Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Programs cannot connect after spyware removal

Started by Rachael Eastman , Nov 10 2009 10:43 AM

  • Please log in to reply

#1
Rachael Eastman
Posted 10 November 2009 - 10:43 AM

Rachael Eastman

    New Member

  • Member
  • Pip
  • 2 posts
I removed some spyware a few eeks ago, and since then have not been able to get anything that needs to update to connect. Firefox also cannot connect. Programs not working include stamps.com, encidio's shipping software, java updater, avg update, firefox...

I have removed all of my antivirus, etc. except what the guide told me to have, so there would not be conflicts. I now have no anti-virus since deleting avg and avast will not install.


Here are the log files from mal-ware bytes, rootrepeal, and otl:


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

11/10/2009 11:08:22 AM
mbam-log-2009-11-10 (11-08-22).txt

Scan type: Quick Scan
Objects scanned: 100025
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/10 11:38
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF39EA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79CD000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF197C000 Size: 49152 File Visible: No Signed: -
Status: -

Name: usbstor
Image Path: \Driver\usbstor
Address: 0xF7767000 Size: 26496 File Visible: No Signed: -
Status: Hidden from the Windows API!

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x84d6b6b8

==EOF==

OTL logfile created on: 11/10/2009 11:31:34 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 134.04 Mb Available Physical Memory | 29.95% Memory free
1.69 Gb Paging File | 1.48 Gb Available in Paging File | 87.47% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 122.94 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.05 Gb Total Space | 66.14 Gb Free Space | 44.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAZARUS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/10 11:07:01 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/29 00:11:01 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/29 00:11:01 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/20 03:42:45 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2006/04/02 20:07:44 | 00,389,120 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/02/22 11:59:32 | 01,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
PRC - [2005/04/06 11:56:22 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/08/04 02:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2004/03/11 18:18:54 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/03/03 12:29:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/09/02 20:25:04 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\sstray.exe


========== Modules (SafeList) ==========

MOD - [2009/11/10 11:07:01 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/08/31 20:41:53 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2004/08/04 02:56:42 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/29 00:11:01 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2006/11/20 03:42:45 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/04/06 11:56:22 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/03/03 12:29:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/08/04 16:00:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/13 09:07:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/02 16:53:03 | 00,000,000 | ---D | M]


O1 HOSTS File: (347151 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11903 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [EPSON NX300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinn...rabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinn...ems/zengems.cab (ZenGems Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinn...0/pool/pool.cab (Pool Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinn...t/moneylist.cab (MoneyList Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinn...jattack/bja.cab (BJA Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Image Uploader Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1041477767515 (WUWebControl Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1221135435875 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} https://www.worldwin...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinn...jo/wordmojo.cab (WordMojo Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinn...luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab (SwapIt Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/03 07:56:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/01/03 07:56:51 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/01/03 07:56:22 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/10 11:10:21 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Owner\Desktop\avast_home_setup.exe
[2009/11/10 11:07:00 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/10 11:06:41 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/10 11:00:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/10 11:00:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/10 10:58:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/10 10:57:50 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/10 10:52:30 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/11/10 08:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/06 22:10:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/03 10:48:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/11/03 10:18:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ShippingAssistant
[2009/11/02 22:43:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/11/02 21:38:43 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/11/02 21:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/11/02 16:54:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/11/02 16:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2009/11/02 16:53:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/11/02 16:52:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/11/02 14:43:02 | 00,000,000 | ---D | C] -- C:\Program Files\Envelope Manager
[2009/11/02 10:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{4982B6A5-FCD5-4198-BF09-66D2F6A7D312}
[2009/10/31 20:54:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2009/10/31 20:53:55 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2009/10/31 11:06:11 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2009/10/30 10:37:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/30 09:25:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

========== Files - Modified Within 14 Days ==========

[2009/11/10 11:30:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{15BACBA7-5ADA-4298-AE34-3EEACD6E6C59}.job
[2009/11/10 11:28:07 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/10 11:14:25 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/11/10 11:13:21 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/10 11:12:43 | 00,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2009/11/10 11:12:08 | 00,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/10 11:12:06 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/11/10 11:12:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/10 11:12:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/10 11:11:59 | 46,929,1008 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/10 11:11:17 | 08,388,608 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/10 11:10:42 | 04,298,268 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/10 11:10:23 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Owner\Desktop\avast_home_setup.exe
[2009/11/10 11:07:01 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/10 11:06:43 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/10 11:00:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/10 10:58:58 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/10 10:58:50 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/10 10:58:50 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/10 10:57:56 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/10 10:53:16 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/11/10 10:02:34 | 00,337,932 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\keyfinder.2.0.1.zip
[2009/11/10 09:51:43 | 01,496,399 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TGTC_XP_4.3.zip
[2009/11/10 09:21:54 | 00,000,576 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/10 09:21:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/10 09:21:54 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/09 23:30:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/09 17:14:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/09 10:58:01 | 00,010,057 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\payoff.xlsx
[2009/11/09 00:39:39 | 00,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
[2009/11/08 14:21:46 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/11/06 22:11:25 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/06 21:46:17 | 00,520,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/06 21:46:17 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/06 21:46:17 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/03 10:19:56 | 00,000,133 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/03 08:21:59 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/30 14:06:32 | 00,682,369 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WinsockFix.zip

========== Files Created - No Company Name ==========

[2009/11/10 11:13:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/10 11:00:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/10 10:58:58 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/10 10:58:50 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/10 10:58:50 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/10 10:02:32 | 00,337,932 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\keyfinder.2.0.1.zip
[2009/11/10 09:51:30 | 01,496,399 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TGTC_XP_4.3.zip
[2009/11/10 09:22:52 | 46,929,1008 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/09 00:39:39 | 00,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
[2009/11/06 22:11:25 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/03 10:19:56 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/02 10:46:17 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/11/02 10:46:17 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk
[2009/10/30 14:06:30 | 00,682,369 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WinsockFix.zip
[2009/10/22 11:20:46 | 00,007,303 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/08/11 14:44:13 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/08/11 14:42:17 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPSNX300.ini
[2009/08/04 15:32:33 | 00,003,656 | -HS- | C] () -- C:\Program Files\Common Files\OneNote Table Of Contents.onetoc2
[2009/08/04 15:32:30 | 00,003,656 | -HS- | C] () -- C:\Program Files\OneNote Table Of Contents.onetoc2
[2009/07/08 15:50:57 | 04,298,268 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/05/05 07:06:33 | 00,000,125 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/06 10:53:28 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/02 20:06:52 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/18 15:29:39 | 00,000,794 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2008/09/06 16:34:52 | 00,062,496 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2003/01/03 09:44:52 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2003/01/03 09:44:52 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/01/03 09:32:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/03 08:08:51 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/03 08:00:10 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2003/01/03 06:42:37 | 00,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003/01/03 06:42:32 | 00,001,212 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/03 06:42:32 | 00,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/03 06:42:02 | 00,000,576 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/01/03 06:41:57 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/02 23:49:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/01 22:16:35 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

========== LOP Check ==========

[2009/08/11 15:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/10/03 09:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2009/11/02 22:43:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/10/31 22:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/08/01 08:48:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/11/02 16:52:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/11/10 08:17:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/11 14:48:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/01/23 16:57:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/10/06 16:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/11/06 21:57:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4982B6A5-FCD5-4198-BF09-66D2F6A7D312}
[2009/11/02 16:52:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2008/09/19 08:44:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/08/11 14:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/09/17 09:18:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2008/11/15 18:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/04/16 07:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2009/10/16 20:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
[2008/11/18 15:29:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/04/24 11:56:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2008/09/20 09:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2003/03/31 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2003/01/01 21:46:34 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2003/01/01 21:46:34 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2003/01/01 21:46:34 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
[2009/11/10 11:12:06 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/11/10 11:14:25 | 00,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/11/08 14:21:46 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/11/10 11:12:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/10 11:30:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{15BACBA7-5ADA-4298-AE34-3EEACD6E6C59}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\sp2qfe\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2003/03/31 07:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\AGP440.SYS

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 2956 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
< End of report >

OTL Extras logfile created on: 11/10/2009 11:31:34 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 134.04 Mb Available Physical Memory | 29.95% Memory free
1.69 Gb Paging File | 1.48 Gb Available in Paging File | 87.47% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 122.94 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.05 Gb Total Space | 66.14 Gb Free Space | 44.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAZARUS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [regular_open] -- C:\Windows\explorer.exe "%1" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:stamps
"443:TCP" = 443:TCP:*:Enabled:stamps

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{50F064B8-C699-4BED-A3FC-9475FA2FAD7B}" = Gregg College Keyboarding & Document Processing Home 10
"{54855FDF-8D9C-44C8-87E9-A5FED0006942}" = GDPHome
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F486528-5581-452C-8D92-4C45DE8ABDA8}" = GDPAddinSetup
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E38204FD-D3C3-451A-A4C1-598E408275D0}" = Gregg College Keyboarding & Document Processing Home 10
"{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Bodog Poker_is1" = Bodog Poker Version 2.16.3.49
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1010)
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"RegCure" = RegCure 2.0.0.0
"Stamps.com" = Stamps.com
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2009 11:54:53 AM | Computer Name = LAZARUS | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 11/10/2009 11:54:54 AM | Computer Name = LAZARUS | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 11/10/2009 11:55:08 AM | Computer Name = LAZARUS | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 11/10/2009 12:12:00 PM | Computer Name = LAZARUS | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 11/10/2009 12:12:01 PM | Computer Name = LAZARUS | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 11/10/2009 12:12:01 PM | Computer Name = LAZARUS | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 11/10/2009 12:12:02 PM | Computer Name = LAZARUS | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 11/10/2009 12:12:07 PM | Computer Name = LAZARUS | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 11/10/2009 12:14:34 PM | Computer Name = LAZARUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 11/10/2009 12:14:34 PM | Computer Name = LAZARUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ OSession Events ]
Error - 2/21/2009 6:01:10 PM | Computer Name = LAZARUS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 636
seconds with 60 seconds of active time. This session ended with a crash.

Error - 8/7/2009 3:31:19 PM | Computer Name = LAZARUS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 169
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/5/2009 11:06:49 PM | Computer Name = LAZARUS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/5/2009 11:16:08 PM | Computer Name = LAZARUS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/10/2009 11:55:07 AM | Computer Name = LAZARUS | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 11/10/2009 11:55:07 AM | Computer Name = LAZARUS | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 11/10/2009 11:55:07 AM | Computer Name = LAZARUS | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 11/10/2009 11:55:08 AM | Computer Name = LAZARUS | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 11/10/2009 11:55:10 AM | Computer Name = LAZARUS | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 11/10/2009 12:12:04 PM | Computer Name = LAZARUS | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 11/10/2009 12:12:04 PM | Computer Name = LAZARUS | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 11/10/2009 12:12:04 PM | Computer Name = LAZARUS | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 11/10/2009 12:12:04 PM | Computer Name = LAZARUS | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 11/10/2009 12:12:07 PM | Computer Name = LAZARUS | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1


< End of report >


Finally, here is the error from avast:
10.11.2009 11:14:46 general: Started: 10.11.2009, 11:14:46
10.11.2009 11:14:46 system: Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
10.11.2009 11:14:46 system: Memory: 64% load. Phys:162876/458220K free, Page:1560476/1772112K free, Virt:2071456/2097024K free
10.11.2009 11:14:46 system: Computer WinName: LAZARUS
10.11.2009 11:14:46 system: Windows Net User: LAZARUS\Owner
10.11.2009 11:14:46 general: Old version: ffffffff (-1)
10.11.2009 11:14:46 system: Using temp: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_inet.tm~a02176 (125897M free)
10.11.2009 11:14:46 internet: SYNCER: Type: use IE settings
10.11.2009 11:14:46 internet: SYNCER: Auth: another authentication, use WinInet
10.11.2009 11:14:46 general: Install check: Program folder does NOT exist in registry
10.11.2009 11:14:46 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
10.11.2009 11:14:52 internet: SYNCER: Type: use IE settings
10.11.2009 11:14:52 internet: SYNCER: Auth: another authentication, use WinInet
10.11.2009 11:14:52 general: progress thread start
10.11.2009 11:14:52 general: Destination: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_inet.tm~a02176
10.11.2009 11:14:52 general: Starting download: http://www.avast.com...t...&langid=eng
10.11.2009 11:14:52 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
10.11.2009 11:14:53 general: Download finished from server www.avast.com, result: 0x20000004, server response: 12029
10.11.2009 11:14:53 general: Stats www.avast.com, server response: 536870916
10.11.2009 11:14:53 general: POST result: 0x20000004, server response:
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP