PDA

View Full Version : System Check Virus



registeredname
2012-02-25, 10:16
Here is the log file from my scan:


OTL logfile created on: 2/25/2012 9:10:36 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\nloetz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.59% Memory free
3.84 Gb Paging File | 3.15 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 1.99 Gb Free Space | 2.68% Space Free | Partition Type: NTFS
Drive D: | 506.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPPY | User Name: nloetz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\nloetz\Desktop\iexplore.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\ibfcO1U63TWRSe.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\FEPXvquGMaIdUNF.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\nloetz\Application Data\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\ibfcO1U63TWRSe.exe ()
MOD - C:\Documents and Settings\All Users\Application Data\FEPXvquGMaIdUNF.exe ()
MOD - C:\WINDOWS\system32\mdhcp32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (GtDetectSc) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (hwusbdev) -- C:\WINDOWS\system32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (filtertdidriver) -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (GT72NDISIPXP) -- C:\WINDOWS\system32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\WINDOWS\system32\drivers\gt72ubus.sys (Option N.V.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 20:11:52 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/26 22:28:33 | 000,000,000 | -H-D | M]

[2009/07/21 10:20:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\nloetz\Application Data\Mozilla\Extensions
[2011/07/18 20:03:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\nloetz\Application Data\Mozilla\Firefox\Profiles\2tnkz0gr.default\extensions
[2010/08/17 01:16:12 | 000,000,000 | -H-D | M] (BitComet Video Downloader) -- C:\Documents and Settings\nloetz\Application Data\Mozilla\Firefox\Profiles\2tnkz0gr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/08/17 01:16:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\nloetz\Application Data\Mozilla\Firefox\Profiles\2tnkz0gr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/11/23 11:39:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NLOETZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2TNKZ0GR.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2009/09/29 19:31:40 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/17 20:11:52 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/02/21 11:22:32 | 000,712,704 | -H-- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/02/02 20:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/08 23:30:23 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/08 23:30:23 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/04/07 12:54:36 | 000,385,900 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13312 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [FEPXvquGMaIdUNF.exe] C:\Documents and Settings\All Users\Application Data\FEPXvquGMaIdUNF.exe ()
O4 - HKLM..\Run: [LAPPY] C:\WINDOWS\system32\LAPPY.vbs ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Documents and Settings\nloetz\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2B95F1D5-8CEE-482C-9471-3DFB74D99BDB} http://fizzweb.biosystemes.com/FizzW.ocx (FizzWebX Contrôle)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243559688609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248159537234 (MUWebControl Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDBAFBA2-1406-4E43-9CAF-66808D709B46}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - C:\WINDOWS\System32\mdhcp32.dll ()
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: UpdateCheck - {D093C990-16E5-45BC-9A14-C3F740133097} - C:\WINDOWS\system32\mstmdm.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/14 21:23:59 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/25 09:10:37 | 000,000,092 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{02a61434-eceb-11df-b053-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{02a61434-eceb-11df-b053-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{02a61434-eceb-11df-b053-002170c7a184}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPY.vbs
O33 - MountPoints2\{058d237e-753f-11de-ae80-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{058d237e-753f-11de-ae80-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{058d237e-753f-11de-ae80-002170c7a184}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{0efbf6c4-3b71-11e1-b18a-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{0efbf6c4-3b71-11e1-b18a-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0efbf6c4-3b71-11e1-b18a-002170c7a184}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPY.vbs
O33 - MountPoints2\{17ff4c60-ed09-11df-b054-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{17ff4c60-ed09-11df-b054-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17ff4c60-ed09-11df-b054-002170c7a184}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPY.vbs
O33 - MountPoints2\{45dab3a4-f5e6-11de-af6a-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{45dab3a4-f5e6-11de-af6a-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45dab3a4-f5e6-11de-af6a-002170c7a184}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPY.vbs
O33 - MountPoints2\{577143bc-4f8c-11de-ae1d-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{577143bc-4f8c-11de-ae1d-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{577143bc-4f8c-11de-ae1d-002170c7a184}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPY.vbs
O33 - MountPoints2\{59dcb928-8e1a-11de-aec2-002170c7a184}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{59dcb928-8e1a-11de-aec2-002170c7a184}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{9df58431-aae5-11df-b026-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{9df58431-aae5-11df-b026-00f1d000f1d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9df58431-aae5-11df-b026-00f1d000f1d0}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPY.vbs
O33 - MountPoints2\{a2c05b69-7125-11de-ae72-002170c7a184}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{a2c05b69-7125-11de-ae72-002170c7a184}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{a382e226-15a6-11e1-b171-002170c7a184}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{a382e226-15a6-11e1-b171-002170c7a184}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{b656661e-273d-11e0-b097-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{b656661e-273d-11e0-b097-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b656661e-273d-11e0-b097-002170c7a184}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d671cb60-bdac-11de-af02-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{d671cb60-bdac-11de-af02-00f1d000f1d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d671cb60-bdac-11de-af02-00f1d000f1d0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d671cb61-bdac-11de-af02-00f1d000f1d0}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{d671cb61-bdac-11de-af02-00f1d000f1d0}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{d6aa752c-24d1-11e0-b096-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{d6aa752c-24d1-11e0-b096-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6aa752c-24d1-11e0-b096-002170c7a184}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d6aa752f-24d1-11e0-b096-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{d6aa752f-24d1-11e0-b096-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6aa752f-24d1-11e0-b096-002170c7a184}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d6aa7531-24d1-11e0-b096-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{d6aa7531-24d1-11e0-b096-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6aa7531-24d1-11e0-b096-002170c7a184}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e196dae7-5934-11de-ae33-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{e196dae7-5934-11de-ae33-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e196dae7-5934-11de-ae33-002170c7a184}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPY.vbs
O33 - MountPoints2\{e24b80a6-a230-11e0-b0f0-002170c7a184}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{e24b80a6-a230-11e0-b0f0-002170c7a184}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{ec7aa978-3f82-11e0-b0ae-002170c7a184}\Shell - "" = AutoRun
O33 - MountPoints2\{ec7aa978-3f82-11e0-b0ae-002170c7a184}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ec7aa978-3f82-11e0-b0ae-002170c7a184}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/25 09:08:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nloetz\Recent
[2012/02/25 08:53:30 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nloetz\Desktop\iexplore.exe
[2012/02/23 19:29:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/02/23 19:29:06 | 000,015,224 | -H-- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/02/23 19:29:01 | 000,000,000 | -H-D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/02/23 19:13:15 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/02/23 19:13:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\drivers\NSS
[2012/02/23 19:13:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Norton Security Scan
[2012/02/23 19:13:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Scan
[2012/02/23 19:13:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\drivers\NSS\0306010.00B
[2012/02/23 19:13:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/02/23 19:13:10 | 000,000,000 | -H-D | C] -- C:\Program Files\NortonInstaller
[2012/02/23 19:13:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/02/23 18:33:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nloetz\Start Menu\Programs\System Check
[2012/02/05 19:10:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nloetz\My Documents\BeerSmith2
[2012/02/05 19:09:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BeerSmith 2
[2012/02/05 19:09:35 | 000,000,000 | -H-D | C] -- C:\Program Files\BeerSmith2
[2012/01/29 17:33:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nloetz\Desktop\report cards
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/25 09:12:37 | 000,004,208 | RHS- | M] () -- C:\WINDOWS\System32\LAPPY.vbs
[2012/02/25 09:10:37 | 000,004,208 | RHS- | M] () -- C:\LAPPY.vbs
[2012/02/25 09:10:37 | 000,000,092 | RHS- | M] () -- C:\autorun.inf
[2012/02/25 09:03:01 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/25 08:53:31 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nloetz\Desktop\iexplore.exe
[2012/02/25 08:46:58 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\nloetz\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/25 08:46:40 | 001,237,555 | -H-- | M] () -- C:\WINDOWS\System32\mswmpdat.tlb
[2012/02/25 08:46:24 | 000,000,598 | -H-- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/25 08:46:17 | 000,012,650 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/25 08:46:15 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/24 10:55:37 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for nloetz.job
[2012/02/24 07:50:01 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\Marie Laforete - Ivan, Boris Et Moi.job
[2012/02/23 22:00:35 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\crt.dat
[2012/02/23 22:00:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/23 20:35:10 | 000,006,400 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/23 20:30:25 | 000,000,172 | -H-- | M] () -- C:\WINDOWS\wininit.ini
[2012/02/23 19:29:23 | 000,000,594 | -H-- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/23 19:29:23 | 000,000,462 | -H-- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/23 18:41:33 | 000,000,448 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ibfcO1U63TWRSe
[2012/02/23 18:40:57 | 000,000,312 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~ibfcO1U63TWRSe
[2012/02/23 18:40:57 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~ibfcO1U63TWRSer
[2012/02/23 18:33:36 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\nloetz\Desktop\System Check.lnk
[2012/02/23 18:33:30 | 000,359,424 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ibfcO1U63TWRSe.exe
[2012/02/23 18:29:46 | 000,458,752 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\FEPXvquGMaIdUNF.exe
[2012/02/23 14:27:22 | 000,295,882 | -H-- | M] () -- C:\WINDOWS\System32\shimg.dll
[2012/02/20 15:02:49 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\System32\mdhcp32.dll
[2012/02/14 20:37:02 | 003,888,054 | -H-- | M] () -- C:\Documents and Settings\nloetz\Desktop\pipesnshit.jpg
[2012/02/12 13:29:35 | 000,016,719 | -H-- | M] () -- C:\Documents and Settings\nloetz\Desktop\plate heater.JPG
[2012/02/12 11:29:09 | 000,003,517 | -H-- | M] () -- C:\Documents and Settings\nloetz\Desktop\avatar.JPG
[2012/02/09 20:10:25 | 000,243,712 | -H-- | M] () -- C:\Documents and Settings\nloetz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/04 22:59:53 | 000,640,494 | -H-- | M] () -- C:\Documents and Settings\nloetz\Desktop\Währingerstout.bmp
[2012/01/28 18:36:39 | 000,030,314 | -H-- | M] () -- C:\Documents and Settings\nloetz\Desktop\HERMS.JPG
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/23 20:35:46 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\nloetz\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/23 19:48:41 | 000,000,172 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/23 19:29:23 | 000,000,462 | -H-- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/23 19:29:22 | 000,000,598 | -H-- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/23 19:29:22 | 000,000,594 | -H-- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/23 19:13:15 | 000,000,442 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for nloetz.job
[2012/02/23 19:13:13 | 000,000,172 | -H-- | C] () -- C:\WINDOWS\System32\drivers\NSS\0306010.00B\isolate.ini
[2012/02/23 18:33:37 | 000,000,312 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~ibfcO1U63TWRSe
[2012/02/23 18:33:37 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~ibfcO1U63TWRSer
[2012/02/23 18:33:36 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\nloetz\Desktop\System Check.lnk
[2012/02/23 18:33:35 | 000,000,448 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ibfcO1U63TWRSe
[2012/02/23 18:33:30 | 000,359,424 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ibfcO1U63TWRSe.exe
[2012/02/23 18:29:46 | 000,458,752 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\FEPXvquGMaIdUNF.exe
[2012/02/20 15:02:54 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\crt.dat
[2012/02/20 15:02:52 | 000,295,882 | -H-- | C] () -- C:\WINDOWS\System32\shimg.dll
[2012/02/20 15:02:49 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\System32\mdhcp32.dll
[2012/02/14 20:36:33 | 003,888,054 | -H-- | C] () -- C:\Documents and Settings\nloetz\Desktop\pipesnshit.jpg
[2012/02/12 13:29:35 | 000,016,719 | -H-- | C] () -- C:\Documents and Settings\nloetz\Desktop\plate heater.JPG
[2012/02/12 11:29:09 | 000,003,517 | -H-- | C] () -- C:\Documents and Settings\nloetz\Desktop\avatar.JPG
[2012/02/04 22:59:53 | 000,640,494 | -H-- | C] () -- C:\Documents and Settings\nloetz\Desktop\Währingerstout.bmp
[2012/01/28 18:36:39 | 000,030,314 | -H-- | C] () -- C:\Documents and Settings\nloetz\Desktop\HERMS.JPG

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/05/14 21:23:59 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2012/02/25 09:12:37 | 000,000,092 | RHS- | M] () -- C:\autorun.inf
[2009/05/29 00:52:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/20 21:30:22 | 000,057,856 | -H-- | M] () -- C:\CabExtractor.exe
[2009/05/14 21:23:59 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2009/05/14 18:12:44 | 000,000,160 | -H-- | M] () -- C:\DeleteContent.bat
[2011/02/12 20:26:19 | 000,004,208 | RHS- | M] () -- C:\EBIOVND2025.vbs
[2010/12/12 14:55:59 | 000,004,208 | RHS- | M] () -- C:\ES-R214-023.vbs
[2010/01/27 14:59:54 | 000,004,208 | RHS- | M] () -- C:\FRITZ.vbs
[2009/05/14 21:23:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/02/25 09:12:37 | 000,004,208 | RHS- | M] () -- C:\LAPPY.vbs
[2009/05/14 21:23:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/08/21 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/21 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/23 22:00:23 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/10/17 17:25:20 | 000,000,000 | -H-- | M] () -- C:\shutter1_EX.wav
[2009/10/17 17:27:36 | 000,000,000 | -H-- | M] () -- C:\Shuttercontinue.wav
[2011/01/25 21:43:05 | 000,001,969 | -H-- | M] () -- C:\SoftUpdateLog.txt
[2010/04/11 12:28:38 | 000,000,000 | -H-- | M] () -- C:\Tech_Vista.log
[2009/05/14 18:12:44 | 000,000,703 | -H-- | M] () -- C:\UnattendInstallation.bat

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/05/14 21:23:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/07/20 17:29:42 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\nloetz\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/05/14 14:16:17 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/05/14 14:16:17 | 001,089,536 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/05/14 14:16:17 | 000,925,696 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2009/05/14 21:33:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\rpkdriverinst.log

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/02/25 08:53:31 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nloetz\Desktop\iexplore.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< %USERPROFILE%\..|smtmp;true;true;true /FP >
[2012/02/23 18:41:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\nloetz\..\nloetz\Local Settings\Temp\smtmp
[2012/02/23 19:31:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\nloetz\..\nloetz\Local Settings\Temp\smtmp\1
[2012/02/25 08:46:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\nloetz\..\nloetz\Local Settings\Temp\smtmp\2
[2012/02/23 20:35:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\nloetz\..\nloetz\Local Settings\Temp\smtmp\4

< %temp%\smtmp\*.* /s >
[2012/02/23 19:29:10 | 000,001,842 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Spybot-S&D Start Center.lnk
[2012/02/23 19:13:14 | 000,000,991 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Norton Security Scan\Norton Security Scan.lnk
[2012/02/23 19:13:14 | 000,001,022 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Norton Security Scan\Uninstall Norton Security Scan.lnk
[2012/02/23 19:29:11 | 000,001,838 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy 2\Create System Report.lnk
[2012/02/23 19:29:11 | 000,001,846 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy 2\File Scan.lnk
[2012/02/23 19:29:11 | 000,001,815 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy 2\Immunization.lnk
[2012/02/23 19:29:11 | 000,001,821 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk
[2012/02/23 19:29:11 | 000,001,848 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk
[2012/02/23 19:29:11 | 000,001,807 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy 2\System Scan.lnk
[2012/02/23 19:29:11 | 000,001,715 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy 2\Tray Icon.lnk
[2012/02/23 19:29:10 | 000,000,975 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk
[2012/02/23 20:35:46 | 000,000,853 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\2\System Check.lnk
[2012/02/23 19:29:10 | 000,001,836 | -H-- | M] () -- C:\DOCUME~1\nloetz\LOCALS~1\Temp\smtmp\4\Spybot-S&D Start Center.lnk


< MD5 for: EXPLORER.EX_ >
[2008/08/21 13:00:00 | 000,356,615 | -H-- | M] () MD5=D7B59A7EC9CB1429FDCEC84A22228555 -- C:\WINDOWS\I386\EXPLORER.EX_

< MD5 for: EXPLORER.EXE >
[2008/08/21 13:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/08/21 13:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2012/02/07 17:19:30 | 003,149,736 | -H-- | M] (Safer-Networking Ltd.) MD5=511D1BEF41D4A018501139F409DE5ED6 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2012/02/25 08:46:24 | 000,056,070 | ---- | M] () MD5=90B359A779E47E7E07FAEF5C60D4122A -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.SC_ >
[2008/08/21 13:00:00 | 000,000,181 | -H-- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\WINDOWS\I386\EXPLORER.SC_

< MD5 for: EXPLORER.SCF >
[2008/08/21 13:00:00 | 000,000,080 | -H-- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: IEXPLORE.CH_ >
[2008/08/21 13:00:00 | 000,199,077 | -H-- | M] () MD5=1D662719AB9BB40BA7526B3973D3F626 -- C:\WINDOWS\I386\IEXPLORE.CH_

< MD5 for: IEXPLORE.CHM >
[2009/02/21 09:21:24 | 000,529,818 | -H-- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2008/08/21 13:00:00 | 000,204,810 | -H-- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.EX_ >
[2008/08/21 13:00:00 | 000,037,887 | -H-- | M] () MD5=2B46169148FFD81CAE84572CD32BDF86 -- C:\WINDOWS\I386\IEXPLORE.EX_

< MD5 for: IEXPLORE.EXE >
[2008/08/21 13:00:00 | 000,093,184 | -H-- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2012/02/25 08:53:31 | 000,583,680 | ---- | M] (OldTimer Tools) MD5=61D3392F69E31A6208444FB8540BE0EC -- C:\Documents and Settings\nloetz\Desktop\iexplore.exe
[2009/03/08 22:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 22:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 22:21:44 | 000,012,288 | -H-- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 22:21:44 | 000,012,288 | -H-- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-00314AAB.PF >
[2012/02/25 08:53:52 | 000,020,690 | ---- | M] () MD5=BC0B61E7F49EF97E8801AFE7A70CB719 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-00314AAB.pf

< MD5 for: IEXPLORE.EXE-27122324.PF >
[2012/02/23 18:44:10 | 000,082,880 | ---- | M] () MD5=DE1B8E220BC083B57C65B566B4168627 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf

< MD5 for: IEXPLORE.HL_ >
[2008/08/21 13:00:00 | 000,059,881 | -H-- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:\WINDOWS\I386\IEXPLORE.HL_

< MD5 for: IEXPLORE.HLP >
[2008/08/21 13:00:00 | 000,180,335 | -H-- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EX_ >
[2008/08/21 13:00:00 | 000,265,069 | -H-- | M] () MD5=063EF1A46C58A731F78AE5AF47070D65 -- C:\WINDOWS\I386\WINLOGON.EX_

< MD5 for: WINLOGON.EXE >
[2008/08/21 13:00:00 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/08/21 13:00:00 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8

< End of report >

registeredname
2012-02-25, 10:17
OTL Extras logfile created on: 2/25/2012 9:10:36 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\nloetz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.59% Memory free
3.84 Gb Paging File | 3.15 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 1.99 Gb Free Space | 2.68% Space Free | Partition Type: NTFS
Drive D: | 506.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPPY | User Name: nloetz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"11349:TCP" = 11349:TCP:*:Enabled:BitComet 11349 TCP
"11349:UDP" = 11349:UDP:*:Enabled:BitComet 11349 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"11985:TCP" = 11985:TCP:*:Enabled:BitComet 11985 TCP
"11985:UDP" = 11985:UDP:*:Enabled:BitComet 11985 UDP
"15559:TCP" = 15559:TCP:*:Enabled:BitComet 15559 TCP
"15559:UDP" = 15559:UDP:*:Enabled:BitComet 15559 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E7DB550-A594-45B0-8BDC-5E8478BAB34E}" = Constructor
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}" = TouchChip USB Driver 2.6
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD5CA822-A5F1-42AA-A5A9-58561B0F51F2}" = web'n'walk Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB381922-60AB-4F6D-A3BF-C04A534C7DE6}_is1" = The SWAN v3 (build: 90109)
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.7
"Any Video Converter_is1" = Any Video Converter 3.0.1
"BeerSmith 2" = BeerSmith 2
"BitComet" = BitComet 1.22
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DC++" = DC++ 0.750
"FeedDemon_is1" = FeedDemon
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.5 (Standard)
"LastFM_is1" = Last.fm 1.5.4.27091
"LineIn plugin for WinAMP" = LineIn plugin for WinAMP v1.80 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NSS" = Norton Security Scan
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"PROHYBRIDR" = 2007 Microsoft Office system
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2012 9:27:12 AM | Computer Name = LAPPY | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/23/2012 1:39:56 PM | Computer Name = LAPPY | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/23/2012 1:53:11 PM | Computer Name = LAPPY | Source = Application Error | ID = 1000
Description = Faulting application spybotsd162.tmp, version 51.49.0.0, faulting
module isxdl.dll, version 5.1.0.0, fault address 0x00005d65.

Error - 2/23/2012 1:53:17 PM | Computer Name = LAPPY | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 2/23/2012 2:05:49 PM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application spybotsd162.tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/25/2012 3:52:22 AM | Computer Name = LAPPY | Source = ESENT | ID = 488
Description = wlcomm (2236) An attempt to create the file "C:\Documents and Settings\nloetz\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{7c22977f-3f48-49b9-b7a5-bbe632975db1}\DBStore\contacts.pat"
failed with system error 5 (0x00000005): "Access is denied. ". The create file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/25/2012 3:52:22 AM | Computer Name = LAPPY | Source = ESENT | ID = 217
Description = wlcomm (2236) Error (-1032) during backup of a database (file C:\Documents
and Settings\nloetz\Local Settings\Application Data\Microsoft\Windows Live Contacts\{7c22977f-3f48-49b9-b7a5-bbe632975db1}\DBStore\contacts.edb).
The database will be unable to restore.

Error - 2/25/2012 3:52:22 AM | Computer Name = LAPPY | Source = ESENT | ID = 215
Description = wlcomm (2236) C:\Documents and Settings\nloetz\Local Settings\Application
Data\Microsoft\Windows Live Contacts\{7c22977f-3f48-49b9-b7a5-bbe632975db1}\: The
backup has been stopped because it was halted by the client or the connection with
the client failed.

Error - 2/25/2012 3:53:00 AM | Computer Name = LAPPY | Source = ESENT | ID = 488
Description = wlcomm (2236) An attempt to create the file "C:\Documents and Settings\nloetz\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{5e3491e2-f10a-4acd-8eb4-3593040d1071}\DBStore\contacts.pat"
failed with system error 5 (0x00000005): "Access is denied. ". The create file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/25/2012 3:53:00 AM | Computer Name = LAPPY | Source = ESENT | ID = 217
Description = wlcomm (2236) Error (-1032) during backup of a database (file C:\Documents
and Settings\nloetz\Local Settings\Application Data\Microsoft\Windows Live Contacts\{5e3491e2-f10a-4acd-8eb4-3593040d1071}\DBStore\contacts.edb).
The database will be unable to restore.

[ System Events ]
Error - 2/23/2012 3:41:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tcpipBM

Error - 2/23/2012 3:41:19 PM | Computer Name = LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/23/2012 3:41:22 PM | Computer Name = LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/23/2012 3:41:46 PM | Computer Name = LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/23/2012 3:42:01 PM | Computer Name = LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/23/2012 3:42:14 PM | Computer Name = LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/23/2012 3:42:17 PM | Computer Name = LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/23/2012 3:42:19 PM | Computer Name = LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/23/2012 3:42:37 PM | Computer Name = LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/23/2012 3:42:40 PM | Computer Name = LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >



Thanks for the help, guys!

registeredname
2012-02-25, 10:29
Oh, and I suppose it should be noted that I installed SB v.2 and tried to do a fix, but it didn't work.

tashi
2012-02-25, 16:01
Hello registeredname,

So that everyone is on the same track please see the FAQ which includes guidelines for this forum and instructions in post #2 on how to provide the preliminary "DDS" logs used for analysis.

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic with one post only providing the DDS logs as shown in that sticky and a link back to this thread. A volunteer analyst will advise you when available. :)

Best regards.