[kspeth]

I am having various virus issues ... I cannot open regedit, I am having consistent web browser re-direct issues and when i try to connect to my oracle databases I am getting TNS-12571 TNS:packet writer failure errors.

I have run Symantec Anti-Virus, Malwarebyes Anit-malware, SUPERAntiSpyWare, and Ad-Adware. Several "infections" were found but I am still having all 3 issues mentioned above. The regedit and web browser issues have been going on for a couple weeks. The TNS issue just started today.

I am a software developer so this is really impacting me so any help you can provide would be great. It would take me quite a bit of time to set up my laptop again so prefer to not do that (at least for another 3 weeks if I can at least get my TNS issue resolved -- that is probably the most critical to my job).

I have followed the instructions in the malware guide and I have pasted my files below. Let me know if there is anything else you need and if you have any suggestions.

thanks!
Kristen

I ran Malwarebytes 1.36 and deleted the quarantined items:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/17/2009 11:59:23 AM
mbam-log-2009-04-17 (11-59-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 215637
Time elapsed: 59 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

Old Timer Logs:

OTListIt logfile created on: 4/21/2009 10:35:05 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\kristen.speth\My Documents\Downloads\Old Timer
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 59.06% Memory free
3.83 Gb Paging File | 3.10 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 37.13 Gb Free Space | 39.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEN-SPETH
Current User Name: kristen.speth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\VPNremote for Windows XP\AvVpnService.exe ()
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()
PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe (Sprint Spectrum, L.L.C)
PRC - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
PRC - c:\program files\lenovo\system update\suservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\System32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\kristen.speth\My Documents\Downloads\Old Timer\OTListIt2.exe (OldTimer Tools)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AvService [Auto | Running]) -- C:\Program Files\VPNremote for Windows XP\AvVpnService.exe ()
SRV - (btwdins [Auto | Running]) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IISADMIN [Auto | Running]) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LeapFrog Connect Device Service [Auto | Running]) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (Multi-user Cleanup Service [Auto | Running]) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (OSCM Utility Service [Auto | Running]) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe (Sprint Spectrum, L.L.C)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

and

OTListIt Extras logfile created on: 4/21/2009 10:35:05 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\kristen.speth\My Documents\Downloads\Old Timer
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 59.06% Memory free
3.83 Gb Paging File | 3.10 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 37.13 Gb Free Space | 39.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEN-SPETH
Current User Name: kristen.speth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke File not found
C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog File not found
C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp File not found
C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager File not found
C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect (Qwest Communications International Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Documents and Settings\kristen.speth\Local Settings\Temp\OraInstall2007-10-03_12-01-05PM\jre\1.4.2\bin\javaw.exe:*:Enabled:javaw File not found
C:\Documents and Settings\kristen.speth\Local Settings\Temp\OraInstall2007-10-03_12-37-00PM\jre\1.4.2\bin\javaw.exe:*:Enabled:javaw File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Siebel\BIN\siebel.exe:*:Enabled:Siebel Mobile Client (Siebel Systems, Inc.)
C:\Siebel8\Tools\BIN\dbeng9.exe:*:Enabled:Adaptive Server Anywhere Database Engine (iAnywhere Solutions, Inc.)
C:\Siebel\BIN\dbeng9.exe:*:Enabled:Adaptive Server Anywhere Database Engine (iAnywhere Solutions, Inc.)
C:\Siebel8\web client\BIN\dbeng9.exe:*:Enabled:Adaptive Server Anywhere Database Engine (iAnywhere Solutions, Inc.)
C:\Siebel8\web client\BIN\siebel.exe:*:Enabled:Siebel Mobile Client (Siebel Systems, Inc.)
C:\Siebel8\web client\Charts\JRE\bin\javaw.exe:*:Enabled:javaw ()
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke File not found
C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog File not found
C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp File not found
C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager File not found
C:\Documents and Settings\kristen.speth\Local Settings\Temp\OraInstall2008-03-26_09-29-49PM\jre\1.4.2\bin\javaw.exe:*:Enabled:javaw File not found
C:\Siebel80\Tools\BIN\dbeng9.exe:*:Enabled:Adaptive Server Anywhere Database Engine (iAnywhere Solutions, Inc.)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:Java™ Platform SE binary File not found
C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager File not found
C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® (Microsoft Corporation)
C:\Siebel\Charts\JRE\bin\javaw.exe:*:Enabled:javaw ()
D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Co.)
C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect (Qwest Communications International Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31799B14-B3E7-4522-B393-6206C03EC5D3}" = VMware Player
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{334FF5F7-7533-49F4-BFDF-3BE2BB9BEEC7}" = Sprint Mobile Broadband (Novatel Wireless)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E22835-979D-4D47-BCC2-C338F15DAC5A}" = WinSQL
"{3DFB275E-92F1-4D4A-A546-C5475917FA41}" = Lotus Notes 7.0.2
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{449B3E6A-4E97-499D-ABB2-19CC81890634}" = VPNremote for Windows XP
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{512A31DE-EA49-4AEC-AE64-AEF842DE8ABA}" = LeapFrog Connect
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5F0820F6-4249-4934-9B5E-E39DCA99240E}" = HaleyAuthority Enterprise 5.2
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6C08AC4A-81DB-4df9-A1EB-E2027BD4789A}" = j2 Messenger 4.2
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = Multimedia Center for Think Offerings
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A53A1A49-C3EA-406c-B87C-8E02B622D605}" = C7200_doccd
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC027A13-E16C-4AE3-A8BB-D9A5724A2B00}" = Primavera ProjectLink
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client 4.8.01.0300
"{D2FCC296-2DAA-44BE-A324-0F8222C187E0}" = LeapFrog Tag Plugin
"{D9044DCB-F8F9-4A81-9B06-ACAC1A59B261}" = QuickConnect
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"09DE32C4F7BD75AFC4FD14FE55D82891A5C397E0" = Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
"0E5906722E3ECA13747F1633D3F55E9F47120424" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"6455D19F3BFC2585EA48D0648505F8DA7DAC3629" = Windows Driver Package - Intel (NETw4x32) net (04/30/2007 11.1.1.11)
"737C4F107F61FFE46CE45CCA503223FBA5BD00FC" = Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
"A52334752DB8BF051DEADD0BADDDA32C2255FDC0" = Windows Driver Package - Intel (w29n51) net (04/04/2007 9.0.4.36)
"Ad-Aware" = Ad-Aware
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"CentraClient" = Centra Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ERUNT_is1" = ERUNT 1.1j
"FileZilla" = FileZilla (remove only)
"Gadwin PrintScreen" = Gadwin PrintScreen
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{5F0820F6-4249-4934-9B5E-E39DCA99240E}" = HaleyAuthority Enterprise 5.2
"InterActual Player" = InterActual Player
"IZArc 3.5 beta 3_is1" = IZArc 3.5 beta 3
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (2.0.0.9)" = Mozilla Firefox (2.0.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"OracleRTCClient" = Oracle Web Conferencing Console
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"Siebel Uninstall Manager" = Siebel Uninstallation Manager
"SnagIt6" = SnagIt 6
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Toad for Oracle Freeware" = Toad for Oracle Freeware
"UPCShell" = LeapFrog Connect
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2009 10:04:31 PM | Computer Name = DEN-SPETH | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/21/2009 10:05:31 PM | Computer Name = DEN-SPETH | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/21/2009 10:05:46 PM | Computer Name = DEN-SPETH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 4/21/2009 10:49:46 PM | Computer Name = DEN-SPETH | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/21/2009 10:50:46 PM | Computer Name = DEN-SPETH | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/21/2009 11:09:27 PM | Computer Name = DEN-SPETH | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/21/2009 11:22:19 PM | Computer Name = DEN-SPETH | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/21/2009 11:23:20 PM | Computer Name = DEN-SPETH | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/21/2009 11:53:28 PM | Computer Name = DEN-SPETH | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/21/2009 11:54:28 PM | Computer Name = DEN-SPETH | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 4/21/2009 11:15:45 PM | Computer Name = DEN-SPETH | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service IISADMIN with
arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

Error - 4/21/2009 11:15:52 PM | Computer Name = DEN-SPETH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/21/2009 11:22:19 PM | Computer Name = DEN-SPETH | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PERFICIENT due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 4/21/2009 11:22:30 PM | Computer Name = DEN-SPETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/21/2009 11:22:30 PM | Computer Name = DEN-SPETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/21/2009 11:37:30 PM | Computer Name = DEN-SPETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 4/21/2009 11:53:28 PM | Computer Name = DEN-SPETH | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PERFICIENT due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 4/21/2009 11:53:30 PM | Computer Name = DEN-SPETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/21/2009 11:53:30 PM | Computer Name = DEN-SPETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/22/2009 12:08:35 AM | Computer Name = DEN-SPETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.


< End of report >

Rooter.txt

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:95393 Mo/Free:1157 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 04/21/2009|23:18

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\ibmpmsvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\SCardSvr.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\VPNremote for Windows XP\AvVpnService.exe
---------- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\inetsrv\inetinfo.exe
---------- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
---------- C:\Program Files\lotus\notes\ntmulti.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- c:\program files\lenovo\system update\suservice.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\WINDOWS\System32\TPHDEXLG.exe
---------- C:\Program Files\VMware\VMware Player\vmware-authd.exe
---------- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
---------- C:\WINDOWS\system32\vmnat.exe
---------- C:\WINDOWS\system32\vmnetdhcp.exe
---------- C:\WINDOWS\system32\wbem\unsecapp.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\igfxsrvc.exe
---------- C:\Documents and Settings\kristen.speth\Desktop\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..