19:06 | 000,001,232 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/08/31 13:00:00 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/08/31 12:56:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/08/23 15:07:14 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 15:07:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1980/01/01 00:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe

Thanks,

Don

DonD · Nov 12, 2011

Hi,

Here's part 2 of 2 of the otl.txt log from the OTL process.

========== LOP Check ==========

[2008/04/23 12:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/08/16 16:18:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/23 09:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2008/07/17 07:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2009/11/30 10:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark
[2011/10/11 14:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSoft
[2008/04/07 10:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2008/03/24 10:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/04/07 08:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2005/02/23 09:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wsxs
[2009/03/18 08:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/31 14:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 14:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 09:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/03/16 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\Aladdin Systems
[2006/05/01 10:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\Allume Systems
[2008/12/18 09:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\Cloudmark
[2007/03/07 17:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\GetRightToGo
[2008/10/29 13:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\gnupg
[2004/12/18 12:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\InterTrust
[2009/12/01 09:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\Quark
[2004/12/18 12:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\RhinoSoft.com
[2008/03/24 10:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\Viewpoint
[2008/10/27 16:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\winpt
[2009/09/10 07:01:43 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\b4a_D3 Backups(1).job
[2009/09/10 07:01:38 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\b4a_D3 Backups.job
[2011/11/08 02:00:02 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\b4a_D3 Doc's and Library(1).job
[2011/10/29 07:45:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\b4a_D3 Doc's and Library.job
[2008/07/02 15:20:42 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\bkupLogs.job
[2011/11/07 22:00:06 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\cleantmp.job
[2011/11/09 09:04:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\outlookc.job
[2011/11/11 16:00:04 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\ren1.job
[2011/11/08 07:00:01 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\ren2.job
[2008/06/29 12:54:37 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\startNtmsSvc.job
[2008/05/21 12:35:57 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\System Backup - Full.job
[2008/05/21 12:37:38 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\System Backup - Incremental.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2001/08/31 13:00:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/11/08 09:39:51 | 000,000,316 | ---- | M] () -- C:\Boot.bak
[2011/11/11 17:42:00 | 000,000,433 | R--- | M] () -- C:\boot.ini
[2011/11/08 09:39:51 | 000,000,316 | ---- | M] () -- C:\boot.ini.hold
[2001/08/31 12:43:32 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/11 18:30:00 | 000,016,703 | ---- | M] () -- C:\ComboFix.txt
[2001/08/31 13:00:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2002/02/04 15:12:22 | 000,003,068 | RH-- | M] () -- C:\DELL.SDR
[2007/04/30 10:22:16 | 000,002,960 | ---- | M] () -- C:\devicetable.log
[2001/08/31 13:00:10 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2001/08/31 13:00:10 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2001/08/18 06:00:00 | 000,045,124 | ---- | M] () -- C:\NTDETECT.COM
[2008/12/09 14:53:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com.hold
[2001/08/18 06:00:00 | 000,222,368 | ---- | M] () -- C:\NTLDR
[2011/11/11 18:20:08 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2004/05/11 07:21:00 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/11/11 18:22:27 | 000,001,746 | ---- | M] () -- C:\SMax.log
[2009/08/06 08:45:19 | 000,001,744 | ---- | M] () -- C:\SMax.log.bak

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2001/08/31 12:59:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/11/30 04:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD4B.DLL
[2005/11/30 04:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP4B.DLL
[2011/08/22 04:39:52 | 000,052,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
[2005/06/20 13:24:58 | 000,066,048 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xy.DLL
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/16 23:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/12/18 04:54:08 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/12/18 04:54:08 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/12/18 04:54:08 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/12/08 16:26:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/09/26 10:07:11 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Don DeVoto\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2002/10/21 13:06:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Don DeVoto\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/11/11 16:30:07 | 004,290,913 | R--- | M] (Swearware) -- C:\Documents and Settings\Don DeVoto\Desktop\ComboFix.exe
[2011/11/09 14:57:36 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Don DeVoto\Desktop\FixTDSS.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Don DeVoto\Desktop\gmer.exe
[2011/11/11 19:50:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don DeVoto\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >
[2004/04/14 13:38:26 | 000,462,919 | ---- | M] (Expertcity) -- C:\WINDOWS\Java\gotomypc.exe

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/09/08 12:46:44 | 003,902,784 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Don DeVoto\gosetup.exe
[2007/01/16 09:23:49 | 000,563,712 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Don DeVoto\gotomypc_370.exe
[2007/07/17 12:57:05 | 000,722,176 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Don DeVoto\gotomypc_428.exe
[2008/06/29 09:58:12 | 000,724,984 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Don DeVoto\gotomypc_437.exe
[2009/05/06 13:35:11 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Don DeVoto\gotomypc_438.exe
[2010/12/22 14:13:34 | 001,062,984 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Don DeVoto\gotomypc_540.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/09/26 10:07:11 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Don DeVoto\Favorites\Desktop.ini
[2009/09/23 09:05:52 | 000,001,288 | ---- | M] () -- C:\Documents and Settings\Don DeVoto\Favorites\Microsoft bCentral.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/04/21 15:28:27 | 000,012,876 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/11/11 19:49:51 | 001,310,720 | ---- | M] () -- C:\Documents and Settings\Don DeVoto\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[4 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 09:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 09:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 09:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 09:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2002/08/29 04:41:26 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/12/17 09:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 09:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 09:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/12/17 09:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 12:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 14:21:14

< End of report >

Thanks,

Don

DonD · Nov 12, 2011

Hi,

Here is the Extra.txt log from the OTL process.

OTL Extras logfile created on: 11/11/2011 7:52:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Don DeVoto\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 284.30 Mb Available Physical Memory | 27.82% Memory free
1.65 Gb Paging File | 1.13 Gb Available in Paging File | 68.14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 39.49 Gb Free Space | 53.05% Space Free | Partition Type: NTFS
Drive F: | 74.40 Gb Total Space | 35.52 Gb Free Space | 47.74% Space Free | Partition Type: NTFS
Drive G: | 111.79 Gb Total Space | 61.66 Gb Free Space | 55.16% Space Free | Partition Type: NTFS
Drive H: | 74.40 Gb Total Space | 35.52 Gb Free Space | 47.74% Space Free | Partition Type: NTFS
Drive M: | 111.79 Gb Total Space | 61.66 Gb Free Space | 55.16% Space Free | Partition Type: NTFS
Drive P: | 74.40 Gb Total Space | 35.52 Gb Free Space | 47.74% Space Free | Partition Type: NTFS
Drive R: | 145.65 Gb Total Space | 23.28 Gb Free Space | 15.98% Space Free | Partition Type: NTFS
Drive T: | 917.41 Gb Total Space | 833.94 Gb Free Space | 90.90% Space Free | Partition Type: NTFS
Drive W: | 298.03 Gb Total Space | 181.95 Gb Free Space | 61.05% Space Free | Partition Type: NTFS

Computer Name: D3 | User Name: don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.ini [@ = UltraEdit.ini] -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = UltraEdit.txt] -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager" = %ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager
"%ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application" = %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application
"%ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager" = %ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled

xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002
"123:TCP" = 123:TCP:*:Enabled:Windows Time

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled

xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{004F0409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1 Runtime
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{0AA362AB-BB1E-4414-AF04-3EA10297D817}" = Cloudmark Desktop for Microsoft Outlook
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6EF59C2E-E355-4AA8-B18A-3E19A7B8EDE9}" = UltraEdit 16.10
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{967204A8-8CE2-40F5-AD6A-21D8D63DB3A8}" = Attendance Rx
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9FAA6A0D-02C7-48AF-BB8B-E06F2D4A863D}" = frameworks Canada
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2006
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5F9E6AA-7075-49EC-992F-A6213C73607F}" = Adobe Photoshop Album
"{DE1CB39F-3EA5-4356-9D40-FFFA82C134D0}" = Cloudmark Desktop for Microsoft Outlook
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.3 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Image Viewer Plugin" = Adobe Image Viewer Plugin 4.0
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Backup4all 3_is1" = Backup4all 3
"BoundsChecker 6.5 VC" = NuMega BoundsChecker 6.5 Visual C++ Edition
"CANONBJ_Deinstall_CNMCP4B.DLL" = Canon i850
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"EscapeE" = RedTitan EscapeE
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LSA IRIS" = LSA IRIS
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSVC50" = Microsoft Visual C++ 5.0
"NetLib Encryptionizer DE Distribution-2008.6.22.0" = NetLib Encryptionizer DE Distribution
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NovaXchange" = NovaXchange for Windows NT
"NVIDIA Drivers" = NVIDIA Drivers
"Q903235" = Internet Explorer Q903235
"QuickTime32" = QuickTime for Windows (32-bit)
"Shockwave" = Shockwave
"Tweak UI 2.10" = Tweak UI
"VisualFoxPro.5" = Microsoft Visual FoxPro 5.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2011 4:57:55 PM | Computer Name = D3 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 11/10/2011 6:09:10 PM | Computer Name = D3 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 11/10/2011 6:18:29 PM | Computer Name = D3 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 11/11/2011 9:50:06 AM | Computer Name = D3 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 11/11/2011 9:50:09 AM | Computer Name = D3 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\txprop\dtcinfo.cpp(158),
hr = 8000ffff: TransactionManager->GetWhereaboutsSi

Error - 11/11/2011 10:23:59 AM | Computer Name = D3 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 11/11/2011 1:57:27 PM | Computer Name = D3 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 11/11/2011 7:19:56 PM | Computer Name = D3 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 11/11/2011 7:19:57 PM | Computer Name = D3 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\txprop\dtcinfo.cpp(158),
hr = 8000ffff: TransactionManager->GetWhereaboutsSi

Error - 11/11/2011 8:21:07 PM | Computer Name = D3 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

[ System Events ]
Error - 11/11/2011 1:57:19 PM | Computer Name = D3 | Source = PSched | ID = 14105
Description = QoS [Adapter {A14D5FFA-4DCF-4B75-9FEB-E85075658748}]: The UpperBindings
key is missing from the registry.

Error - 11/11/2011 1:57:19 PM | Computer Name = D3 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.

Error - 11/11/2011 7:19:43 PM | Computer Name = D3 | Source = PSched | ID = 14105
Description = QoS [Adapter {A14D5FFA-4DCF-4B75-9FEB-E85075658748}]: The UpperBindings
key is missing from the registry.

Error - 11/11/2011 7:19:58 PM | Computer Name = D3 | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 11/11/2011 8:20:42 PM | Computer Name = D3 | Source = PSched | ID = 14105
Description = QoS [Adapter {A14D5FFA-4DCF-4B75-9FEB-E85075658748}]: The UpperBindings
key is missing from the registry.

Error - 11/11/2011 8:21:32 PM | Computer Name = D3 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

< End of report >

Let me know what the next step is?

Thanks,

Don

Broni · Nov 12, 2011

Good news

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

===================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O15 - HKU\S-1-5-21-2856520603-3757435101-1358250142-1006\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} http://toolbar.google.com/data/GoogleActivate.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...602.2634837963 (Reg Error: Key error.)
O16 - DPF: {A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6} http://www.splashspot.com/ssviewer2/2.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
[679 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[52 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2008/03/24 10:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/24 10:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don DeVoto\Application Data\Viewpoint


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

DonD · Nov 14, 2011

Hi,

Here are the logs you asked for. I have to break them up into multiple posts.

Here is the OTL log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2856520603-3757435101-1358250142-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2856520603-3757435101-1358250142-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2856520603-3757435101-1358250142-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2856520603-3757435101-1358250142-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\office\ deleted successfully.
Starting removal of ActiveX control {41F17733-B041-4099-A042-B518BB6A408C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Starting removal of ActiveX control {8EDAD21C-3584-4E66-A8AB-EB0E5584767D}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6}
C:\WINDOWS\Downloaded Program Files\ssviewer.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control ppctlcab
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ppctlcab\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ppctlcab\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ppctlcab\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\OLDBA.tmp deleted successfully.
C:\WINDOWS\System32\OLDBD.tmp deleted successfully.
C:\WINDOWS\System32\SET135.tmp deleted successfully.
C:\WINDOWS\System32\SET138.tmp deleted successfully.
C:\WINDOWS\System32\SET139.tmp deleted successfully.
C:\WINDOWS\System32\SET13B.tmp deleted successfully.
C:\WINDOWS\System32\SET13D.tmp deleted successfully.
C:\WINDOWS\System32\SET13E.tmp deleted successfully.
C:\WINDOWS\System32\SET13F.tmp deleted successfully.
C:\WINDOWS\System32\SET146.tmp deleted successfully.
C:\WINDOWS\System32\SET146A.tmp deleted successfully.
C:\WINDOWS\System32\SET146B.tmp deleted successfully.
C:\WINDOWS\System32\SET146E.tmp deleted successfully.
C:\WINDOWS\System32\SET146F.tmp deleted successfully.
C:\WINDOWS\System32\SET147.tmp deleted successfully.
C:\WINDOWS\System32\SET1473.tmp deleted successfully.
C:\WINDOWS\System32\SET14A.tmp deleted successfully.
C:\WINDOWS\System32\SET14A5.tmp deleted successfully.
C:\WINDOWS\System32\SET14F.tmp deleted successfully.
C:\WINDOWS\System32\SET150.tmp deleted successfully.
C:\WINDOWS\System32\SET151.tmp deleted successfully.
C:\WINDOWS\System32\SET153.tmp deleted successfully.
C:\WINDOWS\System32\SET154.tmp deleted successfully.
C:\WINDOWS\System32\SET155.tmp deleted successfully.
C:\WINDOWS\System32\SET156.tmp deleted successfully.
C:\WINDOWS\System32\SET157.tmp deleted successfully.
C:\WINDOWS\System32\SET159.tmp deleted successfully.
C:\WINDOWS\System32\SET15A.tmp deleted successfully.
C:\WINDOWS\System32\SET15B.tmp deleted successfully.
C:\WINDOWS\System32\SET15E.tmp deleted successfully.
C:\WINDOWS\System32\SET165.tmp deleted successfully.
C:\WINDOWS\System32\SET166.tmp deleted successfully.
C:\WINDOWS\System32\SET167.tmp deleted successfully.
C:\WINDOWS\System32\SET16A.tmp deleted successfully.
C:\WINDOWS\System32\SET16B.tmp deleted successfully.
C:\WINDOWS\System32\SET16C.tmp deleted successfully.
C:\WINDOWS\System32\SET16D.tmp deleted successfully.
C:\WINDOWS\System32\SET170.tmp deleted successfully.
C:\WINDOWS\System32\SET173.tmp deleted successfully.
C:\WINDOWS\System32\SET175.tmp deleted successfully.
C:\WINDOWS\System32\SET176.tmp deleted successfully.
C:\WINDOWS\System32\SET177.tmp deleted successfully.
C:\WINDOWS\System32\SET179.tmp deleted successfully.
C:\WINDOWS\System32\SET17A.tmp deleted successfully.
C:\WINDOWS\System32\SET17E.tmp deleted successfully.
C:\WINDOWS\System32\SET17F.tmp deleted successfully.
C:\WINDOWS\System32\SET180.tmp deleted successfully.
C:\WINDOWS\System32\SET181.tmp deleted successfully.
C:\WINDOWS\System32\SET182.tmp deleted successfully.
C:\WINDOWS\System32\SET185.tmp deleted successfully.
C:\WINDOWS\System32\SET188.tmp deleted successfully.
C:\WINDOWS\System32\SET18D.tmp deleted successfully.
C:\WINDOWS\System32\SET18E.tmp deleted successfully.
C:\WINDOWS\System32\SET191.tmp deleted successfully.
C:\WINDOWS\System32\SET192.tmp deleted successfully.
C:\WINDOWS\System32\SET194.tmp deleted successfully.
C:\WINDOWS\System32\SET195.tmp deleted successfully.
C:\WINDOWS\System32\SET19C.tmp deleted successfully.
C:\WINDOWS\System32\SET19D.tmp deleted successfully.
C:\WINDOWS\System32\SET19F.tmp deleted successfully.
C:\WINDOWS\System32\SET1A2.tmp deleted successfully.
C:\WINDOWS\System32\SET1A3.tmp deleted successfully.
C:\WINDOWS\System32\SET1AC.tmp deleted successfully.
C:\WINDOWS\System32\SET1AD.tmp deleted successfully.
C:\WINDOWS\System32\SET1B0.tmp deleted successfully.
C:\WINDOWS\System32\SET1B2.tmp deleted successfully.
C:\WINDOWS\System32\SET1B3.tmp deleted successfully.
C:\WINDOWS\System32\SET1B4.tmp deleted successfully.
C:\WINDOWS\System32\SET1B5.tmp deleted successfully.
C:\WINDOWS\System32\SET1B6.tmp deleted successfully.
C:\WINDOWS\System32\SET1B7.tmp deleted successfully.
C:\WINDOWS\System32\SET1BB.tmp deleted successfully.
C:\WINDOWS\System32\SET1C7.tmp deleted successfully.
C:\WINDOWS\System32\SET1CC.tmp deleted successfully.
C:\WINDOWS\System32\SET1CE.tmp deleted successfully.
C:\WINDOWS\System32\SET1D0.tmp deleted successfully.
C:\WINDOWS\System32\SET1D1.tmp deleted successfully.
C:\WINDOWS\System32\SET1D2.tmp deleted successfully.
C:\WINDOWS\System32\SET1D3.tmp deleted successfully.
C:\WINDOWS\System32\SET1D5.tmp deleted successfully.
C:\WINDOWS\System32\SET1D6.tmp deleted successfully.
C:\WINDOWS\System32\SET1DA.tmp deleted successfully.
C:\WINDOWS\System32\SET1DB.tmp deleted successfully.
C:\WINDOWS\System32\SET1DE.tmp deleted successfully.
C:\WINDOWS\System32\SET1DF.tmp deleted successfully.
C:\WINDOWS\System32\SET1E0.tmp deleted successfully.
C:\WINDOWS\System32\SET1E4.tmp deleted successfully.
C:\WINDOWS\System32\SET1E6.tmp deleted successfully.
C:\WINDOWS\System32\SET1E7.tmp deleted successfully.
C:\WINDOWS\System32\SET1E8.tmp deleted successfully.
C:\WINDOWS\System32\SET1F0.tmp deleted successfully.
C:\WINDOWS\System32\SET1F6.tmp deleted successfully.
C:\WINDOWS\System32\SET1F7.tmp deleted successfully.
C:\WINDOWS\System32\SET1F8.tmp deleted successfully.
C:\WINDOWS\System32\SET1F9.tmp deleted successfully.
C:\WINDOWS\System32\SET1FB.tmp deleted successfully.
C:\WINDOWS\System32\SET200.tmp deleted successfully.
C:\WINDOWS\System32\SET201.tmp deleted successfully.
C:\WINDOWS\System32\SET205.tmp deleted successfully.
C:\WINDOWS\System32\SET207.tmp deleted successfully.
C:\WINDOWS\System32\SET20D.tmp deleted successfully.
C:\WINDOWS\System32\SET20F.tmp deleted successfully.
C:\WINDOWS\System32\SET211.tmp deleted successfully.
C:\WINDOWS\System32\SET212.tmp deleted successfully.
C:\WINDOWS\System32\SET213.tmp deleted successfully.
C:\WINDOWS\System32\SET215.tmp deleted successfully.
C:\WINDOWS\System32\SET21E.tmp deleted successfully.
C:\WINDOWS\System32\SET222.tmp deleted successfully.
C:\WINDOWS\System32\SET223.tmp deleted successfully.
C:\WINDOWS\System32\SET226.tmp deleted successfully.
C:\WINDOWS\System32\SET228.tmp deleted successfully.
C:\WINDOWS\System32\SET22B.tmp deleted successfully.
C:\WINDOWS\System32\SET22F.tmp deleted successfully.
C:\WINDOWS\System32\SET233.tmp deleted successfully.
C:\WINDOWS\System32\SET234.tmp deleted successfully.
C:\WINDOWS\System32\SET23A.tmp deleted successfully.
C:\WINDOWS\System32\SET23C.tmp deleted successfully.
C:\WINDOWS\System32\SET23D.tmp deleted successfully.
C:\WINDOWS\System32\SET23E.tmp deleted successfully.
C:\WINDOWS\System32\SET240.tmp deleted successfully.
C:\WINDOWS\System32\SET241.tmp deleted successfully.
C:\WINDOWS\System32\SET243.tmp deleted successfully.
C:\WINDOWS\System32\SET244.tmp deleted successfully.
C:\WINDOWS\System32\SET245.tmp deleted successfully.
C:\WINDOWS\System32\SET246.tmp deleted successfully.
C:\WINDOWS\System32\SET247.tmp deleted successfully.
C:\WINDOWS\System32\SET248.tmp deleted successfully.
C:\WINDOWS\System32\SET24A.tmp deleted successfully.
C:\WINDOWS\System32\SET24C.tmp deleted successfully.
C:\WINDOWS\System32\SET24D.tmp deleted successfully.
C:\WINDOWS\System32\SET24E.tmp deleted successfully.
C:\WINDOWS\System32\SET251.tmp deleted successfully.
C:\WINDOWS\System32\SET252.tmp deleted successfully.
C:\WINDOWS\System32\SET253.tmp deleted successfully.
C:\WINDOWS\System32\SET254.tmp deleted successfully.
C:\WINDOWS\System32\SET255.tmp deleted successfully.
C:\WINDOWS\System32\SET256.tmp deleted successfully.
C:\WINDOWS\System32\SET258.tmp deleted successfully.
C:\WINDOWS\System32\SET25A.tmp deleted successfully.
C:\WINDOWS\System32\SET25B.tmp deleted successfully.
C:\WINDOWS\System32\SET25C.tmp deleted successfully.
C:\WINDOWS\System32\SET25D.tmp deleted successfully.
C:\WINDOWS\System32\SET25E.tmp deleted successfully.
C:\WINDOWS\System32\SET25F.tmp deleted successfully.
C:\WINDOWS\System32\SET260.tmp deleted successfully.
C:\WINDOWS\System32\SET261.tmp deleted successfully.
C:\WINDOWS\System32\SET262.tmp deleted successfully.
C:\WINDOWS\System32\SET263.tmp deleted successfully.
C:\WINDOWS\System32\SET264.tmp deleted successfully.
C:\WINDOWS\System32\SET265.tmp deleted successfully.
C:\WINDOWS\System32\SET266.tmp deleted successfully.
C:\WINDOWS\System32\SET267.tmp deleted successfully.
C:\WINDOWS\System32\SET268.tmp deleted successfully.
C:\WINDOWS\System32\SET269.tmp deleted successfully.
C:\WINDOWS\System32\SET26A.tmp deleted successfully.
C:\WINDOWS\System32\SET26B.tmp deleted successfully.
C:\WINDOWS\System32\SET26C.tmp deleted successfully.
C:\WINDOWS\System32\SET26D.tmp deleted successfully.
C:\WINDOWS\System32\SET26E.tmp deleted successfully.
C:\WINDOWS\System32\SET26F.tmp deleted successfully.
C:\WINDOWS\System32\SET270.tmp deleted successfully.
C:\WINDOWS\System32\SET271.tmp deleted successfully.
C:\WINDOWS\System32\SET272.tmp deleted successfully.
C:\WINDOWS\System32\SET273.tmp deleted successfully.
C:\WINDOWS\System32\SET274.tmp deleted successfully.
C:\WINDOWS\System32\SET275.tmp deleted successfully.
C:\WINDOWS\System32\SET276.tmp deleted successfully.
C:\WINDOWS\System32\SET278.tmp deleted successfully.
C:\WINDOWS\System32\SET279.tmp deleted successfully.
C:\WINDOWS\System32\SET27A.tmp deleted successfully.
C:\WINDOWS\System32\SET27C.tmp deleted successfully.
C:\WINDOWS\System32\SET27D.tmp deleted successfully.
C:\WINDOWS\System32\SET27E.tmp deleted successfully.
C:\WINDOWS\System32\SET280.tmp deleted successfully.
C:\WINDOWS\System32\SET283.tmp deleted successfully.
C:\WINDOWS\System32\SET284.tmp deleted successfully.
C:\WINDOWS\System32\SET286.tmp deleted successfully.
C:\WINDOWS\System32\SET288.tmp deleted successfully.
C:\WINDOWS\System32\SET289.tmp deleted successfully.
C:\WINDOWS\System32\SET28A.tmp deleted successfully.
C:\WINDOWS\System32\SET28F.tmp deleted successfully.
C:\WINDOWS\System32\SET290.tmp deleted successfully.
C:\WINDOWS\System32\SET291.tmp deleted successfully.
C:\WINDOWS\System32\SET293.tmp deleted successfully.
C:\WINDOWS\System32\SET296.tmp deleted successfully.
C:\WINDOWS\System32\SET298.tmp deleted successfully.
C:\WINDOWS\System32\SET299.tmp deleted successfully.
C:\WINDOWS\System32\SET29C.tmp deleted successfully.
C:\WINDOWS\System32\SET29D.tmp deleted successfully.
C:\WINDOWS\System32\SET2A3.tmp deleted successfully.
C:\WINDOWS\System32\SET2A4.tmp deleted successfully.
C:\WINDOWS\System32\SET2A7.tmp deleted successfully.
C:\WINDOWS\System32\SET2AB.tmp deleted successfully.
C:\WINDOWS\System32\SET2AF.tmp deleted successfully.
C:\WINDOWS\System32\SET2B5.tmp deleted successfully.
C:\WINDOWS\System32\SET2B6.tmp deleted successfully.
C:\WINDOWS\System32\SET2BA.tmp deleted successfully.
C:\WINDOWS\System32\SET2C0.tmp deleted successfully.
C:\WINDOWS\System32\SET2C1.tmp deleted successfully.
C:\WINDOWS\System32\SET2C3.tmp deleted successfully.
C:\WINDOWS\System32\SET2C4.tmp deleted successfully.
C:\WINDOWS\System32\SET2CA.tmp deleted successfully.
C:\WINDOWS\System32\SET2CB.tmp deleted successfully.
C:\WINDOWS\System32\SET2CC.tmp deleted successfully.
C:\WINDOWS\System32\SET2CD.tmp deleted successfully.
C:\WINDOWS\System32\SET2CE.tmp deleted successfully.
C:\WINDOWS\System32\SET2CF.tmp deleted successfully.
C:\WINDOWS\System32\SET2D1.tmp deleted successfully.
C:\WINDOWS\System32\SET2D3.tmp deleted successfully.
C:\WINDOWS\System32\SET2D6.tmp deleted successfully.
C:\WINDOWS\System32\SET2DB.tmp deleted successfully.
C:\WINDOWS\System32\SET2DC.tmp deleted successfully.
C:\WINDOWS\System32\SET2DD.tmp deleted successfully.
C:\WINDOWS\System32\SET2DE.tmp deleted successfully.
C:\WINDOWS\System32\SET2E1.tmp deleted successfully.
C:\WINDOWS\System32\SET2E3.tmp deleted successfully.
C:\WINDOWS\System32\SET2E4.tmp deleted successfully.
C:\WINDOWS\System32\SET2E5.tmp deleted successfully.
C:\WINDOWS\System32\SET2E7.tmp deleted successfully.
C:\WINDOWS\System32\SET2E8.tmp deleted successfully.
C:\WINDOWS\System32\SET2ED.tmp deleted successfully.
C:\WINDOWS\System32\SET2EF.tmp deleted successfully.
C:\WINDOWS\System32\SET2F0.tmp deleted successfully.
C:\WINDOWS\System32\SET2F6.tmp deleted successfully.
C:\WINDOWS\System32\SET301.tmp deleted successfully.
C:\WINDOWS\System32\SET304.tmp deleted successfully.
C:\WINDOWS\System32\SET305.tmp deleted successfully.
C:\WINDOWS\System32\SET306.tmp deleted successfully.
C:\WINDOWS\System32\SET309.tmp deleted successfully.
C:\WINDOWS\System32\SET311.tmp deleted successfully.
C:\WINDOWS\System32\SET318.tmp deleted successfully.
C:\WINDOWS\System32\SET31A.tmp deleted successfully.
C:\WINDOWS\System32\SET320.tmp deleted successfully.
C:\WINDOWS\System32\SET323.tmp deleted successfully.
C:\WINDOWS\System32\SET325.tmp deleted successfully.
C:\WINDOWS\System32\SET337.tmp deleted successfully.
C:\WINDOWS\System32\SET33B.tmp deleted successfully.
C:\WINDOWS\System32\SET33D.tmp deleted successfully.
C:\WINDOWS\System32\SET33F.tmp deleted successfully.
C:\WINDOWS\System32\SET345.tmp deleted successfully.
C:\WINDOWS\System32\SET346.tmp deleted successfully.
C:\WINDOWS\System32\SET349.tmp deleted successfully.
C:\WINDOWS\System32\SET354.tmp deleted successfully.
C:\WINDOWS\System32\SET357.tmp deleted successfully.
C:\WINDOWS\System32\SET35D.tmp deleted successfully.
C:\WINDOWS\System32\SET35F.tmp deleted successfully.
C:\WINDOWS\System32\SET360.tmp deleted successfully.
C:\WINDOWS\System32\SET361.tmp deleted successfully.
C:\WINDOWS\System32\SET367.tmp deleted successfully.
C:\WINDOWS\System32\SET36B.tmp deleted successfully.
C:\WINDOWS\System32\SET379.tmp deleted successfully.
C:\WINDOWS\System32\SET37B.tmp deleted successfully.
C:\WINDOWS\System32\SET37C.tmp deleted successfully.
C:\WINDOWS\System32\SET37D.tmp deleted successfully.
C:\WINDOWS\System32\SET385.tmp deleted successfully.
C:\WINDOWS\System32\SET389.tmp deleted successfully.
C:\WINDOWS\System32\SET38E.tmp deleted successfully.
C:\WINDOWS\System32\SET394.tmp deleted successfully.
C:\WINDOWS\System32\SET3A4.tmp deleted successfully.
C:\WINDOWS\System32\SET3A5.tmp deleted successfully.
C:\WINDOWS\System32\SET3AA.tmp deleted successfully.
C:\WINDOWS\System32\SET3B4.tmp deleted successfully.
C:\WINDOWS\System32\SET3C6.tmp deleted successfully.
C:\WINDOWS\System32\SET3C7.tmp deleted successfully.
C:\WINDOWS\System32\SET3CA.tmp deleted successfully.
C:\WINDOWS\System32\SET3CF.tmp deleted successfully.
C:\WINDOWS\System32\SET3D1.tmp deleted successfully.
C:\WINDOWS\System32\SET3D9.tmp deleted successfully.
C:\WINDOWS\System32\SET3DA.tmp deleted successfully.
C:\WINDOWS\System32\SET3DC.tmp deleted successfully.
C:\WINDOWS\System32\SET3DD.tmp deleted successfully.
C:\WINDOWS\System32\SET3DE.tmp deleted successfully.
C:\WINDOWS\System32\SET3DF.tmp deleted successfully.
C:\WINDOWS\System32\SET3E1.tmp deleted successfully.
C:\WINDOWS\System32\SET3E3.tmp deleted successfully.
C:\WINDOWS\System32\SET3E4.tmp deleted successfully.
C:\WINDOWS\System32\SET3E5.tmp deleted successfully.
C:\WINDOWS\System32\SET3E8.tmp deleted successfully.
C:\WINDOWS\System32\SET3EA.tmp deleted successfully.
C:\WINDOWS\System32\SET3EF.tmp deleted successfully.
C:\WINDOWS\System32\SET3F0.tmp deleted successfully.
C:\WINDOWS\System32\SET3F8.tmp deleted successfully.
C:\WINDOWS\System32\SET3FF.tmp deleted successfully.
C:\WINDOWS\System32\SET401.tmp deleted successfully.
C:\WINDOWS\System32\SET404.tmp deleted successfully.
C:\WINDOWS\System32\SET407.tmp deleted successfully.
C:\WINDOWS\System32\SET40A.tmp deleted successfully.
C:\WINDOWS\System32\SET40C.tmp deleted successfully.
C:\WINDOWS\System32\SET410.tmp deleted successfully.
C:\WINDOWS\System32\SET412.tmp deleted successfully.
C:\WINDOWS\System32\SET413.tmp deleted successfully.
C:\WINDOWS\System32\SET414.tmp deleted successfully.
C:\WINDOWS\System32\SET418.tmp deleted successfully.
C:\WINDOWS\System32\SET419.tmp deleted successfully.
C:\WINDOWS\System32\SET41D.tmp deleted successfully.
C:\WINDOWS\System32\SET41E.tmp deleted successfully.
C:\WINDOWS\System32\SET421.tmp deleted successfully.
C:\WINDOWS\System32\SET428.tmp deleted successfully.
C:\WINDOWS\System32\SET42B.tmp deleted successfully.
C:\WINDOWS\System32\SET42F.tmp deleted successfully.
C:\WINDOWS\System32\SET431.tmp deleted successfully.
C:\WINDOWS\System32\SET433.tmp deleted successfully.
C:\WINDOWS\System32\SET51.tmp deleted successfully.
C:\WINDOWS\System32\SET52.tmp deleted successfully.
C:\WINDOWS\System32\SET54.tmp deleted successfully.
C:\WINDOWS\System32\SET55.tmp deleted successfully.
C:\WINDOWS\System32\SET56.tmp deleted successfully.
C:\WINDOWS\System32\SET57.tmp deleted successfully.
C:\WINDOWS\System32\SET58.tmp deleted successfully.
C:\WINDOWS\System32\SET5A.tmp deleted successfully.
C:\WINDOWS\System32\SET5C.tmp deleted successfully.
C:\WINDOWS\System32\SET5D.tmp deleted successfully.
C:\WINDOWS\System32\SET5E.tmp deleted successfully.
C:\WINDOWS\System32\SET61.tmp deleted successfully.
C:\WINDOWS\System32\SET62.tmp deleted successfully.

Continued next post.

DonD · Nov 14, 2011

C:\WINDOWS\System32\SET62C.tmp deleted successfully.
C:\WINDOWS\System32\SET62F.tmp deleted successfully.
C:\WINDOWS\System32\SET63.tmp deleted successfully.
C:\WINDOWS\System32\SET630.tmp deleted successfully.
C:\WINDOWS\System32\SET632.tmp deleted successfully.
C:\WINDOWS\System32\SET634.tmp deleted successfully.
C:\WINDOWS\System32\SET635.tmp deleted successfully.
C:\WINDOWS\System32\SET636.tmp deleted successfully.
C:\WINDOWS\System32\SET63D.tmp deleted successfully.
C:\WINDOWS\System32\SET63E.tmp deleted successfully.
C:\WINDOWS\System32\SET64.tmp deleted successfully.
C:\WINDOWS\System32\SET641.tmp deleted successfully.
C:\WINDOWS\System32\SET646.tmp deleted successfully.
C:\WINDOWS\System32\SET647.tmp deleted successfully.
C:\WINDOWS\System32\SET648.tmp deleted successfully.
C:\WINDOWS\System32\SET64A.tmp deleted successfully.
C:\WINDOWS\System32\SET64B.tmp deleted successfully.
C:\WINDOWS\System32\SET64C.tmp deleted successfully.
C:\WINDOWS\System32\SET64D.tmp deleted successfully.
C:\WINDOWS\System32\SET64E.tmp deleted successfully.
C:\WINDOWS\System32\SET65.tmp deleted successfully.
C:\WINDOWS\System32\SET650.tmp deleted successfully.
C:\WINDOWS\System32\SET651.tmp deleted successfully.
C:\WINDOWS\System32\SET652.tmp deleted successfully.
C:\WINDOWS\System32\SET655.tmp deleted successfully.
C:\WINDOWS\System32\SET65C.tmp deleted successfully.
C:\WINDOWS\System32\SET65D.tmp deleted successfully.
C:\WINDOWS\System32\SET65E.tmp deleted successfully.
C:\WINDOWS\System32\SET66.tmp deleted successfully.
C:\WINDOWS\System32\SET661.tmp deleted successfully.
C:\WINDOWS\System32\SET662.tmp deleted successfully.
C:\WINDOWS\System32\SET663.tmp deleted successfully.
C:\WINDOWS\System32\SET664.tmp deleted successfully.
C:\WINDOWS\System32\SET667.tmp deleted successfully.
C:\WINDOWS\System32\SET66A.tmp deleted successfully.
C:\WINDOWS\System32\SET66C.tmp deleted successfully.
C:\WINDOWS\System32\SET66D.tmp deleted successfully.
C:\WINDOWS\System32\SET66E.tmp deleted successfully.
C:\WINDOWS\System32\SET670.tmp deleted successfully.
C:\WINDOWS\System32\SET671.tmp deleted successfully.
C:\WINDOWS\System32\SET675.tmp deleted successfully.
C:\WINDOWS\System32\SET676.tmp deleted successfully.
C:\WINDOWS\System32\SET677.tmp deleted successfully.
C:\WINDOWS\System32\SET678.tmp deleted successfully.
C:\WINDOWS\System32\SET679.tmp deleted successfully.
C:\WINDOWS\System32\SET67C.tmp deleted successfully.
C:\WINDOWS\System32\SET67F.tmp deleted successfully.
C:\WINDOWS\System32\SET68.tmp deleted successfully.
C:\WINDOWS\System32\SET684.tmp deleted successfully.
C:\WINDOWS\System32\SET685.tmp deleted successfully.
C:\WINDOWS\System32\SET688.tmp deleted successfully.
C:\WINDOWS\System32\SET689.tmp deleted successfully.
C:\WINDOWS\System32\SET68B.tmp deleted successfully.
C:\WINDOWS\System32\SET68C.tmp deleted successfully.
C:\WINDOWS\System32\SET69.tmp deleted successfully.
C:\WINDOWS\System32\SET693.tmp deleted successfully.
C:\WINDOWS\System32\SET694.tmp deleted successfully.
C:\WINDOWS\System32\SET696.tmp deleted successfully.
C:\WINDOWS\System32\SET699.tmp deleted successfully.
C:\WINDOWS\System32\SET69A.tmp deleted successfully.
C:\WINDOWS\System32\SET6A.tmp deleted successfully.
C:\WINDOWS\System32\SET6A3.tmp deleted successfully.
C:\WINDOWS\System32\SET6A4.tmp deleted successfully.
C:\WINDOWS\System32\SET6A7.tmp deleted successfully.
C:\WINDOWS\System32\SET6A9.tmp deleted successfully.
C:\WINDOWS\System32\SET6AA.tmp deleted successfully.
C:\WINDOWS\System32\SET6AB.tmp deleted successfully.
C:\WINDOWS\System32\SET6AC.tmp deleted successfully.
C:\WINDOWS\System32\SET6AD.tmp deleted successfully.
C:\WINDOWS\System32\SET6AE.tmp deleted successfully.
C:\WINDOWS\System32\SET6B.tmp deleted successfully.
C:\WINDOWS\System32\SET6B2.tmp deleted successfully.
C:\WINDOWS\System32\SET6BE.tmp deleted successfully.
C:\WINDOWS\System32\SET6C.tmp deleted successfully.
C:\WINDOWS\System32\SET6C3.tmp deleted successfully.
C:\WINDOWS\System32\SET6C5.tmp deleted successfully.
C:\WINDOWS\System32\SET6C7.tmp deleted successfully.
C:\WINDOWS\System32\SET6C8.tmp deleted successfully.
C:\WINDOWS\System32\SET6C9.tmp deleted successfully.
C:\WINDOWS\System32\SET6CC.tmp deleted successfully.
C:\WINDOWS\System32\SET6CD.tmp deleted successfully.
C:\WINDOWS\System32\SET6D.tmp deleted successfully.
C:\WINDOWS\System32\SET6D1.tmp deleted successfully.
C:\WINDOWS\System32\SET6D2.tmp deleted successfully.
C:\WINDOWS\System32\SET6D5.tmp deleted successfully.
C:\WINDOWS\System32\SET6D6.tmp deleted successfully.
C:\WINDOWS\System32\SET6D7.tmp deleted successfully.
C:\WINDOWS\System32\SET6DB.tmp deleted successfully.
C:\WINDOWS\System32\SET6DC.tmp deleted successfully.
C:\WINDOWS\System32\SET6DD.tmp deleted successfully.
C:\WINDOWS\System32\SET6DE.tmp deleted successfully.
C:\WINDOWS\System32\SET6DF.tmp deleted successfully.
C:\WINDOWS\System32\SET6E.tmp deleted successfully.
C:\WINDOWS\System32\SET6E7.tmp deleted successfully.
C:\WINDOWS\System32\SET6ED.tmp deleted successfully.
C:\WINDOWS\System32\SET6EE.tmp deleted successfully.
C:\WINDOWS\System32\SET6EF.tmp deleted successfully.
C:\WINDOWS\System32\SET6F.tmp deleted successfully.
C:\WINDOWS\System32\SET6F0.tmp deleted successfully.
C:\WINDOWS\System32\SET6F2.tmp deleted successfully.
C:\WINDOWS\System32\SET6F7.tmp deleted successfully.
C:\WINDOWS\System32\SET6F8.tmp deleted successfully.
C:\WINDOWS\System32\SET6FC.tmp deleted successfully.
C:\WINDOWS\System32\SET6FE.tmp deleted successfully.
C:\WINDOWS\System32\SET70.tmp deleted successfully.
C:\WINDOWS\System32\SET704.tmp deleted successfully.
C:\WINDOWS\System32\SET706.tmp deleted successfully.
C:\WINDOWS\System32\SET708.tmp deleted successfully.
C:\WINDOWS\System32\SET709.tmp deleted successfully.
C:\WINDOWS\System32\SET70A.tmp deleted successfully.
C:\WINDOWS\System32\SET70C.tmp deleted successfully.
C:\WINDOWS\System32\SET71.tmp deleted successfully.
C:\WINDOWS\System32\SET715.tmp deleted successfully.
C:\WINDOWS\System32\SET719.tmp deleted successfully.
C:\WINDOWS\System32\SET71A.tmp deleted successfully.
C:\WINDOWS\System32\SET71D.tmp deleted successfully.
C:\WINDOWS\System32\SET71F.tmp deleted successfully.
C:\WINDOWS\System32\SET72.tmp deleted successfully.
C:\WINDOWS\System32\SET722.tmp deleted successfully.
C:\WINDOWS\System32\SET726.tmp deleted successfully.
C:\WINDOWS\System32\SET72A.tmp deleted successfully.
C:\WINDOWS\System32\SET72B.tmp deleted successfully.
C:\WINDOWS\System32\SET73.tmp deleted successfully.
C:\WINDOWS\System32\SET731.tmp deleted successfully.
C:\WINDOWS\System32\SET733.tmp deleted successfully.
C:\WINDOWS\System32\SET734.tmp deleted successfully.
C:\WINDOWS\System32\SET735.tmp deleted successfully.
C:\WINDOWS\System32\SET73C.tmp deleted successfully.
C:\WINDOWS\System32\SET73D.tmp deleted successfully.
C:\WINDOWS\System32\SET74.tmp deleted successfully.
C:\WINDOWS\System32\SET740.tmp deleted successfully.
C:\WINDOWS\System32\SET741.tmp deleted successfully.
C:\WINDOWS\System32\SET742.tmp deleted successfully.
C:\WINDOWS\System32\SET743.tmp deleted successfully.
C:\WINDOWS\System32\SET744.tmp deleted successfully.
C:\WINDOWS\System32\SET746.tmp deleted successfully.
C:\WINDOWS\System32\SET747.tmp deleted successfully.
C:\WINDOWS\System32\SET748.tmp deleted successfully.
C:\WINDOWS\System32\SET74A.tmp deleted successfully.
C:\WINDOWS\System32\SET74B.tmp deleted successfully.
C:\WINDOWS\System32\SET74C.tmp deleted successfully.
C:\WINDOWS\System32\SET74E.tmp deleted successfully.
C:\WINDOWS\System32\SET75.tmp deleted successfully.
C:\WINDOWS\System32\SET751.tmp deleted successfully.
C:\WINDOWS\System32\SET752.tmp deleted successfully.
C:\WINDOWS\System32\SET754.tmp deleted successfully.
C:\WINDOWS\System32\SET756.tmp deleted successfully.
C:\WINDOWS\System32\SET757.tmp deleted successfully.
C:\WINDOWS\System32\SET758.tmp deleted successfully.
C:\WINDOWS\System32\SET75D.tmp deleted successfully.
C:\WINDOWS\System32\SET75E.tmp deleted successfully.
C:\WINDOWS\System32\SET75F.tmp deleted successfully.
C:\WINDOWS\System32\SET76.tmp deleted successfully.
C:\WINDOWS\System32\SET761.tmp deleted successfully.
C:\WINDOWS\System32\SET764.tmp deleted successfully.
C:\WINDOWS\System32\SET766.tmp deleted successfully.
C:\WINDOWS\System32\SET767.tmp deleted successfully.
C:\WINDOWS\System32\SET76A.tmp deleted successfully.
C:\WINDOWS\System32\SET76B.tmp deleted successfully.
C:\WINDOWS\System32\SET77.tmp deleted successfully.
C:\WINDOWS\System32\SET771.tmp deleted successfully.
C:\WINDOWS\System32\SET772.tmp deleted successfully.
C:\WINDOWS\System32\SET774.tmp deleted successfully.
C:\WINDOWS\System32\SET775.tmp deleted successfully.
C:\WINDOWS\System32\SET779.tmp deleted successfully.
C:\WINDOWS\System32\SET77D.tmp deleted successfully.
C:\WINDOWS\System32\SET78.tmp deleted successfully.
C:\WINDOWS\System32\SET783.tmp deleted successfully.
C:\WINDOWS\System32\SET784.tmp deleted successfully.
C:\WINDOWS\System32\SET788.tmp deleted successfully.
C:\WINDOWS\System32\SET78E.tmp deleted successfully.
C:\WINDOWS\System32\SET78F.tmp deleted successfully.
C:\WINDOWS\System32\SET79.tmp deleted successfully.
C:\WINDOWS\System32\SET791.tmp deleted successfully.
C:\WINDOWS\System32\SET792.tmp deleted successfully.
C:\WINDOWS\System32\SET798.tmp deleted successfully.
C:\WINDOWS\System32\SET799.tmp deleted successfully.
C:\WINDOWS\System32\SET79A.tmp deleted successfully.
C:\WINDOWS\System32\SET79B.tmp deleted successfully.
C:\WINDOWS\System32\SET79C.tmp deleted successfully.
C:\WINDOWS\System32\SET79D.tmp deleted successfully.
C:\WINDOWS\System32\SET79F.tmp deleted successfully.
C:\WINDOWS\System32\SET7A.tmp deleted successfully.
C:\WINDOWS\System32\SET7A1.tmp deleted successfully.
C:\WINDOWS\System32\SET7A4.tmp deleted successfully.
C:\WINDOWS\System32\SET7A9.tmp deleted successfully.
C:\WINDOWS\System32\SET7AA.tmp deleted successfully.
C:\WINDOWS\System32\SET7AB.tmp deleted successfully.
C:\WINDOWS\System32\SET7AC.tmp deleted successfully.
C:\WINDOWS\System32\SET7AF.tmp deleted successfully.
C:\WINDOWS\System32\SET7B.tmp deleted successfully.
C:\WINDOWS\System32\SET7B1.tmp deleted successfully.
C:\WINDOWS\System32\SET7B2.tmp deleted successfully.
C:\WINDOWS\System32\SET7B3.tmp deleted successfully.
C:\WINDOWS\System32\SET7B5.tmp deleted successfully.
C:\WINDOWS\System32\SET7B6.tmp deleted successfully.
C:\WINDOWS\System32\SET7BB.tmp deleted successfully.
C:\WINDOWS\System32\SET7BD.tmp deleted successfully.
C:\WINDOWS\System32\SET7BE.tmp deleted successfully.
C:\WINDOWS\System32\SET7C.tmp deleted successfully.
C:\WINDOWS\System32\SET7C4.tmp deleted successfully.
C:\WINDOWS\System32\SET7CF.tmp deleted successfully.
C:\WINDOWS\System32\SET7D.tmp deleted successfully.
C:\WINDOWS\System32\SET7D2.tmp deleted successfully.
C:\WINDOWS\System32\SET7D3.tmp deleted successfully.
C:\WINDOWS\System32\SET7D4.tmp deleted successfully.
C:\WINDOWS\System32\SET7D7.tmp deleted successfully.
C:\WINDOWS\System32\SET7DF.tmp deleted successfully.
C:\WINDOWS\System32\SET7E.tmp deleted successfully.
C:\WINDOWS\System32\SET7E6.tmp deleted successfully.
C:\WINDOWS\System32\SET7E8.tmp deleted successfully.
C:\WINDOWS\System32\SET7EE.tmp deleted successfully.
C:\WINDOWS\System32\SET7F.tmp deleted successfully.
C:\WINDOWS\System32\SET7F1.tmp deleted successfully.
C:\WINDOWS\System32\SET7F3.tmp deleted successfully.
C:\WINDOWS\System32\SET80.tmp deleted successfully.
C:\WINDOWS\System32\SET805.tmp deleted successfully.
C:\WINDOWS\System32\SET809.tmp deleted successfully.
C:\WINDOWS\System32\SET80B.tmp deleted successfully.
C:\WINDOWS\System32\SET80D.tmp deleted successfully.
C:\WINDOWS\System32\SET81.tmp deleted successfully.
C:\WINDOWS\System32\SET813.tmp deleted successfully.
C:\WINDOWS\System32\SET814.tmp deleted successfully.
C:\WINDOWS\System32\SET817.tmp deleted successfully.
C:\WINDOWS\System32\SET82.tmp deleted successfully.
C:\WINDOWS\System32\SET822.tmp deleted successfully.
C:\WINDOWS\System32\SET825.tmp deleted successfully.
C:\WINDOWS\System32\SET82B.tmp deleted successfully.
C:\WINDOWS\System32\SET82D.tmp deleted successfully.
C:\WINDOWS\System32\SET82E.tmp deleted successfully.
C:\WINDOWS\System32\SET82F.tmp deleted successfully.
C:\WINDOWS\System32\SET83.tmp deleted successfully.
C:\WINDOWS\System32\SET835.tmp deleted successfully.
C:\WINDOWS\System32\SET839.tmp deleted successfully.
C:\WINDOWS\System32\SET847.tmp deleted successfully.
C:\WINDOWS\System32\SET849.tmp deleted successfully.
C:\WINDOWS\System32\SET84A.tmp deleted successfully.
C:\WINDOWS\System32\SET84B.tmp deleted successfully.
C:\WINDOWS\System32\SET85.tmp deleted successfully.
C:\WINDOWS\System32\SET857.tmp deleted successfully.
C:\WINDOWS\System32\SET85C.tmp deleted successfully.
C:\WINDOWS\System32\SET862.tmp deleted successfully.
C:\WINDOWS\System32\SET87.tmp deleted successfully.
C:\WINDOWS\System32\SET872.tmp deleted successfully.
C:\WINDOWS\System32\SET873.tmp deleted successfully.
C:\WINDOWS\System32\SET878.tmp deleted successfully.
C:\WINDOWS\System32\SET88.tmp deleted successfully.
C:\WINDOWS\System32\SET882.tmp deleted successfully.
C:\WINDOWS\System32\SET89.tmp deleted successfully.
C:\WINDOWS\System32\SET894.tmp deleted successfully.
C:\WINDOWS\System32\SET895.tmp deleted successfully.
C:\WINDOWS\System32\SET898.tmp deleted successfully.
C:\WINDOWS\System32\SET89D.tmp deleted successfully.
C:\WINDOWS\System32\SET89F.tmp deleted successfully.
C:\WINDOWS\System32\SET8A7.tmp deleted successfully.
C:\WINDOWS\System32\SET8A8.tmp deleted successfully.
C:\WINDOWS\System32\SET8AA.tmp deleted successfully.
C:\WINDOWS\System32\SET8AB.tmp deleted successfully.
C:\WINDOWS\System32\SET8AC.tmp deleted successfully.
C:\WINDOWS\System32\SET8AD.tmp deleted successfully.
C:\WINDOWS\System32\SET8AF.tmp deleted successfully.
C:\WINDOWS\System32\SET8B1.tmp deleted successfully.
C:\WINDOWS\System32\SET8B2.tmp deleted successfully.
C:\WINDOWS\System32\SET8B3.tmp deleted successfully.
C:\WINDOWS\System32\SET8B6.tmp deleted successfully.
C:\WINDOWS\System32\SET8B8.tmp deleted successfully.
C:\WINDOWS\System32\SET8BD.tmp deleted successfully.
C:\WINDOWS\System32\SET8BE.tmp deleted successfully.
C:\WINDOWS\System32\SET8C.tmp deleted successfully.
C:\WINDOWS\System32\SET8C6.tmp deleted successfully.
C:\WINDOWS\System32\SET8CD.tmp deleted successfully.
C:\WINDOWS\System32\SET8CF.tmp deleted successfully.
C:\WINDOWS\System32\SET8D.tmp deleted successfully.
C:\WINDOWS\System32\SET8D2.tmp deleted successfully.
C:\WINDOWS\System32\SET8D5.tmp deleted successfully.
C:\WINDOWS\System32\SET8D8.tmp deleted successfully.
C:\WINDOWS\System32\SET8DA.tmp deleted successfully.
C:\WINDOWS\System32\SET8DE.tmp deleted successfully.
C:\WINDOWS\System32\SET8E0.tmp deleted successfully.
C:\WINDOWS\System32\SET8E1.tmp deleted successfully.
C:\WINDOWS\System32\SET8E6.tmp deleted successfully.
C:\WINDOWS\System32\SET8E7.tmp deleted successfully.
C:\WINDOWS\System32\SET8EB.tmp deleted successfully.
C:\WINDOWS\System32\SET8EC.tmp deleted successfully.
C:\WINDOWS\System32\SET8EF.tmp deleted successfully.
C:\WINDOWS\System32\SET8F6.tmp deleted successfully.
C:\WINDOWS\System32\SET8F9.tmp deleted successfully.
C:\WINDOWS\System32\SET8FD.tmp deleted successfully.
C:\WINDOWS\System32\SET8FF.tmp deleted successfully.
C:\WINDOWS\System32\SET90.tmp deleted successfully.
C:\WINDOWS\System32\SET901.tmp deleted successfully.
C:\WINDOWS\System32\SET91.tmp deleted successfully.
C:\WINDOWS\System32\SET93.tmp deleted successfully.
C:\WINDOWS\System32\SET95.tmp deleted successfully.
C:\WINDOWS\System32\SET96.tmp deleted successfully.
C:\WINDOWS\System32\SET97.tmp deleted successfully.
C:\WINDOWS\System32\SET98.tmp deleted successfully.
C:\WINDOWS\System32\SET99.tmp deleted successfully.
C:\WINDOWS\System32\SET9A.tmp deleted successfully.
C:\WINDOWS\System32\SET9B.tmp deleted successfully.
C:\WINDOWS\System32\SET9F.tmp deleted successfully.
C:\WINDOWS\System32\SETA0.tmp deleted successfully.
C:\WINDOWS\System32\SETA1.tmp deleted successfully.
C:\WINDOWS\System32\SETA2.tmp deleted successfully.
C:\WINDOWS\System32\SETA3.tmp deleted successfully.
C:\WINDOWS\System32\SETA4.tmp deleted successfully.
C:\WINDOWS\System32\SETA5.tmp deleted successfully.
C:\WINDOWS\System32\SETA6.tmp deleted successfully.
C:\WINDOWS\System32\SETA7.tmp deleted successfully.
C:\WINDOWS\System32\SETA8.tmp deleted successfully.
C:\WINDOWS\System32\SETA9.tmp deleted successfully.
C:\WINDOWS\System32\SETAA.tmp deleted successfully.
C:\WINDOWS\System32\SETAB.tmp deleted successfully.
C:\WINDOWS\System32\SETAC.tmp deleted successfully.
C:\WINDOWS\System32\SETAD.tmp deleted successfully.
C:\WINDOWS\System32\SETAE.tmp deleted successfully.
C:\WINDOWS\System32\SETBA.tmp deleted successfully.
C:\WINDOWS\System32\SETBC.tmp deleted successfully.
C:\WINDOWS\System32\SETBD.tmp deleted successfully.
C:\WINDOWS\System32\SETBF.tmp deleted successfully.
C:\WINDOWS\System32\SETC0.tmp deleted successfully.
C:\WINDOWS\System32\SETC1.tmp deleted successfully.
C:\WINDOWS\System32\SETC2.tmp deleted successfully.
C:\WINDOWS\System32\SETC3.tmp deleted successfully.
C:\WINDOWS\System32\SETC4.tmp deleted successfully.
C:\WINDOWS\System32\SETC6.tmp deleted successfully.
C:\WINDOWS\System32\SETC8.tmp deleted successfully.
C:\WINDOWS\System32\SETC9.tmp deleted successfully.
C:\WINDOWS\System32\SETCA.tmp deleted successfully.
C:\WINDOWS\System32\SETCD.tmp deleted successfully.
C:\WINDOWS\System32\SETCE.tmp deleted successfully.
C:\WINDOWS\System32\SETD1.tmp deleted successfully.
C:\WINDOWS\System32\SETD2.tmp deleted successfully.
C:\WINDOWS\System32\SETD4.tmp deleted successfully.
C:\WINDOWS\System32\SETD6.tmp deleted successfully.
C:\WINDOWS\System32\SETD7.tmp deleted successfully.
C:\WINDOWS\System32\SETD8.tmp deleted successfully.
C:\WINDOWS\System32\SETD9.tmp deleted successfully.
C:\WINDOWS\System32\SETDA.tmp deleted successfully.
C:\WINDOWS\System32\SETDB.tmp deleted successfully.
C:\WINDOWS\System32\SETDC.tmp deleted successfully.
C:\WINDOWS\System32\SETE0.tmp deleted successfully.
C:\WINDOWS\System32\SETE1.tmp deleted successfully.
C:\WINDOWS\System32\SETE2.tmp deleted successfully.
C:\WINDOWS\System32\SETE3.tmp deleted successfully.
C:\WINDOWS\System32\SETE4.tmp deleted successfully.
C:\WINDOWS\System32\SETE5.tmp deleted successfully.
C:\WINDOWS\System32\SETE6.tmp deleted successfully.
C:\WINDOWS\System32\SETE7.tmp deleted successfully.
C:\WINDOWS\System32\SETE8.tmp deleted successfully.
C:\WINDOWS\System32\SETE9.tmp deleted successfully.
C:\WINDOWS\System32\SETEA.tmp deleted successfully.
C:\WINDOWS\System32\SETEB.tmp deleted successfully.
C:\WINDOWS\System32\SETEC.tmp deleted successfully.
C:\WINDOWS\System32\SETEE.tmp deleted successfully.
C:\WINDOWS\System32\SETEF.tmp deleted successfully.
C:\WINDOWS\System32\SETF0.tmp deleted successfully.
C:\WINDOWS\System32\SETF1.tmp deleted successfully.
C:\WINDOWS\System32\SETF9D.tmp deleted successfully.
C:\WINDOWS\System32\SETF9E.tmp deleted successfully.
C:\WINDOWS\System32\SETFA1.tmp deleted successfully.
C:\WINDOWS\System32\SETFA6.tmp deleted successfully.
C:\WINDOWS\System32\SETFD8.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET13.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET14.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET15.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET16.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET17.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET18.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET19.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET202.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET20A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET21.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET215.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET21D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET22.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET222.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET228.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET24.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET26.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET27.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET28.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET29.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET2C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET2E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET30.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET31.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET32.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET34.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET35.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET36.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET37.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET38.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET39.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET40.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET42.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET43.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET44.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET46.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET49.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET86.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET91.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET99.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET9E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETA4.tmp deleted successfully.
C:\WINDOWS\Fonts\SET465.tmp deleted successfully.
C:\WINDOWS\Fonts\SET466.tmp deleted successfully.
C:\WINDOWS\Fonts\SET467.tmp deleted successfully.
C:\WINDOWS\Fonts\SET468.tmp deleted successfully.
C:\WINDOWS\Fonts\SET469.tmp deleted successfully.
C:\WINDOWS\Fonts\SET46A.tmp deleted successfully.
C:\WINDOWS\Fonts\SET933.tmp deleted successfully.
C:\WINDOWS\Fonts\SET934.tmp deleted successfully.
C:\WINDOWS\Fonts\SET935.tmp deleted successfully.
C:\WINDOWS\Fonts\SET936.tmp deleted successfully.
C:\WINDOWS\Fonts\SET937.tmp deleted successfully.
C:\WINDOWS\Fonts\SET938.tmp deleted successfully.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\003082_.tmp deleted successfully.
C:\WINDOWS\003922_.tmp deleted successfully.
C:\WINDOWS\003929_.tmp deleted successfully.
C:\WINDOWS\003936_.tmp deleted successfully.
C:\WINDOWS\006724_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET45B.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\SET929.tmp deleted successfully.
C:\WINDOWS\SETD.tmp deleted successfully.

Continued next post.

DonD · Nov 14, 2011

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint folder moved successfully.
C:\Documents and Settings\Don DeVoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Don DeVoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Don DeVoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Don DeVoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Don DeVoto\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Don DeVoto\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Don DeVoto\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.D6029711
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.datalink
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: All Users.WINDOWST

User: Default User
->Temp folder emptied: 42868 bytes
->Temporary Internet Files folder emptied: 126833 bytes

User: Default User.WINDOWST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: don
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Don DeVoto
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10734488 bytes
->Java cache emptied: 27023607 bytes
->Flash cache emptied: 3371968 bytes

User: don.datalink
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 300 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2490435 bytes
->Flash cache emptied: 3889 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 16590054 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 36143 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.D6029711

User: Administrator.datalink

User: All Users

User: All Users.WINDOWST

User: Default User

User: Default User.WINDOWST

User: don

User: Don DeVoto
->Flash cache emptied: 0 bytes

User: don.datalink
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11142011_075141

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

*Note* - When the program asked to reboot the computer it seemed to lock up while shutting down. After it logged me off it seemed to hang up on a blank blue screen. I let it sit there for about 10 minutes before I ended up pressing the power button and rebooting it myself.

Here is the log from SecurityCheck:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 29
Adobe Flash Player ( 9.0.124.0) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

The OTC program ran fine and the ESET scan found no threats.

Anything else I should do?

Thanks,

Don

Broni · Nov 14, 2011

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

DonD · Nov 15, 2011

Thank You!

Hi Broni,

My computer seems to be doing fine now, thanks to you. Thank you so much for your help! I sent you a donation via PayPal.

Thanks again for your time and effort!

Don

Broni · Nov 15, 2011

Way to go!!

Good luck and stay safe

...and thank you

Solved Iexplore running in background, website redirection

DonD

Posts: 21 +0

Broni

Posts: 56,041 +516

DonD

Posts: 21 +0

DonD

Posts: 21 +0

DonD

Posts: 21 +0

Broni

Posts: 56,041 +516

DonD

Posts: 21 +0

DonD

Posts: 21 +0

DonD

Posts: 21 +0

Broni

Posts: 56,041 +516

DonD

Posts: 21 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts