Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"Internal Conflict Alert" Virus


  • This topic is locked This topic is locked

#1
Rukichu

Rukichu

    Member

  • Member
  • PipPip
  • 55 posts
It seems I have contracted a really pesky virus.
I keep getting "error" messages that say "Internal Conflict Alert!" and fake system warning messages on the explorer bar that say "Spyware protection disabled. Your personal data is at high risk of being stolen and misused."
I tried Malwarebytes, and it found only one trojan file, but even when I deleted it the fake alert messages are still there. I tried SuperAntiSpyware as well, and it found tons of infected files, but even after I deleted them the fake alert messages are still popping up.
This virus is preventing me from opening task manager for more than a few seconds, and also preventing me from using the registry and downloading files from the internet.
I have another computer I can download programs from, if needed.
I'm running Windows XP Service Pack 2.
Please help me, I am at my wit's end.


OTL Log:

OTL logfile created on: 8/10/2011 1:55:19 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.THELOFT\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 479.07 Mb Available Physical Memory | 53.56% Memory free
2.11 Gb Paging File | 1.58 Gb Available in Paging File | 74.71% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.76 Gb Total Space | 126.94 Gb Free Space | 88.30% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 3.41 Gb Free Space | 64.65% Space Free | Partition Type: FAT32

Computer Name: THELOFT | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/10 13:58:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.THELOFT\Desktop\OTL.exe
PRC - [2011/06/30 10:29:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/10 13:58:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.THELOFT\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/09/13 19:28:53 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/04/28 13:20:06 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/04/28 13:20:06 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2009/01/12 12:43:35 | 000,008,448 | RHS- | M] (GoodVein) [Kernel | Auto | Running] -- C:\WINDOWS\system32\anftdird.sys -- (anftdird)
DRV - [2006/09/13 19:26:56 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/07/18 00:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 00:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 00:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/10 11:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/09/13 19:38:00 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/29 01:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 01:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/19 09:40:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:7070

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.k12.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50505

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://k12.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/09 11:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/04 22:46:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 10:29:16 | 000,000,000 | ---D | M]

[2010/10/13 12:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Extensions
[2011/08/10 13:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions
[2010/12/03 11:05:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 09:13:58 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/05/31 12:41:34 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/10/19 09:17:46 | 000,000,000 | ---D | M] (Kitsune) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\[email protected]
[2011/03/14 10:06:29 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\[email protected]
[2011/08/09 10:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 09:14:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/01/05 14:11:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/09 11:22:14 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (incrediads browser module) - {1326496D-A1D8-43B6-66DE-7156E9CF5B9F} - C:\WINDOWS\system32\dmjentpoaizkr.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110517095746.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [*KB4425062.exe] C:\Documents and Settings\Owner.THELOFT\Application Data\Adobe\plugs\KB4425062.exe (mY© Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: GenealogyBrowser.Cab http://209.90.101.200/cabs/zinst.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (msuvfg.dll) - File not found
O20 - AppInit_DLLs: (sgbqke.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.THELOFT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.THELOFT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnlJDtQ) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6dcafff0-ef2b-11df-804a-00173fb09e4b}\Shell\AutoRun\command - "" = K:\SETUP.EXE
O33 - MountPoints2\{95db761d-4395-11db-b7de-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{95db761d-4395-11db-b7de-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95db761d-4395-11db-b7de-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/10 13:50:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.THELOFT\Desktop\OTL.exe
[2011/08/10 13:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/10 13:35:56 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/08/10 13:22:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.THELOFT\Recent
[2011/08/10 12:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/10 12:18:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/08/09 14:45:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/06 12:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/02 12:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.THELOFT\Start Menu\Programs\WinRAR
[2011/08/02 12:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.THELOFT\Application Data\WinRAR
[2011/08/02 12:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/08/02 12:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/10 13:58:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.THELOFT\Desktop\OTL.exe
[2011/08/10 13:37:03 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/10 13:36:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/10 13:36:13 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/08/10 13:36:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/10 13:36:09 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/10 13:22:34 | 000,034,860 | ---- | M] () -- C:\cc_20110810_131815.reg
[2011/08/10 13:03:59 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\hdzcoeaa.job
[2011/08/10 10:31:38 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/08/10 10:04:50 | 000,039,558 | ---- | M] () -- C:\WINDOWS\System32\pofqemgyhjsox.exe
[2011/08/06 12:11:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/06 11:33:35 | 000,027,005 | ---- | M] () -- C:\Documents and Settings\Owner.THELOFT\.recently-used.xbel
[2011/08/02 12:28:06 | 001,448,993 | ---- | M] () -- C:\Documents and Settings\Owner.THELOFT\My Documents\wrar401.exes=oFeumGtad5SD_9XYxDBNYw&t=1312572387&ext=.exe
[2011/08/02 09:14:28 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\1645361410
[2011/07/18 09:11:47 | 000,021,025 | ---- | M] () -- C:\Documents and Settings\Owner.THELOFT\Application Data\9086.042
[2011/07/12 00:32:04 | 000,701,952 | ---- | M] () -- C:\WINDOWS\System32\dmjentpoaizkr.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/10 13:18:25 | 000,034,860 | ---- | C] () -- C:\cc_20110810_131815.reg
[2011/08/10 12:44:41 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/10 10:04:50 | 000,039,558 | ---- | C] () -- C:\WINDOWS\System32\pofqemgyhjsox.exe
[2011/08/06 12:11:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/06 11:33:35 | 000,027,005 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\.recently-used.xbel
[2011/08/02 12:28:00 | 001,448,993 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\My Documents\wrar401.exes=oFeumGtad5SD_9XYxDBNYw&t=1312572387&ext=.exe
[2011/07/30 13:04:39 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\1645361410
[2011/07/12 00:32:04 | 000,701,952 | ---- | C] () -- C:\WINDOWS\System32\dmjentpoaizkr.dll
[2011/07/05 14:53:10 | 000,021,025 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\Application Data\9086.042
[2010/10/13 13:35:21 | 000,103,800 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/10/13 13:35:20 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2008/12/20 11:14:12 | 000,002,820 | -HS- | C] () -- C:\WINDOWS\System32\QtDJlnpo.ini2
[2008/12/20 11:14:12 | 000,002,820 | -HS- | C] () -- C:\WINDOWS\System32\QtDJlnpo.ini
[2008/08/18 15:33:50 | 001,487,613 | ---- | C] () -- C:\Program Files\Install_Flash_Player_9_ActiveX.zip
[2008/08/17 10:02:47 | 000,137,607 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2008/08/17 10:02:47 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2008/02/29 12:05:18 | 000,003,243 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2007/06/06 18:26:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/18 14:44:52 | 000,000,150 | ---- | C] () -- C:\WINDOWS\Z.ini
[2006/12/08 17:46:22 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 16:46:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/11/01 09:01:56 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/01 09:01:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2006/11/01 08:36:20 | 000,017,134 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\Application Data\wklnhst.dat
[2006/11/01 08:21:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\Local Settings\Application Data\fusioncache.dat
[2006/10/31 21:56:57 | 000,103,800 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/10/31 21:56:57 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/10/31 21:44:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/13 19:28:54 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/09/13 19:26:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/13 19:24:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/13 19:24:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/09/13 19:19:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/13 18:48:56 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/09/13 18:48:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/13 18:48:52 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/13 18:48:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/13 18:48:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/13 18:48:45 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/13 18:48:45 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/09/13 18:48:45 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/13 18:48:38 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/09/13 18:48:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/13 18:48:36 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 02:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 02:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 02:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 02:24:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 02:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 02:23:22 | 000,441,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 02:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 02:23:22 | 000,071,264 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 02:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 02:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 02:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 02:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 02:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 02:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 02:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 02:23:08 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/06/16 19:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:30:47 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004/03/17 06:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 06:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[1999/07/06 17:00:00 | 000,000,006 | RHS- | C] () -- C:\WINDOWS\@@desktop.dat

========== LOP Check ==========

[2006/11/01 09:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/10/13 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/11/01 10:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/08/10 13:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/01 09:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2007/08/01 09:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/09/13 19:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/29 10:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/05/20 14:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\Elluminate
[2011/07/26 14:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\gtk-2.0
[2007/05/29 19:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\Lost Marble
[2007/12/24 18:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mattel
[2007/03/04 20:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\Opera
[2006/11/15 18:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\PlayFirst
[2006/09/13 19:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\SampleView
[2006/11/01 08:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\Template
[2007/08/01 09:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\Ulead Systems
[2007/04/02 16:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\Viewpoint
[2006/11/01 20:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.THELOFT\Application Data\WebRenderer
[2011/08/10 13:03:59 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\hdzcoeaa.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Rukichu! :unsure:

:) I'm Nedklaw and I'll be glad to help you with your malware issues. :yes:

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Rukichu only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Lets get started:

Could you also post Extras.txt which should be in the same location as OTL.txt.

I am currently reviewing your logs and will post back soon. :)


Things I want to see in your next reply

  • Extras.txt

  • 0

#3
Rukichu

Rukichu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hello Nedklaw, thank you so much for your help

Here's the Extras.txt:

OTL Extras logfile created on: 8/10/2011 1:55:19 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.THELOFT\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 479.07 Mb Available Physical Memory | 53.56% Memory free
2.11 Gb Paging File | 1.58 Gb Available in Paging File | 74.71% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.76 Gb Total Space | 126.94 Gb Free Space | 88.30% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 3.41 Gb Free Space | 64.65% Space Free | Partition Type: FAT32

Computer Name: THELOFT | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" = C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe:*:Enabled:CTSyncU -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Enabled:WgaTray -- (Microsoft Corporation)
"C:\Program Files\smss\smss.exe" = C:\Program Files\smss\smss.exe:*:Enabled:smss
"C:\Program Files\McAfee.com\Agent\McTskshd.exe" = C:\Program Files\McAfee.com\Agent\McTskshd.exe:*:Enabled:mctskshd
"C:\Program Files\Common Files\System\smss.exe" = C:\Program Files\Common Files\System\smss.exe:*:Enabled:smss
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1E460998-5C2C-4ACF-A9AA-3629BD9C06C2}" = Samsung PC Studio
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Digital Image Standard 2006 Editor
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Digital Image Standard 2006 Library
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{99041921-18B5-4d36-9729-BE5A671B1932}" = D4200
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FE94C17-25AD-4142-A012-E0BBE923C711}" = D4200_Help
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78149D7-480E-4012-8071-7B68B3E02527}" = ExamGuard
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8BC3608-61A8-4DB3-A6E8-3B67B36448DE}" = Greeting Card Factory Express
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Cox Online Support Controls_is1" = Cox Online Support Controls
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"getPlus®_ocx" = getPlus®_ocx
"gtw_logo" = gtw_logo
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Mall Tycoon" = Mall Tycoon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v12" = Microsoft Digital Image Standard 2006 Update
"pofqemgyhjsox" = Performance Maximizer Incrediads.
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2011 4:06:25 PM | Computer Name = THELOFT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/10/2011 4:06:25 PM | Computer Name = THELOFT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/10/2011 4:06:25 PM | Computer Name = THELOFT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/10/2011 4:06:25 PM | Computer Name = THELOFT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/10/2011 4:06:31 PM | Computer Name = THELOFT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/10/2011 4:06:33 PM | Computer Name = THELOFT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/10/2011 4:06:44 PM | Computer Name = THELOFT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/10/2011 4:06:44 PM | Computer Name = THELOFT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/10/2011 4:06:44 PM | Computer Name = THELOFT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/10/2011 4:32:18 PM | Computer Name = THELOFT | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.46.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/10/2011 3:48:01 PM | Computer Name = THELOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service MCODS with arguments
"" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

Error - 8/10/2011 3:48:02 PM | Computer Name = THELOFT | Source = Service Control Manager | ID = 7000
Description = The McAfee Scanner service failed to start due to the following error:
%%5

Error - 8/10/2011 4:01:35 PM | Computer Name = THELOFT | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without
first being prepared for removal.

Error - 8/10/2011 4:01:35 PM | Computer Name = THELOFT | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without
first being prepared for removal.

Error - 8/10/2011 4:01:35 PM | Computer Name = THELOFT | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/10/2011 4:29:32 PM | Computer Name = THELOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ntmssvc with
arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

Error - 8/10/2011 4:36:17 PM | Computer Name = THELOFT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 ACPIEC adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
Pcmcia
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 8/10/2011 4:38:46 PM | Computer Name = THELOFT | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 8/10/2011 4:38:48 PM | Computer Name = THELOFT | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 8/10/2011 4:39:16 PM | Computer Name = THELOFT | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#4
Rukichu

Rukichu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Just to let you know, after tonight I will be away from home for the next several days, and thus will not have access to my desktop until Monday. It'd be nice to get a few things fixed until I leave, but otherwise I will not be able to respond until Monday. Thanks :)
  • 0

#5
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Thanks for letting me know you will be away. I appreciate it.

Step 1

Please uninstall these programs via Control Panel > Add/Remove Programs (if present):

  • J2SE Runtime Environment 5.0 Update 2
  • J2SE Runtime Environment 5.0 Update 9
  • J2SE Runtime Environment 5.0 Update 11
  • Java™ SE Runtime Environment 6 Update 1
  • Performance Maximizer Incrediads.
  • Viewpoint Media Player
Viewpoint is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". I recommend you uninstall your Viewpoint product but it is your choice.
This may change, read Viewpoint to Plunge Into Adware.



Step 2

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    DRV - [2009/01/12 12:43:35 | 000,008,448 | RHS- | M] (GoodVein) [Kernel | Auto | Running] -- C:\WINDOWS\system32\anftdird.sys -- (anftdird)
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:7070
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50505
    O2 - BHO: (incrediads browser module) - {1326496D-A1D8-43B6-66DE-7156E9CF5B9F} - C:\WINDOWS\system32\dmjentpoaizkr.dll ()
    O4 - HKLM..\RunOnce: [*KB4425062.exe] C:\Documents and Settings\Owner.THELOFT\Application Data\Adobe\plugs\KB4425062.exe (mY© Systems)
    O20 - AppInit_DLLs: (msuvfg.dll) - File not found
    O20 - AppInit_DLLs: (sgbqke.dll) - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnlJDtQ) - File not found
    O33 - MountPoints2\{6dcafff0-ef2b-11df-804a-00173fb09e4b}\Shell\AutoRun\command - "" = K:\SETUP.EXE
    O33 - MountPoints2\{95db761d-4395-11db-b7de-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
    [2011/08/10 13:22:34 | 000,034,860 | ---- | M] () -- C:\cc_20110810_131815.reg
    [2011/08/10 13:03:59 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\hdzcoeaa.job
    [2011/08/10 10:04:50 | 000,039,558 | ---- | M] () -- C:\WINDOWS\System32\pofqemgyhjsox.exe
    [2011/08/02 12:28:06 | 001,448,993 | ---- | M] () -- C:\Documents and Settings\Owner.THELOFT\My Documents\wrar401.exes=oFeumGtad5SD_9XYxDBNYw&t=1312572387&ext=.exe
    [2011/08/02 09:14:28 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\1645361410
    [2011/07/18 09:11:47 | 000,021,025 | ---- | M] () -- C:\Documents and Settings\Owner.THELOFT\Application Data\9086.042
    [2008/12/20 11:14:12 | 000,002,820 | -HS- | C] () -- C:\WINDOWS\System32\QtDJlnpo.ini2
    [2008/12/20 11:14:12 | 000,002,820 | -HS- | C] () -- C:\WINDOWS\System32\QtDJlnpo.ini
    [2006/09/13 19:28:54 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
    [1999/07/06 17:00:00 | 000,000,006 | RHS- | C] () -- C:\WINDOWS\@@desktop.dat
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
    :Reg 
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\explorer.exe"=-
    "C:\Program Files\smss\smss.exe=- 
    "C:\Program Files\Common Files\System\smss.exe"=- 
    
    :Files
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the “Scan All Users” box.
  • Paste this into the Custom Scans/Fixes box:

    /md5start
    explorer.exe
    /md5stop
  • Click the Run Scan button. Post the log it produces in your next reply.

Step 3

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.
    • Double-click on the file USBVaccine.zip located on your desktop.
    • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
    • Follow the steps on screen to install the program on your computer.
  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.

Step 4

Download aswMBR.exe (1.8mb) to your USB drive and then transfer it to your infected computer's desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • aswMBR.txt

  • 0

#6
Rukichu

Rukichu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hello again :) Here are my logs:

OTL Fix Log:

All processes killed
========== OTL ==========
Service anftdird stopped successfully!
Service anftdird deleted successfully!
C:\WINDOWS\system32\anftdird.sys moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1326496D-A1D8-43B6-66DE-7156E9CF5B9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1326496D-A1D8-43B6-66DE-7156E9CF5B9F}\ deleted successfully.
File C:\WINDOWS\system32\dmjentpoaizkr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*KB4425062.exe deleted successfully.
Invalid CLSID key: *KB4425062.exe
File move failed. C:\Documents and Settings\Owner.THELOFT\Application Data\Adobe\plugs\KB4425062.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:msuvfg.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:sgbqke.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\opnlJDtQ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dcafff0-ef2b-11df-804a-00173fb09e4b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dcafff0-ef2b-11df-804a-00173fb09e4b}\ not found.
File K:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95db761d-4395-11db-b7de-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95db761d-4395-11db-b7de-806d6172696f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 not found.
C:\cc_20110810_131815.reg moved successfully.
File C:\WINDOWS\tasks\hdzcoeaa.job not found.
File C:\WINDOWS\System32\pofqemgyhjsox.exe not found.
C:\Documents and Settings\Owner.THELOFT\My Documents\wrar401.exes=oFeumGtad5SD_9XYxDBNYw&t=1312572387&ext=.exe moved successfully.
C:\WINDOWS\system32\1645361410 moved successfully.
C:\Documents and Settings\Owner.THELOFT\Application Data\9086.042 moved successfully.
C:\WINDOWS\system32\QtDJlnpo.ini2 moved successfully.
C:\WINDOWS\system32\QtDJlnpo.ini moved successfully.
C:\WINDOWS\system32\jesterss.dll moved successfully.
C:\WINDOWS\@@desktop.dat moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET4C6.tmp deleted successfully.
C:\WINDOWS\System32\vuranune.dll.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\System\smss.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 378921 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 77216 bytes
->Temporary Internet Files folder emptied: 2226256 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1147282 bytes
->Java cache emptied: 3313 bytes
->Flash cache emptied: 2458 bytes

User: Owner

User: Owner.THELOFT
->Temp folder emptied: 615997 bytes
->Temporary Internet Files folder emptied: 480886 bytes
->Java cache emptied: 2714 bytes
->FireFox cache emptied: 52308626 bytes
->Flash cache emptied: 1870 bytes

User: OWNER~1~THE

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5610 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 63776126 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 116189 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 116.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

User: Owner.THELOFT
->Flash cache emptied: 0 bytes

User: OWNER~1~THE

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08152011_091004

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner.THELOFT\Application Data\Adobe\plugs\KB4425062.exe not found!

Registry entries deleted on Reboot...



OTL.txt:

OTL logfile created on: 8/15/2011 9:16:29 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 349.25 Mb Available Physical Memory | 39.05% Memory free
2.12 Gb Paging File | 1.58 Gb Available in Paging File | 74.62% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.76 Gb Total Space | 127.00 Gb Free Space | 88.34% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 3.41 Gb Free Space | 64.65% Space Free | Partition Type: FAT32

Computer Name: THELOFT | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/10 13:58:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2011/06/30 10:29:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/10 13:58:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/09/13 19:28:53 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/04/28 13:20:06 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/04/28 13:20:06 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/09/13 19:26:56 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/07/18 00:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 00:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 00:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/10 11:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/09/13 19:38:00 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/29 01:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 01:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/19 09:40:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.k12.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://k12.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/09 11:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/04 22:46:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 10:29:16 | 000,000,000 | ---D | M]

[2010/10/13 12:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Extensions
[2011/08/10 13:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions
[2010/12/03 11:05:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 09:13:58 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/05/31 12:41:34 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/10/19 09:17:46 | 000,000,000 | ---D | M] (Kitsune) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\[email protected]
[2011/03/14 10:06:29 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Owner.THELOFT\Application Data\Mozilla\Firefox\Profiles\ol38j8su.default\extensions\[email protected]
[2011/08/15 09:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 09:14:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/01/05 14:11:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/09 11:22:14 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/15 09:10:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110517095746.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: GenealogyBrowser.Cab http://209.90.101.200/cabs/zinst.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.THELOFT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.THELOFT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/15 09:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/15 09:10:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/10 13:50:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/08/10 13:35:56 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/08/10 13:22:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.THELOFT\Recent
[2011/08/10 12:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/10 12:18:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/08/09 14:45:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/06 12:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/06 11:59:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2011/08/02 12:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.THELOFT\Start Menu\Programs\WinRAR
[2011/08/02 12:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.THELOFT\Application Data\WinRAR
[2011/08/02 12:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/08/02 12:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

========== Files - Modified Within 30 Days ==========

[2011/08/15 09:13:09 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/15 09:12:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/15 09:11:58 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/08/15 09:11:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/15 09:11:52 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/15 09:10:17 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/10 13:58:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/08/10 10:31:38 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/08/06 11:33:35 | 000,027,005 | ---- | M] () -- C:\Documents and Settings\Owner.THELOFT\.recently-used.xbel

========== Files Created - No Company Name ==========

[2011/08/10 12:44:41 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/06 11:33:35 | 000,027,005 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\.recently-used.xbel
[2010/10/13 13:35:21 | 000,103,800 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/10/13 13:35:20 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2008/08/18 15:33:50 | 001,487,613 | ---- | C] () -- C:\Program Files\Install_Flash_Player_9_ActiveX.zip
[2008/08/17 10:02:47 | 000,137,607 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2008/08/17 10:02:47 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2008/02/29 12:05:18 | 000,003,243 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2007/06/06 18:26:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/18 14:44:52 | 000,000,150 | ---- | C] () -- C:\WINDOWS\Z.ini
[2006/12/08 17:46:22 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 16:46:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/11/01 09:01:56 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/01 09:01:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2006/11/01 08:36:20 | 000,017,134 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\Application Data\wklnhst.dat
[2006/11/01 08:21:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.THELOFT\Local Settings\Application Data\fusioncache.dat
[2006/10/31 21:56:57 | 000,103,800 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/10/31 21:56:57 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/10/31 21:44:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/13 19:26:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/13 19:24:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/13 19:24:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/09/13 19:19:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/13 18:48:56 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/09/13 18:48:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/13 18:48:52 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/13 18:48:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/13 18:48:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/13 18:48:45 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/13 18:48:45 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/09/13 18:48:45 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/13 18:48:38 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/09/13 18:48:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/13 18:48:36 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 02:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 02:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 02:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 02:24:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 02:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 02:23:22 | 000,441,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 02:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 02:23:22 | 000,071,264 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 02:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 02:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 02:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 02:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 02:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 02:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 02:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 02:23:08 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/06/16 19:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:30:47 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004/03/17 06:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 06:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/10 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< End of report >


aswMBR.txt:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-15 09:30:40
-----------------------------
09:30:40.562 OS Version: Windows 5.1.2600 Service Pack 2
09:30:40.562 Number of processors: 1 586 0x2F02
09:30:40.562 ComputerName: THELOFT UserName: Owner
09:30:41.421 Initialize success
09:30:55.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:30:55.390 Disk 0 Vendor: ST3160212A 3.AAE Size: 152627MB BusType: 3
09:30:57.421 Disk 0 MBR read successfully
09:30:57.421 Disk 0 MBR scan
09:30:57.421 Disk 0 unknown MBR code
09:30:57.437 Disk 0 scanning sectors +312560640
09:30:57.515 Disk 0 scanning C:\WINDOWS\system32\drivers
09:31:05.687 Service scanning
09:31:07.000 Modules scanning
09:31:46.625 Disk 0 trace - called modules:
09:31:46.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:31:46.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854ee130]
09:31:46.671 3 CLASSPNP.SYS[f757105b] -> nt!IofCallDriver -> \Device\000000b1[0x854efe98]
09:31:46.687 5 ACPI.sys[f7367620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x854d5940]
09:31:47.062 Scan finished successfully
09:32:01.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.THELOFT\Desktop\MBR.dat"
09:32:01.453 The log file has been saved successfully to "C:\Documents and Settings\Owner.THELOFT\Desktop\aswMBR.txt"


My computer is already running pretty smoothly now :unsure:
  • 0

#7
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi.
I'm glad to hear it! :)

Are you still receiving the fake system warning messages?
Can you now use task manager and the registry?
Can you now download files from the internet?
Are you experiencing any other problems?


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Reg 
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\smss\smss.exe"=-
     
    :Files
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.

Step 2

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answer to my questions
  • OTL Fix Log
  • MBAM Log
  • Log.txt

  • 0

#8
Rukichu

Rukichu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I am no longer seeing any fake alert messages, and Task Manager and Regedit are working just fine. I'm not having any problems at all and everything is working fine!


OTL Fix:

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\smss\smss.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: Owner.THELOFT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38219242 bytes
->Flash cache emptied: 1332 bytes

User: OWNER~1~THE

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3226 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

User: Owner.THELOFT
->Flash cache emptied: 0 bytes

User: OWNER~1~THE

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08172011_103443

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



MBAM Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

8/17/2011 10:54:37 AM
mbam-log-2011-08-17 (10-54-36).txt

Scan type: Quick scan
Objects scanned: 168670
Time elapsed: 13 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I will do the ESET Online Scanner tomorrow when I have more time to let it run :) Thanks for your help!
  • 0

#9
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts

I am no longer seeing any fake alert messages, and Task Manager and Regedit are working just fine. I'm not having any problems at all and everything is working fine!

Excellent!

I will do the ESET Online Scanner tomorrow when I have more time to let it run :) Thanks for your help!

OK and your welcome. :unsure:
  • 0

#10
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Are you still there?

Do you have the ESET Online Scanner log?
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP