win32 nuqel.e - No Internet and can't change proxy

View previous topic View next topic Go down

win32 nuqel.e - No Internet and can't change proxy

Post by whaas on 23rd May 2010, 5:41 pm

Hello, an suggestions on how to get started to remove win32 nuqel.e? I can't access any programs, included internet explorer.

Most topics suggest starting the fix by removing the proxy (unchecking the proxy server) in the LAN settings. I did this and I also tried to delete the proxy address but it dosen't allow me to do so.

I get a pop-up, the application cannot be executed. The file mchost.exe is infected.

whaas
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-05-23
OS OS : Windows XP
Points Points : 24018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 nuqel.e - No Internet and can't change proxy

Post by Belahzur on 23rd May 2010, 10:59 pm

Hello.
Do you have another machine we can use to download tools from and external hardware to transfer them across?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32 nuqel.e - No Internet and can't change proxy

Post by whaas on 26th May 2010, 12:45 pm

Hello, I do have another PC that I can transfer files. I have a 1G jump drive, hopefully that is enough space.

Thanks! I've been out of town and I'm ready to tackle this!

whaas
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-05-23
OS OS : Windows XP
Points Points : 24018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 nuqel.e - No Internet and can't change proxy

Post by Belahzur on 26th May 2010, 10:03 pm

Yep, that will do fine.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

OTL logfile

Post by whaas on 30th May 2010, 3:43 pm

OTL logfile created on: 5/30/2010 9:58:24 AM - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 161.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.67 Gb Total Space | 36.63 Gb Free Space | 51.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 983.22 Mb Total Space | 982.30 Mb Free Space | 99.91% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-W92P4BHLZG
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/30 09:43:54 | 000,571,392 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mcafee.com\Agent\mcagent.exe
PRC - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/29 07:54:44 | 000,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2009/10/28 12:50:32 | 000,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/02/11 11:06:36 | 000,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/07/09 09:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/04/20 01:35:00 | 000,237,568 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe
PRC - [2005/11/10 14:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2002/08/04 17:08:30 | 000,146,432 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/30 09:43:54 | 000,571,392 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2009/02/11 11:06:38 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/07/25 15:30:14 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - [2009/12/20 14:50:39 | 000,423,576 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\CONFLICT.1\DMService.exe -- (DMService)
SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/02/11 11:06:36 | 000,210,216 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\klif.sys -- (KLIF)
DRV - [2004/08/04 01:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/03/11 21:03:58 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/06/20 01:11:06 | 000,038,316 | ---- | M] (Samsung Electronics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\SECYEPPX.sys -- (SECYPUSB)
DRV - [2001/10/12 14:44:12 | 000,114,816 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB)
DRV - [2001/09/27 19:49:00 | 000,702,777 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/09/16 13:45:04 | 000,013,716 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/18 18:56:56 | 000,038,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 09:13:36 | 000,158,140 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 09:13:30 | 000,012,479 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 09:13:30 | 000,012,031 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 09:13:30 | 000,011,679 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 09:13:28 | 000,019,359 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 09:13:28 | 000,011,999 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 09:13:26 | 000,033,503 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 09:13:24 | 000,029,215 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 09:13:24 | 000,023,519 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 09:13:24 | 000,019,199 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 10:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/03/20 08:44:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2005/03/12 19:57:52 | 000,003,109 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.1 and.doxdesk.com
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.10 eblocs.com
O1 - Hosts: 127.0.0.11 enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.12 forum.aumha.org
O1 - Hosts: 127.0.0.13 free-spyware-scan.com
O1 - Hosts: 127.0.0.14 free-web-browsers.com
O1 - Hosts: 127.0.0.15 grc.com
O1 - Hosts: 127.0.0.16 grisoft.com
O1 - Hosts: 127.0.0.17 hackfaq.org
O1 - Hosts: 127.0.0.18 hazeleger.net
O1 - Hosts: 127.0.0.19 javacoolsoftware.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 83 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1C78AB3F-A857-482E-80C0-3A1E5238A565} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1C78AB3F-A857-482E-80C0-3A1E5238A565} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lkjkvohf] C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo\rkldsjktssd.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\SYSTEM32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WildTangent CDA] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [lkjkvohf] C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo\rkldsjktssd.exe ()
O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [Walgreens PhotoShow Media Manager] C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (McAfee.com Operating System Class)
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} [You must be registered and logged in to see this link.] (Whale Client Components)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 16:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/21 20:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/30 09:49:18 | 000,352,919 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/30 09:46:12 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\HPSYSDRV.DAT
[2010/05/30 09:46:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 09:46:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/30 09:45:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/30 09:45:57 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 12:48:49 | 018,331,680 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/23 12:48:49 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/05/23 12:48:49 | 000,216,824 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/23 12:48:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/06/25 09:21:21 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/05/21 13:38:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/03/12 20:03:50 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/02/05 20:53:38 | 000,000,052 | ---- | C] () -- C:\WINDOWS\deskbar.ini
[2004/08/04 02:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/08/19 08:28:35 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/07/24 19:08:28 | 001,081,344 | ---- | C] () -- C:\WINDOWS\System32\IMAGEDLL.dll
[2003/07/24 19:08:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\smax10.dll
[2003/07/24 19:08:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\secumax.dll
[2002/04/17 08:49:34 | 000,222,374 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/17 08:46:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/02/28 17:29:40 | 000,089,600 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/11/09 13:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/11/08 22:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/06 21:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2001/11/06 21:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2001/11/06 21:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/06 21:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/06 21:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/06 21:21:26 | 000,000,507 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/06 21:21:26 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/06 21:21:26 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/06 20:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/06 20:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/06 20:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 16:40:54 | 000,000,778 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 08:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/18 18:56:56 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/08 09:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 20:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/22 20:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 12:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
< End of report >
[2010/05/30 10:07:42 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2010/05/30 09:49:18 | 000,352,919 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/30 09:46:12 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\HPSYSDRV.DAT
[2010/05/30 09:46:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 09:46:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/30 09:45:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 12:48:49 | 018,331,680 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/23 12:48:49 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/05/23 12:48:49 | 000,216,824 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/23 12:48:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/05/21 20:31:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Cookies
[2010/05/21 20:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/30 09:49:18 | 000,352,919 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/30 09:46:12 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\HPSYSDRV.DAT
[2010/05/30 09:46:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 09:46:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/30 09:45:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/30 09:45:57 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 12:48:49 | 018,331,680 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/23 12:48:49 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/05/23 12:48:49 | 000,216,824 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/23 12:48:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

< End of report >
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 16:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/21 20:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/30 09:49:18 | 000,352,919 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/30 09:46:12 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\HPSYSDRV.DAT
[2010/05/30 09:46:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 09:46:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/30 09:45:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/30 09:45:57 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 12:48:49 | 018,331,680 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/23 12:48:49 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/05/23 12:48:49 | 000,216,824 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/23 12:48:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/06/25 09:21:21 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/05/21 13:38:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/03/12 20:03:50 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/02/05 20:53:38 | 000,000,052 | ---- | C] () -- C:\WINDOWS\deskbar.ini
[2004/08/04 02:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/08/19 08:28:35 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/07/24 19:08:28 | 001,081,344 | ---- | C] () -- C:\WINDOWS\System32\IMAGEDLL.dll
[2003/07/24 19:08:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\smax10.dll
[2003/07/24 19:08:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\secumax.dll
[2002/04/17 08:49:34 | 000,222,374 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/17 08:46:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/02/28 17:29:40 | 000,089,600 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/11/09 13:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/11/08 22:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/06 21:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2001/11/06 21:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2001/11/06 21:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/06 21:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/06 21:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/06 21:21:26 | 000,000,507 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/06 21:21:26 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/06 21:21:26 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/06 20:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/06 20:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/06 20:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 16:40:54 | 000,000,778 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 08:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/18 18:56:56 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/08 09:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 20:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/22 20:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 12:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

< End of report >

whaas
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-05-23
OS OS : Windows XP
Points Points : 24018
# Likes # Likes : 0

View user profile

Back to top Go down

OTL Extras logfile

Post by whaas on 30th May 2010, 3:45 pm

OTL Extras logfile created on: 5/30/2010 9:58:24 AM - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 161.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.67 Gb Total Space | 36.63 Gb Free Space | 51.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 983.22 Mb Total Space | 982.30 Mb Free Space | 99.91% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-W92P4BHLZG
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E6ADBB1-4D4E-4A02-A269-75243222C467}" = GemMaster 2
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2B5DDB2C-0807-47FD-9C11-80EA761902C0}" = Easy Internet Sign-up
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{419C98C4-D884-4174-B710-CBF3863767DA}" = Space Rocks
"{58628459-F393-4EBA-AA8B-990E92DA8AC4}" = AdWare & SpyWare
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E657D86-77B8-4D97-9E31-7D374469D3CB}" = Atomic Pop
"{6F0DE0D5-2556-4A64-9892-07BAE121B7EC}" = SabreWing 2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{8704D51E-25B7-4F23-81E7-AA4F54790230}" = Microsoft MapPoint North America 2004
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B279B0DA-6F60-4FBD-9847-0C9AB79A3674}" = PigPen
"{BF225650-36EB-45E8-9666-572A88F31D59}" = Dark Orbit
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"{D6CAB2F4-26A4-48F4-A35D-CA83063E3928}" = Speedway
"{D6F6456A-DB80-4769-985C-E4F9342202D0}" = Blasterball Wild
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}" = Detto IntelliMover
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AOL Instant Messenger" = AOL Instant Messenger
"DivX Player" = DivX Player
"hp deskjet 845c series" = hp deskjet 845c series (Remove only)
"HP Instant Support" = HP Instant Support
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"InstallShield_{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"LimeWire" = LimeWire 4.18.8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Photo Center" = My Photo Center
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PCDoctor" = PC-Doctor for Windows
"PokerStars" = PokerStars
"PS2" = PS2
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"RealPlayer 6.0" = RealOne Player
"S3 Gamma" = S3 Gamma
"S3switch2" = S3 Savage4 Family Display Switch2 Utility
"Shockwave" = Shockwave
"SoulSeek Client 151" = SoulSeek Client 151
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Walgreens PhotoShow Express 4" = Walgreens PhotoShow Express 4
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.7.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2010 3:45:35 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2010 3:45:35 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 6:00:18 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2010 8:05:46 PM | Computer Name = YOUR-W92P4BHLZG | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 4/1/2010 9:40:49 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.3354, fault address 0x0006958d.

Error - 5/1/2010 12:01:25 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application rndal.exe, version 0.1.0.880, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 6:59:43 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 6:59:45 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 6:59:45 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2010 10:51:17 AM | Computer Name = YOUR-W92P4BHLZG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2336 (0x920) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\Harddisk1\DP(1)0-0+4\OTL.exe by C:\WINDOWS\Explorer.EXE

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


[ System Events ]
Error - 5/23/2010 1:21:37 PM | Computer Name = YOUR-W92P4BHLZG | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 5/23/2010 1:22:13 PM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/23/2010 1:22:13 PM | Computer Name = YOUR-W92P4BHLZG | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 5/23/2010 1:22:40 PM | Computer Name = YOUR-W92P4BHLZG | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 5/23/2010 1:23:20 PM | Computer Name = YOUR-W92P4BHLZG | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 5/30/2010 10:47:24 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/30/2010 10:48:08 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/30/2010 10:48:35 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/30/2010 10:55:36 AM | Computer Name = YOUR-W92P4BHLZG | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/30/2010 10:56:06 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register
with DCOM within the required timeout.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E6ADBB1-4D4E-4A02-A269-75243222C467}" = GemMaster 2
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2B5DDB2C-0807-47FD-9C11-80EA761902C0}" = Easy Internet Sign-up
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{419C98C4-D884-4174-B710-CBF3863767DA}" = Space Rocks
"{58628459-F393-4EBA-AA8B-990E92DA8AC4}" = AdWare & SpyWare
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E657D86-77B8-4D97-9E31-7D374469D3CB}" = Atomic Pop
"{6F0DE0D5-2556-4A64-9892-07BAE121B7EC}" = SabreWing 2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{8704D51E-25B7-4F23-81E7-AA4F54790230}" = Microsoft MapPoint North America 2004
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B279B0DA-6F60-4FBD-9847-0C9AB79A3674}" = PigPen
"{BF225650-36EB-45E8-9666-572A88F31D59}" = Dark Orbit
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"{D6CAB2F4-26A4-48F4-A35D-CA83063E3928}" = Speedway
"{D6F6456A-DB80-4769-985C-E4F9342202D0}" = Blasterball Wild
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}" = Detto IntelliMover
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AOL Instant Messenger" = AOL Instant Messenger
"DivX Player" = DivX Player
"hp deskjet 845c series" = hp deskjet 845c series (Remove only)
"HP Instant Support" = HP Instant Support
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"InstallShield_{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"LimeWire" = LimeWire 4.18.8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Photo Center" = My Photo Center
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PCDoctor" = PC-Doctor for Windows
"PokerStars" = PokerStars
"PS2" = PS2
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"RealPlayer 6.0" = RealOne Player
"S3 Gamma" = S3 Gamma
"S3switch2" = S3 Savage4 Family Display Switch2 Utility
"Shockwave" = Shockwave
"SoulSeek Client 151" = SoulSeek Client 151
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Walgreens PhotoShow Express 4" = Walgreens PhotoShow Express 4
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.7.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2010 3:45:35 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 6:00:18 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2010 8:05:46 PM | Computer Name = YOUR-W92P4BHLZG | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 4/1/2010 9:40:49 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.3354, fault address 0x0006958d.

Error - 5/1/2010 12:01:25 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application rndal.exe, version 0.1.0.880, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 6:59:43 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 6:59:45 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 6:59:45 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2010 10:51:17 AM | Computer Name = YOUR-W92P4BHLZG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2336 (0x920) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\Harddisk1\DP(1)0-0+4\OTL.exe by C:\WINDOWS\Explorer.EXE

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 5/30/2010 11:13:55 AM | Computer Name = YOUR-W92P4BHLZG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3588 (0xe04) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\Harddisk1\DP(1)0-0+4\OTL.exe by C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


[ System Events ]
Error - 5/23/2010 1:21:37 PM | Computer Name = YOUR-W92P4BHLZG | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 5/23/2010 1:22:13 PM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/23/2010 1:22:13 PM | Computer Name = YOUR-W92P4BHLZG | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 5/23/2010 1:22:40 PM | Computer Name = YOUR-W92P4BHLZG | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 5/23/2010 1:23:20 PM | Computer Name = YOUR-W92P4BHLZG | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 5/30/2010 10:47:24 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/30/2010 10:48:08 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/30/2010 10:48:35 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/30/2010 10:55:36 AM | Computer Name = YOUR-W92P4BHLZG | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/30/2010 10:56:06 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register
with DCOM within the required timeout.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E6ADBB1-4D4E-4A02-A269-75243222C467}" = GemMaster 2
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2B5DDB2C-0807-47FD-9C11-80EA761902C0}" = Easy Internet Sign-up
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{419C98C4-D884-4174-B710-CBF3863767DA}" = Space Rocks
"{58628459-F393-4EBA-AA8B-990E92DA8AC4}" = AdWare & SpyWare
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E657D86-77B8-4D97-9E31-7D374469D3CB}" = Atomic Pop
"{6F0DE0D5-2556-4A64-9892-07BAE121B7EC}" = SabreWing 2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{8704D51E-25B7-4F23-81E7-AA4F54790230}" = Microsoft MapPoint North America 2004
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B279B0DA-6F60-4FBD-9847-0C9AB79A3674}" = PigPen
"{BF225650-36EB-45E8-9666-572A88F31D59}" = Dark Orbit
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"{D6CAB2F4-26A4-48F4-A35D-CA83063E3928}" = Speedway
"{D6F6456A-DB80-4769-985C-E4F9342202D0}" = Blasterball Wild
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}" = Detto IntelliMover
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AOL Instant Messenger" = AOL Instant Messenger
"DivX Player" = DivX Player
"hp deskjet 845c series" = hp deskjet 845c series (Remove only)
"HP Instant Support" = HP Instant Support
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"InstallShield_{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"LimeWire" = LimeWire 4.18.8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Photo Center" = My Photo Center
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PCDoctor" = PC-Doctor for Windows
"PokerStars" = PokerStars
"PS2" = PS2
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"RealPlayer 6.0" = RealOne Player
"S3 Gamma" = S3 Gamma
"S3switch2" = S3 Savage4 Family Display Switch2 Utility
"Shockwave" = Shockwave
"SoulSeek Client 151" = SoulSeek Client 151
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Walgreens PhotoShow Express 4" = Walgreens PhotoShow Express 4
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.7.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2010 3:45:35 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 6:00:18 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2010 8:05:46 PM | Computer Name = YOUR-W92P4BHLZG | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 4/1/2010 9:40:49 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.3354, fault address 0x0006958d.

Error - 5/1/2010 12:01:25 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application rndal.exe, version 0.1.0.880, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 6:59:43 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 6:59:45 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2010 6:59:45 PM | Computer Name = YOUR-W92P4BHLZG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2010 10:51:17 AM | Computer Name = YOUR-W92P4BHLZG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2336 (0x920) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\Harddisk1\DP(1)0-0+4\OTL.exe by C:\WINDOWS\Explorer.EXE

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 5/30/2010 11:13:55 AM | Computer Name = YOUR-W92P4BHLZG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3588 (0xe04) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\Harddisk1\DP(1)0-0+4\OTL.exe by C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


[ System Events ]
Error - 5/23/2010 1:21:37 PM | Computer Name = YOUR-W92P4BHLZG | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 5/23/2010 1:22:13 PM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/23/2010 1:22:13 PM | Computer Name = YOUR-W92P4BHLZG | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 5/23/2010 1:22:40 PM | Computer Name = YOUR-W92P4BHLZG | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 5/23/2010 1:23:20 PM | Computer Name = YOUR-W92P4BHLZG | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 5/30/2010 10:47:24 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/30/2010 10:48:08 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/30/2010 10:48:35 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/30/2010 10:55:36 AM | Computer Name = YOUR-W92P4BHLZG | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/30/2010 10:56:06 AM | Computer Name = YOUR-W92P4BHLZG | Source = DCOM | ID = 10010
Description = The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register
with DCOM within the required timeout.


< End of report >

whaas
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-05-23
OS OS : Windows XP
Points Points : 24018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 nuqel.e - No Internet and can't change proxy

Post by Belahzur on 30th May 2010, 10:16 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1C78AB3F-A857-482E-80C0-3A1E5238A565} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1C78AB3F-A857-482E-80C0-3A1E5238A565} - No CLSID value found.
    O4 - HKLM..\Run: [lkjkvohf] C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo\rkldsjktssd.exe ()
    O4 - HKCU..\Run: [lkjkvohf] C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo\rkldsjktssd.exe ()
    [2010/05/21 20:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

OTL Fix Log

Post by whaas on 31st May 2010, 1:11 am

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1C78AB3F-A857-482e-80C0-3A1E5238A565} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C78AB3F-A857-482e-80C0-3A1E5238A565}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1C78AB3F-A857-482E-80C0-3A1E5238A565} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C78AB3F-A857-482E-80C0-3A1E5238A565}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1C78AB3F-A857-482E-80C0-3A1E5238A565} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C78AB3F-A857-482E-80C0-3A1E5238A565}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lkjkvohf deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo\rkldsjktssd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lkjkvohf deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo\rkldsjktssd.exe not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\lvpdebjvo folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 14552447 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 14552447 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 4746277 bytes
->Flash cache emptied: 919 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 1701941367 bytes
->Temporary Internet Files folder emptied: 12720348 bytes
->Java cache emptied: 10944435 bytes
->Flash cache emptied: 1760806 bytes

%systemdrive% .tmp files removed: 2989695 bytes
%systemroot% .tmp files removed: 38802 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86738637 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14552447 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 436567 bytes
RecycleBin emptied: 1249458622 bytes

Total Files Cleaned = 2,974.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.1 log created on 05302010_195312

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFBC4B.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFEF7F.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8BLZ6AV5\202-5486079-2808642[1]. not found!
File\Folder C:\WINDOWS\temp\mcmsc_Y8Y4WXguAzgguew not found!
File\Folder C:\WINDOWS\temp\ZLT07e80.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT07e87.TMP not found!

Registry entries deleted on Reboot...

whaas
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-05-23
OS OS : Windows XP
Points Points : 24018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 nuqel.e - No Internet and can't change proxy

Post by Belahzur on 31st May 2010, 11:27 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Malwarebytes Quick Scan Log

Post by whaas on 1st June 2010, 1:03 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4159

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/31/2010 7:52:05 PM
mbam-log-2010-05-31 (19-52-05).txt

Scan type: Quick scan
Objects scanned: 128043
Time elapsed: 16 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

whaas
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-05-23
OS OS : Windows XP
Points Points : 24018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 nuqel.e - No Internet and can't change proxy

Post by Belahzur on 1st June 2010, 8:35 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0.8
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    LimeWire 4.18.8
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum