1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved C:\PROGRA~1\SOFTWA~1\soproc.exe

Discussion in 'Malware and Virus Removal Archive' started by JTee, 2009/09/07.

Page 3 of 3
  1. 2009/09/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll

    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
      Since those are pretty big files, you can attach them, if you wish.
     
    broni,
    #41
  2. 2009/09/25
    JTee

    JTee Well-Known Member Thread Starter

    Joined:
    2009/09/07
    Messages:
    216
    Likes Received:
    0
    Thanks Broni; here the 1st one (By the way, how do I attach to a post?):

    OTL Extras logfile created on: 9/25/2009 8:38:03 PM - Run 1
    OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joyce Redmond\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    766.80 Mb Total Physical Memory | 360.77 Mb Available Physical Memory | 47.05% Memory free
    1.83 Gb Paging File | 1.42 Gb Available in Paging File | 77.49% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 16.90 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JAYETEE
    Current User Name: Joyce Redmond
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
    "{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{14735B76-8B33-4DB9-A548-9918B7A2C41E}" = Microsoft Windows SDK for Windows Server 2008 Samples (6001.18000.367)
    "{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
    "{19AFC1C2-B11B-3FFF-9C9F-05761BC244D9}" = Windows SDK Intellidocs
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
    "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
    "{3A50302D-3AAC-4B5B-918A-5FDA9ABB0F44}" = Microsoft Windows SDK for Windows Server 2008 .NET Documentation (6001.18000.367)
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
    "{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
    "{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6675E70B-9843-4971-BC15-18AB52801134}" = Dragon*Point*&*Speak 6.0
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6C518CC0-5CF1-481B-AB35-9BE5024DC106}" = Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367)
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6ED32BB5-56B6-4317-A2D1-98A8313C3BAF}" = Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
    "{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = The Sims Unleashed
    "{7FC2AF73-10ED-404E-84A8-636B452404FD}" = Realtek RTL8139 Diagnostics Program
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5B3FDE-62E1-4391-BBA0-0E4242AD9577}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (6001.18000.367)
    "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{91E8A85F-2960-40ED-BA84-7F4567BB00C0}" = Dell | Support
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
    "{9BAED673-5D51-481E-B1E0-FB2E5039260B}" = Microsoft Windows SDK Intellisense and Reference Assemblies (6001.18000.367)
    "{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A431744A-553F-4FC0-AF91-BCA47C7E0949}" = Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367)
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
    "{B46C272F-8B7A-402A-9915-8B0463F035DC}" = Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367)
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B7EC89B3-2B8C-44A9-815C-135F391068B0}" = Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367)
    "{BBCBA2A0-F0E5-4EA8-AAC0-CF1DC592221E}" = Microsoft VC Redist 2008 (6001.18000.367)
    "{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BF61D7A1-E894-4E3D-9129-B8D44B51FF94}" = Microsoft Windows SDK for Windows Server 2008 Win32 Documentation (6001.18000.367)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
    "{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
    "{CD590618-36BD-0710-AC86-F3B3C4AF201E}" = Microsoft Windows SDK .NET Framework Tools
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DA82F00E-7294-40E7-B7A6-60B4C16C605E}" = Visual Studio.NET Baseline - English
    "{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
    "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
    "{DE5BFF9C-84D1-4B09-9C20-54633044CB85}" = Watchtower Library 2008 - English
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
    "{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
    "{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    "{FF4D08B0-5098-4C4A-B801-42F3B1F9FE07}" = Microsoft Document Explorer 2008 (6001.18000.367)
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AskSBar Uninstall" = Ask Toolbar
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
    "Comodo HopSurf Toolbar" = Comodo HopSurf
    "COMODO Internet Security" = COMODO Internet Security
    "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
    "FoxyTunesForFirefox" = FoxyTunes for Firefox
    "Google Updater" = Google Updater
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Network Play System (Patching)" = Network Play System (Patching)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "RealPlayer 6.0" = RealPlayer
    "SDKSetup_6.0.6001.18000" = Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
    "SpeedBit Toolbar" = SpeedBit Toolbar
    "SpeedBit Video Accelerator" = SpeedBit Video Accelerator
    "SpeedBit Video Downloader" = SpeedBit Video Downloader
    "VTech IS6110 Software for AIM_is1" = VTech IS6110 Software for AIM v1.0.4.2
    "WildTangent CDA" = WildTangent Web Driver
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMCSetup" = Windows Media Connect
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works2002Setup" = Microsoft Works 2002 Setup Launcher
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Internet Mail" = Yahoo! Internet Mail
    "Yahoo! Mail AutoComplete" = Yahoo! Address AutoComplete
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/24/2009 11:52:19 PM | Computer Name = JAYETEE | Source = MSDTC | ID = 4437
    Description = The account that the MS DTC service is running under is invalid. This
    can happen if the service account information has been changed using the Services
    snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
    start. Please make sure that the MS DTC service account information is updated using
    the Component Services Explorer.

    Error - 9/24/2009 11:52:29 PM | Computer Name = JAYETEE | Source = COM+ | ID = 135761
    Description = The run-time environment has detected an inconsistency in its internal
    state. This indicates a potential instability in the process that could be caused
    by the custom components running in the COM+ application, the components they make
    use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\txprop\dtcinfo.cpp(158),
    hr = 8000ffff: TransactionManager->GetWhereaboutsSi

    Error - 9/25/2009 1:27:00 PM | Computer Name = JAYETEE | Source = MSDTC | ID = 4437
    Description = The account that the MS DTC service is running under is invalid. This
    can happen if the service account information has been changed using the Services
    snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
    start. Please make sure that the MS DTC service account information is updated using
    the Component Services Explorer.

    Error - 9/25/2009 1:27:07 PM | Computer Name = JAYETEE | Source = COM+ | ID = 135761
    Description = The run-time environment has detected an inconsistency in its internal
    state. This indicates a potential instability in the process that could be caused
    by the custom components running in the COM+ application, the components they make
    use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\txprop\dtcinfo.cpp(158),
    hr = 8000ffff: TransactionManager->GetWhereaboutsSi

    Error - 9/25/2009 4:21:01 PM | Computer Name = JAYETEE | Source = MSDTC | ID = 4437
    Description = The account that the MS DTC service is running under is invalid. This
    can happen if the service account information has been changed using the Services
    snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
    start. Please make sure that the MS DTC service account information is updated using
    the Component Services Explorer.

    Error - 9/25/2009 4:21:11 PM | Computer Name = JAYETEE | Source = COM+ | ID = 135761
    Description = The run-time environment has detected an inconsistency in its internal
    state. This indicates a potential instability in the process that could be caused
    by the custom components running in the COM+ application, the components they make
    use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\txprop\dtcinfo.cpp(158),
    hr = 8000ffff: TransactionManager->GetWhereaboutsSi

    Error - 9/25/2009 7:21:18 PM | Computer Name = JAYETEE | Source = MSDTC | ID = 4437
    Description = The account that the MS DTC service is running under is invalid. This
    can happen if the service account information has been changed using the Services
    snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
    start. Please make sure that the MS DTC service account information is updated using
    the Component Services Explorer.

    Error - 9/25/2009 7:21:36 PM | Computer Name = JAYETEE | Source = COM+ | ID = 135761
    Description = The run-time environment has detected an inconsistency in its internal
    state. This indicates a potential instability in the process that could be caused
    by the custom components running in the COM+ application, the components they make
    use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\txprop\dtcinfo.cpp(158),
    hr = 8000ffff: TransactionManager->GetWhereaboutsSi

    Error - 9/25/2009 8:48:19 PM | Computer Name = JAYETEE | Source = MSDTC | ID = 4437
    Description = The account that the MS DTC service is running under is invalid. This
    can happen if the service account information has been changed using the Services
    snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
    start. Please make sure that the MS DTC service account information is updated using
    the Component Services Explorer.

    Error - 9/25/2009 8:48:29 PM | Computer Name = JAYETEE | Source = COM+ | ID = 135761
    Description = The run-time environment has detected an inconsistency in its internal
    state. This indicates a potential instability in the process that could be caused
    by the custom components running in the COM+ application, the components they make
    use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\txprop\dtcinfo.cpp(158),
    hr = 8000ffff: TransactionManager->GetWhereaboutsSi

    [ System Events ]
    Error - 9/25/2009 7:21:51 PM | Computer Name = JAYETEE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdudf_xp

    Error - 9/25/2009 7:21:51 PM | Computer Name = JAYETEE | Source = Service Control Manager | ID = 7031
    Description = The COM+ System Application service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 9/25/2009 8:48:09 PM | Computer Name = JAYETEE | Source = NETLOGON | ID = 3095
    Description = This computer is configured as a member of a workgroup, not as a member
    of a domain. The Netlogon service does not need to run in this configuration.

    Error - 9/25/2009 8:48:31 PM | Computer Name = JAYETEE | Source = Service Control Manager | ID = 7000
    Description = The Lexmark X73 MFP Scanner service failed to start due to the following
    error: %%2

    Error - 9/25/2009 8:48:31 PM | Computer Name = JAYETEE | Source = Service Control Manager | ID = 7023
    Description = The Windows Driver Foundation - User-mode Driver Framework service
    terminated with the following error: %%31

    Error - 9/25/2009 8:48:31 PM | Computer Name = JAYETEE | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 9/25/2009 8:48:31 PM | Computer Name = JAYETEE | Source = Service Control Manager | ID = 7000
    Description = The SeaPort service failed to start due to the following error: %%3

    Error - 9/25/2009 8:48:31 PM | Computer Name = JAYETEE | Source = Service Control Manager | ID = 7001
    Description = The Windows Media Player Network Sharing Service service depends on
    the Universal Plug and Play Device Host service which failed to start because of
    the following error: %%0

    Error - 9/25/2009 8:48:34 PM | Computer Name = JAYETEE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdudf_xp

    Error - 9/25/2009 8:48:34 PM | Computer Name = JAYETEE | Source = Service Control Manager | ID = 7031
    Description = The COM+ System Application service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.


    < End of report >
     
    JTee,
    #42


  3. to hide this advert.

  4. 2009/09/25
    JTee

    JTee Well-Known Member Thread Starter

    Joined:
    2009/09/07
    Messages:
    216
    Likes Received:
    0
    The OTL report is too long please tell me how to attach it.
     
    JTee,
    #43
  5. 2009/09/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can't attach files on this board.
    Split the log between couple of replies.
     
    broni,
    #44
  6. 2009/09/27
    JTee

    JTee Well-Known Member Thread Starter

    Joined:
    2009/09/07
    Messages:
    216
    Likes Received:
    0
    OTL logfile created on: 9/25/2009 8:38:03 PM - Run 1
    OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joyce Redmond\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    766.80 Mb Total Physical Memory | 360.77 Mb Available Physical Memory | 47.05% Memory free
    1.83 Gb Paging File | 1.42 Gb Available in Paging File | 77.49% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 16.90 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JAYETEE
    Current User Name: Joyce Redmond
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2009/09/21 20:38:15 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2001/10/12 00:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
    PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    PRC - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    PRC - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2002/01/05 09:00:37 | 00,315,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    PRC - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    PRC - [2006/06/02 01:52:58 | 00,339,456 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe
    PRC - [2009/08/24 23:09:22 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    PRC - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
    PRC - [2009/08/24 23:09:22 | 00,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
    PRC - [2009/09/21 20:38:28 | 01,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    PRC - [2009/08/24 23:09:22 | 01,443,432 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    PRC - [2009/07/25 08:21:18 | 02,754,048 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.EXE
    PRC - [2007/12/23 16:25:04 | 00,036,864 | ---- | M] (VTech) -- C:\Program Files\VTech\IMPhone\AIM\VTechAudioSwitch.exe
    PRC - [2008/01/25 12:29:02 | 00,401,408 | ---- | M] (VTech) -- C:\Program Files\VTech\IMPhone\AIM\IMPhone.exe
    PRC - [2001/08/07 22:06:46 | 00,073,784 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\MSWorks.exe
    PRC - [2009/09/25 20:34:45 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joyce Redmond\Desktop\OTL.exe
    PRC - [2009/04/29 14:37:48 | 10,735,616 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

    ========== Win32 Services (SafeList) ==========

    SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
    SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [Auto | Running])
    SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
    SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
    SRV - [2009/09/21 20:38:15 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
    SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
    SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
    SRV - [2009/03/25 09:42:15 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
    SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
    SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [Auto | Running])
    SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
    SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
    SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
    SRV - [2001/10/12 00:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
    SRV - [2002/01/05 09:00:37 | 00,315,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
    SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Auto | Running])
    SRV - [2006/06/02 01:52:58 | 00,339,456 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe -- (O&O Defrag [Auto | Running])
    SRV - File not found -- -- (SeaPort [Auto | Stopped])
    SRV - [2009/08/24 23:09:22 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService [Auto | Running])
    SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
    SRV - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 08 C0 9D 43 25 CA 01 [binary data]
    IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========
     
    JTee,
    #45
  7. 2009/09/27
    JTee

    JTee Well-Known Member Thread Starter

    Joined:
    2009/09/07
    Messages:
    216
    Likes Received:
    0
    2nd Part of OTL:

    FF - prefs.js..browser.search.defaultenginename: "Bing "
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q= "
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc "
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157 "
    FF - prefs.js..extensions.enabledItems: {1DA0528B-1DD8-4167-BFAF-E0EF94939F93}:0.9.0.47
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
    FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.1
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
    FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q= "
    FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
    FF - prefs.js..keyword.URL: "about:neterror?e=query&u= "


    FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/09/12 20:36:27 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/24 21:59:54 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/19 14:22:11 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 [2009/09/20 16:35:58 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/14 09:07:14 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/14 09:07:14 | 00,000,000 | ---D | M]

    [2008/11/19 17:57:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Extensions
    [2008/11/19 17:57:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/09/24 10:04:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions
    [2009/08/24 23:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/02/16 17:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/07/21 11:15:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
    [2009/08/05 10:19:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    [2009/01/14 22:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/09/21 22:59:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2009/09/04 22:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(2)
    [2009/09/05 13:40:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2009/09/04 22:24:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2)
    [2009/09/04 22:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}(2)
    [2009/09/01 10:16:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\mozilla\Firefox\Profiles\98uztr17.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
    [2009/08/24 13:40:09 | 00,002,163 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Application Data\Mozilla\FireFox\Profiles\98uztr17.default\searchplugins\bing.xml
    [2009/09/21 21:06:35 | 00,001,148 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Application Data\Mozilla\FireFox\Profiles\98uztr17.default\searchplugins\dictionarycom.xml
    [2009/09/21 21:06:35 | 00,001,161 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Application Data\Mozilla\FireFox\Profiles\98uztr17.default\searchplugins\referencecom---encyclopedia.xml
    [2009/09/21 21:06:35 | 00,001,094 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Application Data\Mozilla\FireFox\Profiles\98uztr17.default\searchplugins\thesauruscom.xml
    [2009/09/24 10:04:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/09/14 09:07:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2007/10/16 19:27:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    [2008/12/19 14:22:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    [2009/08/29 22:51:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    [2009/09/14 09:06:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/09/14 09:06:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/03/21 13:52:08 | 00,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
    [2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
    [2007/04/24 11:36:16 | 01,452,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
    [2009/09/14 09:06:59 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2007/09/12 20:49:28 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
    [2009/07/23 23:19:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2009/07/23 23:19:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2009/07/23 23:19:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2009/07/23 23:19:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2009/07/23 23:19:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2009/07/23 23:19:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2009/07/23 23:19:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
    [2007/09/12 20:50:23 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
    [2007/09/12 20:48:43 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
    [2007/03/09 16:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
    [2009/09/14 09:07:02 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2009/09/14 09:07:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/09/14 09:07:03 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/09/14 09:07:03 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2009/09/14 09:07:03 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/09/14 09:07:03 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/09/14 09:07:03 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Dictionary.com) - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll ()
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (SPEEDBIT1 Class) - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll ()
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
    O3 - HKLM\..\Toolbar: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll ()
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
    O3 - HKLM\..\Toolbar: (SpeedBit) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
    O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
    O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [VTech IS6110 Software] C:\Program Files\VTech\IMPhone\AIM\IMPhone.exe (VTech)
    O4 - HKCU..\Run: [VTechAudioSwitch] C:\Program Files\VTech\IMPhone\AIM\VTechAudioSwitch.exe (VTech)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
    O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
    O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm ()
    O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165111283812 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} http://dictionary.reference.com/tools/toolbar/lexico.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 () - http://images.google.com/images?q=tbn:EHxvI8b7eIAJ:solarraven.com/rainbowbar2.jpg
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2001/11/15 05:31:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

    NetSvcs: 6to4 - Service key not found. File not found
    NetSvcs: Ias - Service key not found. File not found
    NetSvcs: Iprip - Service key not found. File not found
    NetSvcs: Irmon - Service key not found. File not found
    NetSvcs: NWCWorkstation - Service key not found. File not found
    NetSvcs: Nwsapagent - Service key not found. File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - Service key not found. File not found
    NetSvcs: Ip6FwHlp - Service key not found. File not found
    NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

    ========== Files/Folders - Created Within 14 Days ==========

    [2 C:\Documents and Settings\Joyce Redmond\My Documents\*.tmp files]
    [2100/02/23 15:35:34 | 00,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
    [2100/02/08 16:53:34 | 00,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
    [2100/02/08 16:03:54 | 00,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
    [2009/09/25 20:36:56 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Joyce Redmond\Desktop\~$OTL.doc
    [2009/09/25 20:34:42 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joyce Redmond\Desktop\OTL.exe
    [2009/09/25 20:34:11 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\Desktop\OTL.doc
    [2009/09/25 14:42:54 | 00,253,952 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\ANDRES LION FAMILY.doc
    [2009/09/24 14:09:17 | 00,004,150 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\Desktop\DrWeb2.csv
    [2009/09/24 14:09:17 | 00,004,078 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\Desktop\DrWeb.csv
    [2009/09/24 08:43:55 | 00,004,150 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\DrWeb2.csv
    [2009/09/24 08:40:56 | 00,004,078 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\DrWeb.csv
    [2009/09/23 22:11:49 | 17,566,488 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Joyce Redmond\Desktop\drweb-cureit.exe
    [2009/09/23 22:09:10 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\Desktop\Doubleclick the drweb.doc
    [2009/09/22 22:45:21 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\It says.doc
    [2009/09/21 23:41:30 | 00,280,282 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\gmer.zip
    [2009/09/21 23:04:36 | 00,000,000 | ---D | C] -- C:\Program Files\WOT
    [2009/09/21 22:59:42 | 00,976,384 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\WOT-latest-en.msi
    [2009/09/21 21:40:49 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\Desktop\WindowsBBS Post 33.lnk
    [2009/09/21 21:06:16 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joyce Redmond\My Documents\TFC.exe
    [2009/09/21 21:00:43 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\~$ndowsBBS Post 33.doc
    [2009/09/21 20:43:42 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\WindowsBBS Post 33.doc
    [2009/09/20 21:11:09 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Hijackthis post 31.doc
    [2009/09/20 20:24:29 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Print this post out pos_30.doc
    [2009/09/20 20:17:20 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Ltr to Dept of Education.doc
    [2009/09/20 16:50:24 | 01,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2009/09/20 16:49:22 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    [2009/09/20 16:35:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joyce Redmond\Application Data\Comodo
    [2009/09/20 16:33:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
    [2009/09/20 16:33:03 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
    [2009/09/20 16:33:02 | 00,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
    [2009/09/20 16:33:02 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2009/09/20 16:33:02 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
    [2009/09/20 16:32:58 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2009/09/20 16:31:17 | 40,493,328 | ---- | C] (COMODO) -- C:\Documents and Settings\Joyce Redmond\My Documents\CIS_Setup_3.11.108364.552_XP_Vista_x32.exe
    [2009/09/20 15:26:49 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Imperial Majesty_Caribbean Cruise Lines 2nd Complaint Ltr.doc
    [2009/09/20 10:46:42 | 80,932,896 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/09/20 10:46:42 | 00,922,004 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2009/09/20 10:46:23 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\33723841.sys
    [2009/09/20 10:46:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joyce Redmond\My Documents\Virus Removal Tool
    [2009/09/20 10:40:14 | 44,531,248 | ---- | C] ( ) -- C:\Documents and Settings\Joyce Redmond\My Documents\setup_7.0.0.290_20.09.2009_21-31.exe
    [2009/09/18 20:20:03 | 03,020,948 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\Desktop\DSC03092.JPG
    [2009/09/18 11:52:53 | 00,000,873 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\Desktop\Petition to Change Manner in Whch Covered Parking Stalls are assigned.lnk
    [2009/09/18 11:17:27 | 00,926,038 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Grimes 1930 Census Pg 9.jpg
    [2009/09/18 08:52:51 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Petition to Change Manner in Whch Covered Parking Stalls are assigned.doc
    [2009/09/17 22:35:29 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Uninstall Combofix.doc
    [2009/09/17 10:38:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
    [2009/09/17 10:25:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2009/09/17 09:59:32 | 00,000,212 | ---- | C] () -- C:\Boot.bak
    [2009/09/17 09:59:24 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2009/09/17 09:59:20 | 00,000,000 | RHSD | C] -- C:\cmdcons
    [2009/09/17 09:56:04 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2009/09/17 09:56:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2009/09/17 09:56:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2009/09/17 09:56:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2009/09/17 09:56:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/09/17 09:56:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/09/17 09:56:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2009/09/17 09:25:30 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\ComboFix Warning.doc
    [2009/09/14 12:51:54 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\Desktop\1900 Census Ellis.lnk
    [2009/09/13 16:22:14 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Acai Fresh Diet Pill.doc
    [2009/09/12 11:00:04 | 00,055,808 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Sushi Facts.doc
    [2009/09/11 21:24:58 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Combo Fix Instructions.doc

    ========== Files - Modified Within 14 Days ==========

    [2 C:\Documents and Settings\Joyce Redmond\My Documents\*.tmp files]
    [2009/09/25 20:43:01 | 00,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A8396D5-0D6D-4C3F-8DE0-C15C35F9AB02}.job
    [2009/09/25 20:38:11 | 80,932,896 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/09/25 20:37:29 | 01,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2009/09/25 20:36:56 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\~$OTL.doc
    [2009/09/25 20:34:45 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joyce Redmond\Desktop\OTL.exe
    [2009/09/25 20:34:12 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\OTL.doc
    [2009/09/25 20:33:17 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{94830F0C-9F3E-49D6-8D8D-3C9E5EAD509B}.job
    [2009/09/25 20:30:13 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\Microsoft Word.lnk
    [2009/09/25 19:59:02 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-359561344-79857088-3707165984-1006UA.job
    [2009/09/25 18:46:30 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2009/09/25 17:48:27 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2009/09/25 17:48:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/09/25 17:47:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2009/09/25 17:47:41 | 80,411,4432 | -HS- | M] () -- C:\hiberfil.sys
    [2009/09/25 17:47:39 | 00,377,427 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
    [2009/09/25 16:44:16 | 00,922,004 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2009/09/25 16:21:14 | 04,812,032 | -H-- | M] () -- C:\Documents and Settings\Joyce Redmond\Local Settings\Application Data\IconCache.db
    [2009/09/25 14:42:55 | 00,253,952 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\ANDRES LION FAMILY.doc
    [2009/09/25 11:17:07 | 00,043,520 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Job Search Log.xlr
    [2009/09/24 22:59:02 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-359561344-79857088-3707165984-1006Core.job
    [2009/09/24 08:43:55 | 00,004,150 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\DrWeb2.csv
    [2009/09/24 08:43:55 | 00,004,150 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\DrWeb2.csv
    [2009/09/24 08:40:56 | 00,004,078 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\DrWeb.csv
    [2009/09/24 08:40:56 | 00,004,078 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\DrWeb.csv
    [2009/09/23 22:11:49 | 17,566,488 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Joyce Redmond\Desktop\drweb-cureit.exe
    [2009/09/23 22:09:10 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\Doubleclick the drweb.doc
    [2009/09/22 22:45:29 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\It says.doc
    [2009/09/21 22:59:51 | 00,976,384 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\WOT-latest-en.msi
    [2009/09/21 21:43:42 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\WindowsBBS Post 33.lnk
    [2009/09/21 21:06:17 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joyce Redmond\My Documents\TFC.exe
    [2009/09/21 21:00:43 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\~$ndowsBBS Post 33.doc
    [2009/09/21 20:43:43 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\WindowsBBS Post 33.doc
    [2009/09/21 20:39:16 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
    [2009/09/21 20:39:13 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2009/09/21 20:39:11 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
    [2009/09/21 20:39:09 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
    [2009/09/20 21:11:09 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Hijackthis post 31.doc
    [2009/09/20 20:59:42 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Print this post out pos_30.doc
    [2009/09/20 20:19:04 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Ltr to Dept of Education.doc
    [2009/09/20 16:49:22 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    [2009/09/20 16:31:22 | 40,493,328 | ---- | M] (COMODO) -- C:\Documents and Settings\Joyce Redmond\My Documents\CIS_Setup_3.11.108364.552_XP_Vista_x32.exe
    [2009/09/20 15:35:03 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Imperial Majesty_Caribbean Cruise Lines 2nd Complaint Ltr.doc
    [2009/09/20 10:46:09 | 44,531,248 | ---- | M] ( ) -- C:\Documents and Settings\Joyce Redmond\My Documents\setup_7.0.0.290_20.09.2009_21-31.exe
    [2009/09/20 02:00:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
    [2009/09/18 20:20:03 | 03,020,948 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\DSC03092.JPG
    [2009/09/18 12:14:26 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Petition to Change Manner in Whch Covered Parking Stalls are assigned.doc
    [2009/09/18 11:54:08 | 00,000,873 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\Petition to Change Manner in Whch Covered Parking Stalls are assigned.lnk
    [2009/09/17 22:35:29 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Uninstall Combofix.doc
    [2009/09/17 10:37:51 | 00,000,347 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/09/17 10:37:13 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
    [2009/09/17 09:59:32 | 00,000,282 | RHS- | M] () -- C:\BOOT.INI
    [2009/09/17 09:25:30 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\ComboFix Warning.doc
    [2009/09/14 12:53:19 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\Desktop\1900 Census Ellis.lnk
    [2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2009/09/13 17:23:54 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Jaree's Resume.doc
    [2009/09/13 16:23:34 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Acai Fresh Diet Pill.doc
    [2009/09/12 12:35:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2009/09/12 11:00:04 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Sushi Facts.doc
    [2009/09/12 01:30:00 | 00,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Windows Update.job
    [2009/09/11 21:24:59 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Joyce Redmond\My Documents\Combo Fix Instructions.doc

    ========== LOP Check ==========

    [2009/09/20 16:33:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2009/06/18 08:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/04/24 20:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2002/10/07 10:48:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2007/09/19 15:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2002/10/22 19:08:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
    [2009/09/07 23:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
    [2009/09/10 15:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2007/09/23 21:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
    [2009/04/18 14:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juno
    [2004/03/08 12:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0155
    [2002/10/19 21:31:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
    [2005/09/29 19:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
    [2009/04/18 19:04:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    [2009/09/07 20:07:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2008/08/31 17:18:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/09/09 00:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
    [2005/10/23 16:25:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
    [2002/10/07 10:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
    [2009/07/25 08:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2006/12/02 17:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
    [2007/08/08 18:31:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/09/03 09:47:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2009/09/25 18:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2005/06/18 14:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
    [2007/09/12 21:03:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2007/08/10 09:39:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    [2009/09/20 16:35:50 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data
    [2007/09/18 18:18:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\Aim
    [2009/07/29 22:08:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/09/07 20:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\DriverCure
    [2004/11/03 23:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\Earthlink
    [2004/10/30 01:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\EarthLink Toolbar
    [2007/11/13 00:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\FirstClass
    [2005/05/17 00:16:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\Leadertech
    [2007/10/13 20:12:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\LimeWire
    [2008/03/27 03:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\Move Networks
    [2006/10/07 17:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\MSN6
    [2006/11/16 23:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\MSNInstaller
    [2009/09/04 22:34:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\Paltalk
    [2009/09/10 15:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\Uniblue
    [2009/06/06 21:00:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\Watchtower
    [2005/10/23 16:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joyce Redmond\Application Data\You've Got Pictures Screensaver
    [2009/09/12 12:35:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    [2001/08/18 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
    [2009/09/20 02:00:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
    [2009/09/25 17:48:27 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
    [2009/09/24 22:59:02 | 00,000,958 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-359561344-79857088-3707165984-1006Core.job
    [2009/09/25 19:59:02 | 00,001,010 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-359561344-79857088-3707165984-1006UA.job
    [2009/09/25 17:48:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
    [2009/09/25 20:43:01 | 00,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4A8396D5-0D6D-4C3F-8DE0-C15C35F9AB02}.job
    [2009/09/25 20:33:17 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{94830F0C-9F3E-49D6-8D8D-3C9E5EAD509B}.job
    [2009/09/12 01:30:00 | 00,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Update.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2007/05/20 10:07:35 | 21,822,168 | ---- | M] ( ) -- C:\AdbeRdr80_en_US.exe
    [2007/08/05 16:29:41 | 00,591,136 | ---- | M] (McAfee, Inc.) -- C:\DMSetup-Serial.exe
    [2009/09/01 10:09:19 | 08,050,536 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.5.2_1.exe
    [2009/09/05 13:59:26 | 02,028,560 | ---- | M] (VTech ) -- C:\IMPhoneAIM_1.0.4.2_Setup.exe
    [2009/08/31 22:47:29 | 37,724,032 | ---- | M] (Microsoft Corporation) -- C:\mpam-fe.exe
    [2007/05/20 10:06:18 | 07,050,552 | ---- | M] (Adobe Systems, Inc. ) -- C:\psa30se_en_us.exe
    [2007/11/05 13:06:22 | 00,009,728 | ---- | M] () -- C:\SPBlockingTool.exe

    < %systemroot%\system32\eventlog.dll >
    [2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

    < %systemroot%\system32\scecli.dll >
    [2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\netlogon.dll >

    < %systemroot%\system32\cngaudit.dll >

    < %systemroot%\system32\sceclt.dll >

    < %systemroot%\ntelogon.dll >

    < %systemroot%\system32\logevent.dll >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\mscoree.dll:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Joyce Redmond\My Documents\AdbeRdr70_enu_full.exe:SummaryInformation
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >
     
    JTee,
    #46
  8. 2009/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2009/09/17 09:56:04 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/17 09:56:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/17 09:56:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/17 09:56:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/17 09:56:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/17 09:56:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/17 09:56:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #47
  9. 2009/09/27
    JTee

    JTee Well-Known Member Thread Starter

    Joined:
    2009/09/07
    Messages:
    216
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    No active process named explorer.exe was found!
    C:\WINDOWS\PEV.exe moved successfully.
    C:\WINDOWS\SWXCACLS.exe moved successfully.
    C:\WINDOWS\SWREG.exe moved successfully.
    C:\WINDOWS\SWSC.exe moved successfully.
    C:\WINDOWS\sed.exe moved successfully.
    C:\WINDOWS\grep.exe moved successfully.
    C:\WINDOWS\zip.exe moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Anaya
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Anaya.2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Andre Raphael
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: Andre Raphael.2
    ->Temp folder emptied: 20312 bytes
    ->Temporary Internet Files folder emptied: 90616192 bytes

    User: Ayanna
    ->Temp folder emptied: 1349198 bytes
    ->Temporary Internet Files folder emptied: 15257588 bytes
    ->FireFox cache emptied: 0 bytes

    User: Calea
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Chalea
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Dezi
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Dezii
    ->Temp folder emptied: 36680 bytes
    ->Temporary Internet Files folder emptied: 40467809 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jaree Redmond
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: Jaree Redmond.2
    ->Temp folder emptied: 17243 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes

    User: Joyce Redmond
    ->Temp folder emptied: 27946756 bytes
    ->Temporary Internet Files folder emptied: 31488175 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 35297023 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 355690 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: MeRa
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mykael

    User: Mykael.JAYETEE
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: Nadja Redmond
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Nadja Redmond.2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33214 bytes

    User: Nikael Redmond
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: Nikael Redmond.2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 115564 bytes
    RecycleBin emptied: 934821 bytes

    Total Files Cleaned = 232.70 mb


    OTL by OldTimer - Version 3.0.14.0 log created on 09272009_145954

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    There are about two dozen temporary files on my desktop after this process.
    Also, I wonder if the problem may have to do with VTech, which I removed from my Add/Remove programs however before this error about svchost ever presented itself, however all components from the Vtech were not removed it stated & they'd have to be removed manually. I removed it because I do not have VoIP. This removal was done before I came to WindowsBSS for help I believe.
     
    JTee,
    #48
  10. 2009/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can delete all of them.
    What are the current issues after running OTL?
     
    broni,
    #49
  11. 2009/09/27
    JTee

    JTee Well-Known Member Thread Starter

    Joined:
    2009/09/07
    Messages:
    216
    Likes Received:
    0
    The same svchost.exe - application error re: instruction @ox7c91b21a referenced memory @ 0100000010. The memory cound not be written. And a new one: "IMLiveUpdate component 'MSWINSCK.OCX' or one of it's dependencies not correctly registered. A file is missing or invalid. "
     
    JTee,
    #50
  12. 2009/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is definitely clean, so I'll have to mark this thread as resolved and I'll ask you to repost your problem under Windows section.
    This is pretty much all, we can do in malware forum.
     
    broni,
    #51
  13. 2009/09/27
    JTee

    JTee Well-Known Member Thread Starter

    Joined:
    2009/09/07
    Messages:
    216
    Likes Received:
    0
    Thank you So very much, Broni!!
     
    JTee,
    #52
  14. 2009/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #53
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...