Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows XP SP3 running slow on startup and when accessing programs

Started by ekstatman , Jul 21 2009 06:32 PM

  • Please log in to reply

#1
ekstatman
Posted 21 July 2009 - 06:32 PM

ekstatman

    Member

  • Member
  • PipPip
  • 65 posts
Hello,
My computer has run very slow for quite a while now and I don't know what else to do. I increased the RAM to 1GB, cleaned up some malware using MalwareBytes, ran a virus scan and found nothing. I am at a loss. I went through the steps on your site to clean malware and I could not execute RootRepeal. A popup box kept appearing stating the computer was low in virtual memory. I did manage to run the OTL application however...the logs are below.

OTL logfile created on: 7/21/2009 8:13:57 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.36 Mb Total Physical Memory | 461.61 Mb Available Physical Memory | 48.12% Memory free
1.64 Gb Paging File | 1.15 Gb Available in Paging File | 70.40% Paging File free
Paging file location(s): C:\pagefile.sys 800 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.25 Gb Total Space | 43.42 Gb Free Space | 40.48% Space Free | Partition Type: NTFS
Drive D: | 4.53 Gb Total Space | 0.78 Gb Free Space | 17.26% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIFFANY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2002/01/29 14:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2002/07/17 03:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2009/07/19 13:38:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2005/11/11 17:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2008/12/18 05:25:12 | 29,181,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2003/03/03 14:44:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/02/21 07:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\Omniserv.exe
PRC - [2005/11/22 21:58:48 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2003/10/17 18:52:13 | 00,585,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2003/02/21 06:50:10 | 00,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [1998/05/07 19:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2004/03/04 11:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2009/07/19 13:38:27 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/11/11 18:00:56 | 01,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2006/03/25 01:17:37 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2006/02/19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
PRC - [2004/08/31 16:32:56 | 01,597,440 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/03/04 21:24:44 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2005/05/10 16:04:50 | 00,403,456 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/11/11 17:42:12 | 00,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/05/10 16:04:50 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
PRC - [2003/03/21 19:52:06 | 00,552,960 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2009/07/19 21:45:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/01/30 20:32:51 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002/01/29 14:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2002/07/17 03:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2009/05/30 02:08:43 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/02/23 16:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2009/07/19 13:38:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2005/11/11 17:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [Auto | Running])
SRV - [2008/12/18 05:25:12 | 29,181,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Running])
SRV - [2005/10/14 04:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2003/03/03 14:44:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/02/21 07:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\Omniserv.exe -- (omniserv [Auto | Running])
SRV - [2005/11/23 10:22:44 | 00,089,792 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/11/22 21:58:48 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2003/10/17 18:52:13 | 00,585,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft...mp;Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...mp;ltmplcache=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/19 13:38:29 | 00,000,000 | ---D | M]


O1 HOSTS File: (1444 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 645238813 auto.search.msn.com
O1 - Hosts: 66.38.215.115 kazza.com
O1 - Hosts: 66.38.215.115 www.kazza.com
O1 - Hosts: 66.38.215.115 kaza.com
O1 - Hosts: 66.38.215.115 www.kaza.com
O1 - Hosts: 66.38.215.115 kaaza.com
O1 - Hosts: 66.38.215.115 www.kaaza.com
O1 - Hosts: 66.38.215.115 kahza.com
O1 - Hosts: 66.38.215.115 www.kahza.com
O1 - Hosts: 66.38.215.115 edonkey.com
O1 - Hosts: 66.38.215.115 www.edonkey.com
O1 - Hosts: 66.38.215.115 emule.com
O1 - Hosts: 66.38.215.115 www.emule.com
O1 - Hosts: 66.38.215.115 suprnova.com
O1 - Hosts: 66.38.215.115 www.suprnova.com
O1 - Hosts: 64.124.166.37 klite.com
O1 - Hosts: 64.124.166.37 www.klite.com
O1 - Hosts: 64.124.166.37 k-lite.com
O1 - Hosts: 64.124.166.37 www.k-lite.com
O1 - Hosts: 64.124.166.37 kazaalite.com
O1 - Hosts: 64.124.166.37 www.kazzalite.com
O1 - Hosts: 64.124.166.37 kazalite.com
O1 - Hosts: 64.124.166.37 www.kazalite.com
O1 - Hosts: 64.124.166.37 kaazalite.com
O1 - Hosts: 1 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [ComcastSUPPORT] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SAClient] C:\Program Files\Comcast\BBClient\Programs\RegCon.exe (AT&T)
O4 - HKLM..\Run: [SAUpdate] C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe (AT&T)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: striderite.com ([firepass] http in Trusted sites)
O15 - HKCU\..Trusted Domains: striderite.com ([firepass] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://firepass.str...,2008,1112,2313 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://firepass.str...,2009,0327,1604 (F5 Networks Auto Update)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://firepass.str...,2009,0327,1547 (F5 Networks Policy Agent Host Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....23/cpbrkpie.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7846.9230787037 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....rl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://firepass.str...,2008,1031,2108 (F5 Networks Host Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\opxpgina.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/10 01:19:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 04:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{01c07708-c683-11d7-9881-806d6172696f}\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 22:54:58 | 00,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/07/21 20:12:32 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/21 20:05:07 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2009/07/21 19:51:54 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/07/21 19:51:19 | 00,462,508 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/07/20 22:19:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/20 22:19:03 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/20 22:19:03 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/20 22:19:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/20 22:17:11 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/20 22:07:19 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/16 23:25:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/16 23:22:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/07/16 23:21:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/16 23:10:29 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/07/16 22:58:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/16 22:57:52 | 00,926,924 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090716_225747.reg
[2009/07/16 22:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/07/16 22:09:57 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/16 22:09:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/16 22:09:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/16 22:09:32 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/16 22:09:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/12 22:52:04 | 00,004,741 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/12 22:25:23 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/07/12 22:25:13 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/12 22:25:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

========== Files - Modified Within 14 Days ==========

[2009/07/21 20:10:08 | 00,165,120 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/07/21 20:09:42 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/21 20:08:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/21 20:08:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/21 20:08:36 | 10,060,30848 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/21 19:51:20 | 00,462,508 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/07/20 22:19:03 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/20 22:19:03 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/20 22:17:11 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/20 22:07:27 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/19 21:45:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/19 21:45:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2009/07/18 14:50:07 | 00,033,280 | ---- | M] () -- C:\TiffanyKAdultModelRelease.DOC
[2009/07/18 13:31:56 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/16 23:29:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/16 22:58:06 | 00,926,924 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090716_225747.reg
[2009/07/16 22:43:50 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/07/16 22:09:57 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 22:53:22 | 00,004,741 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/07/12 22:25:23 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/07/12 21:39:46 | 00,469,504 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe

========== LOP Check ==========

[2009/07/16 22:09:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2003/11/29 18:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2003/04/10 03:12:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2003/04/10 01:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2003/08/12 19:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2004/12/14 23:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/16 22:10:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2004/12/09 04:34:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2004/04/13 19:40:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2006/12/24 13:47:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2006/07/29 20:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\COREL
[2004/01/02 00:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2006/09/17 18:04:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ExpressDigital
[2004/06/07 07:59:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM
[2003/08/04 11:21:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2008/07/08 22:23:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2003/04/10 07:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2003/04/10 02:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2003/08/17 17:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2003/12/30 23:08:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2003/10/19 15:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2005/08/23 23:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2004/01/03 18:10:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2007/03/04 14:59:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2003/04/10 03:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2003/04/10 02:27:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder
[2007/04/01 01:23:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartFTP
[2006/11/20 17:13:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2003/09/24 08:38:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2009/07/19 11:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2002/08/29 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2003/09/30 13:41:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\easy Internet sign-up.job
[2008/09/24 20:39:47 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/06/01 01:00:15 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/07/21 20:08:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 7/21/2009 8:13:57 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.36 Mb Total Physical Memory | 461.61 Mb Available Physical Memory | 48.12% Memory free
1.64 Gb Paging File | 1.15 Gb Available in Paging File | 70.40% Paging File free
Paging file location(s): C:\pagefile.sys 800 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.25 Gb Total Space | 43.42 Gb Free Space | 40.48% Space Free | Partition Type: NTFS
Drive D: | 4.53 Gb Total Space | 0.78 Gb Free Space | 17.26% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIFFANY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Support.com\bin\tgcmd.exe" = C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:ComcastSUPPORT / Support.com Agent -- (Support.com, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Savings Bond Wizard\SBWizard.exe" = C:\Program Files\Savings Bond Wizard\SBWizard.exe:*:Enabled:Savings Bond Wizard -- (U.S. Department of the Treasury)
"C:\Program Files\SmartFTP\SmartFTP.exe" = C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client -- (SmartFTP GmbH)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\Downloaded Program Files\TunnelServer.exe" = C:\WINDOWS\Downloaded Program Files\TunnelServer.exe:*:Enabled:TunnelServer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP Client
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{22901BB7-2C57-409E-AF2F-56FFFEA41116}" = EPSON Photo Print
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27579b3c-5470-4496-be6c-0c872674f19f}" = Macromedia Flash Player
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{476D3472-3FCA-423C-8C0C-18BA780246ED}" = ICC Color Profiles
"{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{60E80B13-8649-4A69-85E2-1AE99E061F43}" = ShowBiz DVD
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{735D7AC9-BC7B-4491-9D06-7F4642849E7C}" = P.I.M. II Plug-In
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{934E914F-7F58-49C2-A6BB-C93BA836DF23}" = SP2200 Prem.Glossy Premium ICC Profiles
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9E88DAA4-1352-4272-BA3A-897668408400}" = HP Photosmart printers preloaded drivers
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB613005-5353-49A7-AC2B-F5163AC157D2}" = SP2200 Prem.Semigloss Premium ICC Profiles
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CACE0C9D-9EF7-4F3B-9C64-88FBA245BA9C}" = Symnet Redirector Updater
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB80E25E-E18D-11D9-AD8E-0050DA87D0EB}" = Burn and Go X
"{CB9E953C-A225-4C9B-96B5-7197F6DC6CF7}" = SP2200 Prem.Luster Premium ICC Profiles
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E33350DF-0A12-4387-B6E8-128C08C0F1FF}" = Kodak DIGITAL GEM Airbrush Professional Plug-In 2.0.0
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC" = GemMaster 3 from Hewlett-Packard Desktops (remove only)
"7841B68B-B7DD-408E-8B45-D5CA39608185" = Dark Orbit from Hewlett-Packard Desktops (remove only)
"8c9c48d7-2d03-4a1f-a303-5bd22ccabae1" = RingMaster from Hewlett-Packard Desktops (remove only)
"Ad-aware 5.83" = Ad-aware 5.83
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Advanced Tools" = Advanced Tools
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"ArcSoft Software Suite" = ArcSoft Software Suite
"BroadJump Client Foundation" = BroadJump Client Foundation
"Burlington's CD Design Creator" = Burlington's CD Design Creator
"CCleaner" = CCleaner (remove only)
"ComcastSUPPORT" = ComcastSUPPORT
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DF479CEA-34C0-460F-9B56-93BCE4CD4086" = Excavation from Hewlett-Packard Desktops (remove only)
"DreamSuite" = Uninstall DreamSuite
"DVD X Rescue" = DVD X Rescue
"DVDXCopyPlatinum" = DVDXCopy Platinum 3.2.1
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Film Factory" = Film Factory
"HP Deskjet 3740 Series_Driver" = HP Deskjet 3740 Series
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"hp instant support" = HP Instant Support
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HPTOOLKIT" = toolkit
"ie8" = Windows Internet Explorer 8
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"KLiteCodecPack_is1" = K-Lite Codec Pack
"LeechFTP" = LeechFTP DEC PAC
"LimeWire" = LimeWire 4.9.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MP3 Shield" = MP3 Shield
"MSC" = McAfee SecurityCenter
"MSN Music Assistant" = MSN Music Assistant
"MWASPI" = MicroStaff WINASPI
"Mystical" = Uninstall Mystical
"MysticalTTC" = Uninstall MysticalTTC
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"OPSWAT AV Libraries" = OPSWAT AntiVirus and Firewall Integration Libraries
"PGEDemo" = Uninstall PGEDemo
"PS2" = PS2
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Savings Bond Wizard" = Savings Bond Wizard
"Service Agent" = Service Agent
"Setup Wizard EPIC" = EPSON EPIC SP2200
"SpamSubtract" = SpamSubtract
"SpiceFX Packs for Movie Maker" = SpiceFX Packs for Movie Maker
"Terminal Server Client" = Terminal Services Client
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WeatherBug" = WeatherBug
"WHCC's LabPrints" = WHCC's LabPrints
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Productivity Pack" = WordPerfect Productivity Pack
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ROES.whcc" = ROES.whcc

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2009 5:47:03 PM | Computer Name = TIFFANY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/19/2009 5:47:03 PM | Computer Name = TIFFANY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/19/2009 5:47:03 PM | Computer Name = TIFFANY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/19/2009 5:47:03 PM | Computer Name = TIFFANY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/20/2009 8:09:24 PM | Computer Name = TIFFANY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcr71.dll, version 7.10.6014.4, fault address 0x00010440.

Error - 7/20/2009 8:10:12 PM | Computer Name = TIFFANY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcr71.dll, version 7.10.6014.4, fault address 0x00010440.

Error - 7/20/2009 10:34:57 PM | Computer Name = TIFFANY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/20/2009 10:34:57 PM | Computer Name = TIFFANY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/21/2009 7:29:01 AM | Computer Name = TIFFANY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2009 7:24:21 PM | Computer Name = TIFFANY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2492 (0x9bc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\Online
Services\CS70US\CS70US.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 7/21/2009 7:32:03 AM | Computer Name = TIFFANY | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3
(KB955706).

Error - 7/21/2009 7:24:48 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
to connect.

Error - 7/21/2009 7:24:51 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%1053

Error - 7/21/2009 7:26:35 PM | Computer Name = TIFFANY | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 7/21/2009 7:28:55 PM | Computer Name = TIFFANY | Source = Srv | ID = 2000
Description = The server's call to a system service failed unexpectedly.

Error - 7/21/2009 7:35:28 PM | Computer Name = TIFFANY | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{AF2359BF-2AEB-471A-A4A6-F28195CCDB1C}. The
backup browser is stopping.

Error - 7/21/2009 8:00:56 PM | Computer Name = TIFFANY | Source = Srv | ID = 2000
Description = The server's call to a system service failed unexpectedly.

Error - 7/21/2009 8:04:58 PM | Computer Name = TIFFANY | Source = Srv | ID = 2000
Description = The server's call to a system service failed unexpectedly.

Error - 7/21/2009 8:05:00 PM | Computer Name = TIFFANY | Source = Srv | ID = 2000
Description = The server's call to a system service failed unexpectedly.

Error - 7/21/2009 8:05:31 PM | Computer Name = TIFFANY | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{AF2359BF-2AEB-471A-A4A6-F28195CCDB1C}. The
backup browser is stopping.


< End of report >
  • 0

Advertisements

#2
happyrock
Posted 21 July 2009 - 07:34 PM

happyrock

    Tech Moderator

  • Retired Staff
  • 9,285 posts
you are only to post logs in the malware removal forum...
but a quick scan shows you have multiple P2P downloading programs and thats a sure way to get infected...
Please go to Malware and Spyware Cleaning Guide...
HERE....

That will help you clean up 80 percent of all problems by yourself. If at the end of the process you are still having difficulty (and you may not be) follow the instructions start a new topic
here
post the OTListIt2 and Rooter logs ...
The "Topic Title" should contain the name of the infection that you are having a problem with...Use the "Topic Description" to include more details. This will help you get faster responses as some people are more familiar with certain infections....

if you are unable to download or run ANY of the tools...try downloading them on another computer and put them on a flash drive or cd and try installing them that way..
no joy...
start a new topic and let them know you can't run any of the tools..
  • 0

#3
ekstatman
Posted 21 July 2009 - 08:26 PM

ekstatman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Will do...thanks
  • 0

#4
trentdw
Posted 05 September 2009 - 09:20 PM

trentdw

    Member

  • Member
  • PipPip
  • 25 posts
do all these programs load at windows start?
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP