Solved Google redirect/iexplore.exe respawn following XP restore fix

OTL Part 1

OTL logfile created on: 7/13/2011 1:40:09 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\mdoherty.COCOPAVING\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 394.34 Mb Available Physical Memory | 38.84% Memory free
2.39 Gb Paging File | 1.93 Gb Available in Paging File | 81.07% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 11.94 Gb Free Space | 16.03% Space Free | Partition Type: NTFS

Computer Name: LAFARGE-866D4EF | User Name: mdoherty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 20:35:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\OTL.exe
PRC - [2011/06/22 10:29:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/10 10:47:40 | 001,839,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/07 12:08:48 | 001,893,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/03/07 12:06:52 | 001,459,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/02/23 10:51:20 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
PRC - [2011/02/03 19:30:52 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/02/03 19:30:32 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/02/03 16:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/05/12 03:11:50 | 001,523,712 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
PRC - [2008/05/12 03:09:14 | 000,163,840 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/01 11:26:28 | 000,796,672 | ---- | M] (Xerox Corporation) -- C:\Program Files\xerox\WorkCentre C2424\xc24bgts.exe
PRC - [2004/09/17 16:13:00 | 000,117,248 | ---- | M] () -- C:\WINDOWS\system32\xnetsrvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/12 20:35:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\OTL.exe
MOD - [2007/02/16 10:28:12 | 000,061,440 | ---- | M] (Altiris, Inc.) -- C:\WINDOWS\system32\AMInit.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/10 10:47:40 | 001,839,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/03/07 12:08:48 | 001,893,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/02/23 10:51:20 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/18 16:51:34 | 000,357,792 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/02/03 19:30:32 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/02/03 19:30:32 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/01/19 23:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/02/03 16:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/05/12 03:11:50 | 001,523,712 | ---- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)


========== Driver Services (SafeList) ==========

DRV - [2011/06/27 10:18:42 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/06/15 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110712.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/15 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/15 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/15 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110712.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/08 17:44:32 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/08 17:44:32 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/03/08 17:44:32 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/07 12:08:50 | 000,099,744 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/03/07 12:07:36 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/12/10 15:48:54 | 000,067,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/10/28 15:16:42 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/18 15:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/03 16:23:46 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2007/06/28 15:11:36 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2006/08/21 16:55:02 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/28 18:05:00 | 000,087,808 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sharepoint.cocopaving.com/
IE - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://netscape.aol.com/ "
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.5.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 09:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 11:57:19 | 000,000,000 | ---D | M]

[2010/03/23 08:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Mozilla\Extensions
[2011/07/12 20:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Mozilla\Firefox\Profiles\v8l8eajm.default\extensions
[2011/06/30 07:54:45 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Mozilla\Firefox\Profiles\v8l8eajm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/07/12 20:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Mozilla\Firefox\Profiles\v8l8eajm.default\extensions\staged
[2011/07/04 11:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 10:49:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/04 09:58:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/22 10:29:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/11 02:28:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LafargeInfo] C:\ADMIN\LUS\BGInfo\Bginfo.exe (Sysinternals)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Xerox_WorkCenter_C2424] C:\Program Files\Xerox\WorkCentre C2424\xc24bgts.exe (Xerox Corporation)
O4 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\..Trusted Domains: alphakor.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\..Trusted Domains: cocogroup.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\..Trusted Domains: cocogroup.com ([vpn] https in Trusted sites)
O15 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\..Trusted Domains: cocopaving.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\..Trusted Domains: lafarge.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\..Trusted Domains: lafarge.com ([*.na] * in Trusted sites)
O15 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\..Trusted Domains: lafarge.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-427003120-2886712138-3454175278-1706\..Trusted Domains: lafarge.net ([*.na] * in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://vpn.cocogroup.com/+CSCOL+/relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188319079640 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} http://pd9.cocopaving.com/jde/axctls/jdeexpimpU.cab (JDEExcelAutoU Control)
O16 - DPF: Extensity Client https://c164.extensity-hosting.com:10165/weblib/ext40.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.209.64.20 66.209.64.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cocopaving.com
O20 - AppInit_DLLs: (C:\WINDOWS\system32\AMInit.dll) - C:\WINDOWS\system32\AMInit.dll (Altiris, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\BGInfo.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\BGInfo.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/11 20:50:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 20:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/07/12 20:35:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\OTL.exe
[2011/07/11 02:31:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/10 22:06:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/10 21:41:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/10 21:33:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/10 21:33:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/10 21:33:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/10 21:33:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/10 21:33:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/10 21:32:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/10 21:28:36 | 004,139,126 | R--- | C] (Swearware) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\ComboFix.exe
[2011/07/09 21:55:28 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\FixTDSS.exe
[2011/07/07 11:13:55 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\tdsskiller.exe
[2011/07/06 11:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\The Weathernetwork
[2011/07/05 12:21:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/07/05 12:20:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/07/05 12:14:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/07/05 08:33:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\My Documents\My Videos
[2011/07/05 08:33:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Start Menu\Programs\Administrative Tools
[2011/07/05 08:31:11 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\dds.scr
[2011/07/04 16:35:00 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/04 16:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/04 15:32:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Recent
[2011/07/04 15:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/04 15:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/04 15:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\bootkit_remover
[2011/07/04 14:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/07/04 14:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/07/04 14:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/07/04 12:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\stteles west
[2011/07/04 12:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/04 12:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/07/04 12:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/04 12:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\My Documents\Simply Super Software
[2011/07/04 12:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011/07/04 12:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011/07/04 12:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Simply Super Software
[2011/07/04 12:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/07/04 09:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\SUPERAntiSpyware.com
[2011/07/04 09:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/04 09:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Start Menu\Programs\SUPERAntiSpyware
[2011/07/04 09:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/04 08:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/06/30 13:56:47 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\5897679.sys
[2011/06/30 13:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Virus Removal Tool1
[2011/06/30 13:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/06/30 13:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/06/30 13:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/06/30 07:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\QuickScan
[2011/06/29 14:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/29 11:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/06/29 11:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/06/29 11:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Local Settings\Application Data\Microsoft_Corporation
[2011/06/29 09:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/06/29 09:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Coco Golf INvites 2011
[2011/06/28 16:02:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/06/28 16:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CanoScan LiDE 70
[2011/06/28 16:02:43 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/06/28 16:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2011/06/27 10:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Local Settings\Application Data\Symantec
[2011/06/27 10:28:04 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/06/27 10:19:25 | 000,357,792 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\Sysfer.dll
[2011/06/27 10:19:24 | 000,099,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/06/27 10:18:06 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/06/27 10:18:06 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/06/27 10:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2011/06/27 10:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/06/27 09:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/27 09:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/27 09:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Local Settings\Application Data\PackageAware
[2011/06/27 08:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Symantec_Endpoint_Protection_11.0.6_MP3_Xplat_EN_DVD
[2011/06/24 14:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/21 12:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Billy Bishop
[2011/06/21 08:50:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/06/21 08:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/21 08:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/17 08:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\bookmarks
[2011/06/14 17:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/06/14 16:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Malwarebytes
[2011/06/14 16:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/14 16:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/12 20:35:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\OTL.exe
[2011/07/12 19:32:36 | 000,000,271 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/12 13:14:58 | 005,880,054 | ---- | M] () -- C:\WINDOWS\BGInfo.bmp
[2011/07/12 13:14:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/12 13:14:15 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/07/12 13:13:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/12 13:13:20 | 1064,755,200 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 02:28:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/10 21:41:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/10 21:28:47 | 004,139,126 | R--- | M] (Swearware) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\ComboFix.exe
[2011/07/09 21:55:28 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\FixTDSS.exe
[2011/07/07 11:14:02 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\tdsskiller.exe
[2011/07/05 15:54:19 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Microsoft Streets & Trips 2008.lnk
[2011/07/05 13:25:22 | 000,460,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/05 13:25:21 | 000,079,232 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/05 12:25:16 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/05 12:22:03 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Internet Explorer Troubleshooting.url
[2011/07/05 12:20:57 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/05 08:31:20 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\dds.scr
[2011/07/05 08:30:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\MBR.dat
[2011/07/04 16:35:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 16:11:24 | 004,792,030 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\TP-YD-27 - Addendum 1 June 28 2011 - combined.pdf
[2011/07/04 15:20:44 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/04 12:29:10 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/04 12:29:09 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/04 12:15:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011/07/04 10:16:55 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\bootkit_remover.rar
[2011/07/04 09:01:25 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/04 08:23:24 | 000,094,582 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\2011-0410 dIXIE AND dUNDAS SITE - COCO LETTER.pdf
[2011/07/04 08:22:45 | 000,560,139 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Dixie and Dundas Bid Form.pdf
[2011/06/30 15:27:26 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 13:56:01 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/30 13:56:01 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/30 08:01:24 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Local Settings\Application Data\housecall.guid.cache
[2011/06/29 14:54:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/06/29 14:54:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/06/29 11:53:16 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\SpywareBlaster.lnk
[2011/06/29 11:51:35 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\AdwareAway Antimalware.lnk
[2011/06/28 16:01:14 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CanoScan Toolbox 5.0.lnk
[2011/06/28 15:52:49 | 000,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2011/06/28 10:58:03 | 000,002,158 | RHS- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\ntuser.pol
[2011/06/28 10:57:31 | 000,003,244 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/06/27 14:46:42 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/06/27 10:18:42 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/06/27 10:18:42 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/06/27 10:18:42 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/06/27 10:18:42 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 09:56:13 | 000,047,905 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Agreement to Bond - Coco.pdf
[2011/06/23 09:53:16 | 000,362,818 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Scanned Copy - Signed.pdf
[2011/06/23 09:52:49 | 000,366,010 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Scanned Original - Signed.pdf
[2011/06/23 09:49:32 | 000,129,160 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\RFT No[1]. OSS_01199953 (Original).rtf
[2011/06/22 17:03:26 | 000,000,256 | ---- | M] () -- C:\WINDOWS\setup.iss
[2011/06/21 08:47:58 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/21 08:47:58 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Spybot - Search & Destroy.lnk
[2011/06/15 17:33:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/15 17:33:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/15 15:51:07 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Streets & Trips 2008.lnk
[2011/06/15 12:58:40 | 000,001,149 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to OUTLOOK.EXE.lnk
[2011/06/15 11:25:14 | 000,000,371 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2011/06/15 11:25:07 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Uconeer.exe.lnk
[2011/06/15 08:35:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/15 06:02:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

 

OTL Part 2


[2011/07/10 21:33:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/10 21:33:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/10 21:33:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/10 21:33:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/10 21:33:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/09 19:10:36 | 1064,755,200 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/05 12:22:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Internet Explorer Troubleshooting.url
[2011/07/05 12:14:24 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/05 08:30:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\MBR.dat
[2011/07/04 16:35:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 16:11:24 | 004,792,030 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\TP-YD-27 - Addendum 1 June 28 2011 - combined.pdf
[2011/07/04 15:20:44 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/04 12:29:10 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/04 12:29:09 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/04 12:15:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011/07/04 12:15:52 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/07/04 12:15:52 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/07/04 12:15:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/07/04 12:15:52 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/07/04 10:16:57 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\bootkit_remover.rar
[2011/07/04 09:44:32 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2011/07/04 09:01:25 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/04 08:23:19 | 000,094,582 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\2011-0410 dIXIE AND dUNDAS SITE - COCO LETTER.pdf
[2011/07/04 08:22:39 | 000,560,139 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Dixie and Dundas Bid Form.pdf
[2011/06/30 13:56:01 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/30 13:55:54 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/30 08:01:24 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Local Settings\Application Data\housecall.guid.cache
[2011/06/29 14:54:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/06/29 14:54:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/06/29 11:53:16 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\SpywareBlaster.lnk
[2011/06/29 11:51:35 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\AdwareAway Antimalware.lnk
[2011/06/28 16:01:14 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CanoScan Toolbox 5.0.lnk
[2011/06/27 10:18:06 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/06/27 10:18:06 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/06/23 09:56:13 | 000,047,905 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Agreement to Bond - Coco.pdf
[2011/06/23 09:53:04 | 000,362,818 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Scanned Copy - Signed.pdf
[2011/06/23 09:52:46 | 000,366,010 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Scanned Original - Signed.pdf
[2011/06/23 09:11:37 | 000,129,160 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\RFT No[1]. OSS_01199953 (Original).rtf
[2011/06/21 08:47:58 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/21 08:47:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Spybot - Search & Destroy.lnk
[2011/06/15 17:33:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/15 17:33:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/15 17:33:57 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/15 12:58:40 | 000,001,149 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to OUTLOOK.EXE.lnk
[2011/06/15 11:25:14 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2011/06/15 11:25:07 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Uconeer.exe.lnk
[2011/06/15 11:24:56 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Streets & Trips 2008.lnk
[2011/06/15 08:35:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2010/12/09 12:36:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Legacy
[2010/12/09 12:36:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Keyboard Layouts
[2010/11/19 11:42:26 | 000,000,476 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2010/09/15 12:06:10 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 11:30:55 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/05/13 13:01:49 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2009/08/07 11:12:48 | 000,303,104 | R--- | C] () -- C:\WINDOWS\System32\eST3snm.dll
[2009/05/27 10:58:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/05/27 10:51:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/01/30 10:15:29 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/08/29 10:52:10 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/08/29 10:48:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2008/08/08 13:39:26 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\xnetsrvc.exe
[2008/08/08 13:39:26 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\xnetsrvc.dll
[2008/08/08 13:39:18 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\xrxactvt.dll
[2008/06/23 11:40:01 | 000,408,007 | ---- | C] () -- C:\Program Files\DSCN0446 (1536 x 1152).jpg
[2008/06/16 17:00:34 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/06/16 15:49:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/06/16 15:49:04 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/06/16 15:46:52 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/16 14:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/09/07 11:01:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/01 12:48:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007/02/26 17:23:09 | 000,163,925 | ---- | C] () -- C:\WINDOWS\System32\Extensity.exe
[2007/02/25 15:19:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/02/25 15:19:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/09/22 16:40:49 | 000,002,439 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/18 21:56:00 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/09/18 21:29:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2006/09/18 19:06:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/09/18 18:59:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2006/09/18 18:27:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/18 17:49:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006/09/18 17:49:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2006/09/11 20:53:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/09/11 20:46:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/09/11 16:36:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/11 16:35:34 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/06 10:13:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/08/04 01:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 00:56:44 | 000,170,968 | ---- | C] () -- C:\WINDOWS\System32\wzodlg32.dll
[2004/08/03 19:00:18 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\VolSnap.sys_backup
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 08:00:00 | 000,460,726 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 08:00:00 | 000,079,232 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/07 17:24:20 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/22 15:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2008/08/29 10:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/07/04 12:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/27 09:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/07/04 12:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/06/30 07:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/29 10:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/06/15 08:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/24 11:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/12/02 11:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/09/01 11:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/12 20:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2010/01/13 13:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D2A6A317-7450-472F-8C72-17783BD2E5E3}
[2011/07/12 20:36:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2007/08/30 19:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Blackberry Desktop
[2006/09/18 21:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ICAClient
[2007/02/26 13:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Leadertech
[2007/08/28 12:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\OfficeUpdate12
[2007/08/30 19:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITSupport\Application Data\Blackberry Desktop
[2006/09/18 21:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITSupport\Application Data\ICAClient
[2007/02/26 13:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITSupport\Application Data\Leadertech
[2009/08/04 13:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITSupport\Application Data\Minolta
[2007/08/28 12:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITSupport\Application Data\OfficeUpdate12
[2010/03/17 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITSupport\Application Data\Research In Motion
[2011/06/27 09:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\Canon
[2009/12/22 15:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\Cisco
[2008/11/06 16:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\ICAClient
[2007/02/26 13:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\Leadertech
[2009/04/08 13:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\Minolta
[2008/06/16 16:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\NewSoft
[2008/08/29 10:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\Nikon
[2007/08/28 12:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\OfficeUpdate12
[2009/09/10 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\Research In Motion
[2008/06/16 15:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\ScanSoft
[2009/10/14 15:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\SmartDraw
[2008/06/19 10:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MDoherty\Application Data\Viewpoint
[2010/04/13 09:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Blackberry Desktop
[2011/06/28 16:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Canon
[2010/04/13 09:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Heritage Key VX Viewer
[2010/03/23 11:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\ICAClient
[2010/11/19 11:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\iScreensaver
[2007/02/26 13:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Leadertech
[2010/03/17 11:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Minolta
[2011/06/27 09:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\NewSoft
[2007/08/28 12:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\OfficeUpdate12
[2010/12/02 10:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\OpenOffice.org
[2011/06/30 07:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\QuickScan
[2010/03/17 11:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Research In Motion
[2011/07/04 12:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mdoherty.COCOPAVING\Application Data\Simply Super Software
[2011/07/12 13:14:15 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/22 15:31:56 | 000,002,236 | ---- | M] () -- C:\aaw7boot.log
[2008/06/16 14:48:16 | 000,000,476 | ---- | M] () -- C:\AMCleanUp.log
[2006/09/11 20:50:03 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/06/13 16:51:23 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/10 21:41:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2009/08/11 11:34:34 | 000,064,868 | ---- | M] () -- C:\ClrSettings.bin
[2004/08/03 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/07/11 02:37:34 | 000,020,086 | ---- | M] () -- C:\ComboFix.txt
[2006/09/11 20:50:03 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/12 13:13:20 | 1064,755,200 | -HS- | M] () -- C:\hiberfil.sys
[2006/09/11 20:50:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/06/25 18:08:44 | 000,038,342 | ---- | M] () -- C:\LeoPortal_Icon.ico
[2010/12/13 11:35:10 | 000,000,492 | ---- | M] () -- C:\LOG8E7.log
[2006/09/11 20:50:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 07:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/03 07:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2008/11/10 10:21:07 | 000,040,448 | ---- | M] () -- C:\Oakville Self Storage - Lafarge.doc
[2011/07/12 13:13:19 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2011/07/04 12:11:42 | 000,000,419 | ---- | M] () -- C:\rkill.log
[2008/06/16 14:45:35 | 000,000,070 | ---- | M] () -- C:\scs_done.txt
[2011/07/09 21:54:40 | 000,001,403 | ---- | M] () -- C:\serf_conf.txt
[2009/06/10 19:19:45 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2009/07/08 08:47:38 | 000,000,232 | ---- | M] () -- C:\sqmdata01.sqm
[2009/11/07 02:28:14 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2009/11/08 13:58:41 | 000,000,268 | ---- | M] () -- C:\sqmdata03.sqm
[2009/11/08 16:36:58 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm
[2009/06/10 19:19:45 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2009/07/08 08:47:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2009/11/07 02:28:14 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2009/11/08 13:58:41 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2009/11/08 16:36:58 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2011/07/10 07:35:31 | 000,042,536 | ---- | M] () -- C:\TDSSKiller.2.5.9.0_10.07.2011_07.30.14_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/11 20:49:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/19 11:42:28 | 007,017,435 | ---- | M] () -- C:\WINDOWS\LaRue Screen Saver 2009 Saver.SCR
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/06/23 11:40:02 | 000,408,007 | ---- | M] () -- C:\Program Files\DSCN0446 (1536 x 1152).jpg
[2011/07/04 15:11:34 | 000,009,216 | -HS- | M] () -- C:\Program Files\Thumbs.db

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/09/11 16:34:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/09/11 16:34:45 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/09/11 16:34:45 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2007/02/24 19:49:27 | 000,000,097 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\LuResult.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2011/06/22 17:16:27 | 000,005,120 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/07/10 21:28:47 | 004,139,126 | R--- | M] (Swearware) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\ComboFix.exe
[2011/07/09 21:55:28 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\FixTDSS.exe
[2011/07/12 20:35:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\OTL.exe
[1999/03/05 21:26:28 | 000,777,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\PHOTOED.EXE
[2011/07/07 11:14:02 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\tdsskiller.exe
[2003/10/20 01:22:00 | 000,242,176 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Desktop\Uconeer.exe

< %PROGRAMFILES%\Common Files\*.* >
[2005/11/15 15:32:22 | 000,003,638 | R--- | M] () -- C:\Program Files\Common Files\Altiris_Icon.ico

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >
[2008/11/18 10:55:42 | 000,060,744 | ---- | M] () -- C:\WINDOWS\Java\g2mdlhlpx.exe

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/09/11 20:58:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/06/28 10:57:31 | 000,003,244 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/13 01:45:50 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\mdoherty.COCOPAVING\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/04 00:56:58 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 00:56:42 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/03/31 08:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 01:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 12:24:37 | 001,694,208 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2003/03/31 08:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/03/31 08:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/03/31 08:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2011/06/15 08:15:27 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

 

OTL Extras
__________________

OTL Extras logfile created on: 7/13/2011 1:40:09 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\mdoherty.COCOPAVING\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 394.34 Mb Available Physical Memory | 38.84% Memory free
2.39 Gb Paging File | 1.93 Gb Available in Paging File | 81.07% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 11.94 Gb Free Space | 16.03% Space Free | Partition Type: NTFS

Computer Name: LAFARGE-866D4EF | User Name: mdoherty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"2468:TCP" = 2468:TCP:*:Enabled:System Event Dispatcher

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009
"2468:TCP" = 2468:TCP:*:Enabled:System Event Dispatcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe" = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe:*:Enabled:KONICA MINOLTA FTP Utility -- (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
"C:\WINDOWS\system32\xnetsrvc.exe" = C:\WINDOWS\system32\xnetsrvc.exe:*:Enabled:XnetSrvc Module -- ()
"C:\Program Files\Outlook Messenger\OutlookMessenger.exe" = C:\Program Files\Outlook Messenger\OutlookMessenger.exe:*:Enabled:Outlook LAN Messenger
"C:\WINDOWS\LMI2326.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI2326.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe" = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe:*isabled:KONICA MINOLTA FTP Utility -- (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
"C:\WINDOWS\system32\xnetsrvc.exe" = C:\WINDOWS\system32\xnetsrvc.exe:*:Enabled:XnetSrvc Module -- ()
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2851123E-5786-41BE-A3F1-A9B21E499EEB}" = Altiris Task Synchronization Agent
"{28FE4056-F905-432F-AB71-D770F04C1A4C}" = BlackBerry Device Software v4.6.1 for the BlackBerry orion smartphone
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48237CCD-714E-4EEB-961F-17C65E42B03C}" = BlackBerry Device Software v4.6.1 for the BlackBerry 8350i smartphone
"{4A702DA1-9E48-4346-8030-26B399CCFA8C}" = Altiris Application Metering Agent
"{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C9DF39F-A452-49C2-A0E5-9C2CABE54424}" = StreetPave
"{7EEA397D-3E3D-4C60-8585-DC897C8D36E0}" = RealFlight G4 Demo
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0A1EB01-A6FD-423A-8480-364055A7C961}" = Altiris Software Delivery Solution Agent
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}" = FTP Utility
"{AAE221D5-C3DD-4FE2-A063-C1368FE730A5}" = Symantec Endpoint Protection
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA2101A0-E116-426A-8F69-DE3D397D627B}" = Viewer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"7-Zip" = 7-Zip 9.21beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"A-PDF Size Splitter_is1" = A-PDF Size Splitter 1.2
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"Citrix Program Neighborhood" = Citrix Program Neighborhood
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ESET Online Scanner" = ESET Online Scanner v3
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}" = FTP Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Lotus Notes" = Lotus Notes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PIXresizer_is1" = PIXresizer 1.0.8
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Viewer" = Viewer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WMFDist11" = Windows Media Format 11 runtime
"Xerox_WorkCentre_C2424" = Xerox WorkCentre C2424 Scan Driver

========== Last 10 Event Log Errors ==========

[ Cisco AnyConnect VPN Client Events ]
Error - 10/12/2010 8:59:07 AM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 10/18/2010 12:28:23 PM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 1/22/2011 1:48:56 AM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 3/30/2011 10:44:03 AM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 4/20/2011 7:44:29 AM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 6/17/2011 2:41:44 PM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 6/29/2011 3:47:31 PM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 6/30/2011 4:55:42 PM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 6/30/2011 4:55:42 PM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr:rocessEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 7/5/2011 12:24:17 PM | Computer Name = LAFARGE-866D4EF | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

[ System Events ]
Error - 7/12/2011 1:14:08 PM | Computer Name = LAFARGE-866D4EF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 7/12/2011 1:15:09 PM | Computer Name = LAFARGE-866D4EF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Bluetooth Support Service
service to connect.

Error - 7/12/2011 1:15:09 PM | Computer Name = LAFARGE-866D4EF | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Support Service service failed to start due to the following
error: %%1053

Error - 7/12/2011 1:21:25 PM | Computer Name = LAFARGE-866D4EF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/12/2011 1:22:44 PM | Computer Name = LAFARGE-866D4EF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 7/12/2011 1:37:46 PM | Computer Name = LAFARGE-866D4EF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 7/12/2011 2:07:47 PM | Computer Name = LAFARGE-866D4EF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 7/12/2011 3:07:47 PM | Computer Name = LAFARGE-866D4EF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 7/12/2011 5:07:47 PM | Computer Name = LAFARGE-866D4EF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 7/12/2011 9:07:47 PM | Computer Name = LAFARGE-866D4EF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.


< End of report >

 

OTL Log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alphakor.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cocogroup.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cocogroup.com\vpn\ not found.
Registry key HKEY_USERS\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cocopaving.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lafarge.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lafarge.com\*.na\ not found.
Invalid CLSID key: *.na
Registry key HKEY_USERS\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lafarge.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-427003120-2886712138-3454175278-1706\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lafarge.net\*.na\ not found.
Invalid CLSID key: *.na
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Extensity Client
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Extensity Client\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Extensity Client\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Extensity Client\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\Application Data\~0 folder moved successfully.
C:\WINDOWS\LMI72.tmp\rescue.log deleted successfully.
C:\WINDOWS\LMI72.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\MDoherty\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\MDoherty\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\MDoherty\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\MDoherty\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\MDoherty\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\MDoherty\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\MDoherty\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

User: Hills have eyes

User: ITSupport
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 12118833 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 442502 bytes

User: MDoherty
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 187977077 bytes
->Java cache emptied: 122863309 bytes
->FireFox cache emptied: 113042910 bytes
->Flash cache emptied: 1471208 bytes

User: mdoherty.COCOPAVING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2326643 bytes
->Java cache emptied: 44251102 bytes
->FireFox cache emptied: 383239172 bytes
->Flash cache emptied: 4050 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3050321 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 831.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Hills have eyes

User: ITSupport
->Flash cache emptied: 0 bytes

User: LocalService

User: MDoherty
->Flash cache emptied: 0 bytes

User: mdoherty.COCOPAVING
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07132011_212743

Files\Folders moved on Reboot...
C:\Documents and Settings\mdoherty.COCOPAVING\Local Settings\Temporary Internet Files\Content.IE5\C385INM9\notify[1].wav moved successfully.

Registry entries deleted on Reboot...

 

checkup.txt:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Adobe Flash Player 10.1.82.76
Adobe Reader 7.0.5
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

 

I didn't realize Windows Firewall wasn't on for some reason. I have re-enabled it (let me know if you wanted it left off for some reason).

EDIT: Nevermind, when i rebooted after TFC.exe it turned off again...must be symantec default because the endpoint runs its own firewall? (I've left windows firewall off for now).

ESET Online scanner running now....

 

Adobe uninstalled, Foxit installed (thanks for the suggestion).

Results of ESET Scan below, I have reenabled my symantec for now (let me know if next step requires disabling it again).

Results of ESET Scan, it found the following:

C:\WINDOWS\system32\drivers\VolSnap.sys_backup Win32/Olmasco.E trojan

 

Resulting Log:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\system32\drivers\VolSnap.sys_backup moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Hills have eyes

User: ITSupport
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MDoherty
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: mdoherty.COCOPAVING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5536223 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71321854 bytes
->Flash cache emptied: 1029 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1110577 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Hills have eyes

User: ITSupport
->Flash cache emptied: 0 bytes

User: LocalService

User: MDoherty
->Flash cache emptied: 0 bytes

User: mdoherty.COCOPAVING
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07152011_031844

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

I'll now go through the rest of your list...thank you so much for your help!

 

Broni, sorry I just got back from the States. All is looking good, I'm running the various programs as you mentioned every couple of days (TFC, malware etc). In addition, after everything you've helped with SP3 has finally updated, and my outlook.pst file is opening again. All seems to be going well. If anything else changes, will update.

Thank you immensely for your assistance,
Mike