WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

fake critical error warning windows xp :-9

Started by wilma1313 , Jun 11 2011 07:26 PM

Page 7 of 10
5
6
7
8
9

This topic is locked

148 replies to this topic

#91 wilma1313

Silver Member

Authentic Member
386 posts

Posted 05 July 2011 - 07:56 PM

hi,
I'm amazed everything seems to have come back includding some of the garmin stuff. I lost my whole ipod library and favorites in an infection last year and pretty much had to rebuild from scratch, although I could search my computer and find stuff - he could not. Thanks alot, save him some headaches.

here are the logs.

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Shortcuts HJfix -- Date : 07/05/2011 20:13:03

Bad processes: 1
[SUSP PATH] stsystra.exe -- c:\windows\stsystra.exe -> KILLED

File attributes restored:
Desktop: Success 160 / Fail 0
Quick launch: Success 8 / Fail 0
Programs: Success 8 / Fail 0
Start menu: Success 168 / Fail 0
User folder: Success 7309 / Fail 0
My documents: Success 2124 / Fail 0
My favorites: Success 143 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 24898 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

OTL logfile created on: 7/5/2011 8:38:09 PM - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Owner.Miguel\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 72.36% Memory free
3.72 Gb Paging File | 3.12 Gb Available in Paging File | 83.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 97.66 Gb Free Space | 68.68% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.83 Gb Free Space | 70.71% Space Free | Partition Type: FAT32

Computer Name: MIGUEL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/05 20:30:43 | 042,780,192 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner.Miguel\Local Settings\temp\Garmin Software Updates\Garmin Training Center®.exe
PRC - [2011/07/05 09:13:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\OTL.exe
PRC - [2011/06/08 09:38:01 | 001,025,896 | ---- | M] (Garmin, Ltd.) -- C:\Documents and Settings\Owner.Miguel\Local Settings\temp\7zS37.tmp\Setup.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/04/14 08:22:08 | 012,036,968 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/05 11:50:44 | 001,159,888 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2010/10/20 01:40:24 | 003,653,432 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBK370stat.exe
PRC - [2010/10/20 01:40:22 | 000,216,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBK370backup.exe
PRC - [2010/03/10 16:10:40 | 000,439,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
PRC - [2010/03/10 15:41:24 | 000,180,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/12/05 16:51:06 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/04 01:56:55 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/05/23 21:22:36 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/01/02 19:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

========== Modules (SafeList) ==========

MOD - [2011/07/05 09:13:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/05 16:51:10 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2004/11/05 09:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/20 01:40:22 | 000,216,888 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBK370backup.exe -- (MOBK370backup)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/12/05 16:51:06 | 000,206,096 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/10/04 01:56:55 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/20 01:40:02 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK370.sys -- (MOBK370Filter)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2006/10/04 01:47:40 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/15 17:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 21:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/05/23 10:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/04 23:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/02 16:24:24 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/21 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/10 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ibahn:80

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 22:12:15 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 22:12:15 | 000,000,000 | ---D | M]

[2009/12/26 15:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.Miguel\Application Data\Mozilla\Extensions
[2009/12/26 15:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.Miguel\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/07/03 12:43:45 | 000,434,745 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14987 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517161831.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk = C:\Program Files\McAfee Online Backup\MOBK370stat.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 20:34:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/05 19:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/05 14:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Miguel\Desktop\RK_Quarantine
[2011/07/05 09:12:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\OTL.exe
[2011/07/03 13:54:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2011/07/03 12:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/03 12:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/03 10:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Miguel\Application Data\SUPERAntiSpyware.com
[2011/07/03 10:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/03 10:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/03 08:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/03 08:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/07/03 08:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/07/02 18:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Miguel\My Documents\Limew
[2011/06/29 20:44:19 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/29 20:44:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/29 20:44:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/29 20:44:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/26 14:49:28 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/18 18:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Miguel\Application Data\Malwarebytes
[2011/06/18 18:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/18 18:38:03 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/18 18:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/18 18:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/16 20:30:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/16 20:11:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/16 19:32:45 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2011/06/16 19:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/16 17:28:37 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/11 17:29:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.Miguel\Recent
[2011/06/11 08:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/11 08:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[1 C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/05 20:42:21 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/05 19:44:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 19:41:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/05 19:41:55 | 2011,279,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 14:16:41 | 000,516,608 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\RogueKiller.exe
[2011/07/05 13:57:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/05 09:13:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\OTL.exe
[2011/07/03 12:43:45 | 000,434,745 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/03 08:02:40 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\SpywareBlaster.lnk
[2011/07/02 19:07:09 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\My Documents\06 - Nietzsche - Knowledge and Belief.lnk
[2011/07/02 19:03:14 | 000,040,764 | ---- | M] () -- C:\WINDOWS\MOBK370.blk
[2011/07/02 19:03:13 | 000,003,352 | ---- | M] () -- C:\WINDOWS\MOBK370.flt
[2011/07/02 18:07:46 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\BookMooch Member Home.url
[2011/07/01 20:54:06 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\Shortcut to iTunes.lnk
[2011/06/30 17:03:01 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\PaperBack Swap.com.url
[2011/06/29 20:42:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/29 20:42:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/29 20:42:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/29 20:42:34 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/29 20:42:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/29 20:12:51 | 000,159,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/26 17:47:17 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\My Documents\The SF Site Kim Stanley Robinson Reading List.url
[2011/06/26 14:49:56 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 14:49:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/18 23:01:03 | 000,445,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 23:01:02 | 000,072,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/18 18:40:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\defogger_reenable
[2011/06/16 20:00:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110703-124345.backup
[2011/06/16 19:48:00 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/16 19:33:01 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2011/06/16 18:25:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 18:22:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/11 08:28:35 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[1 C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 14:16:22 | 000,516,608 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\RogueKiller.exe
[2011/07/03 14:01:32 | 2011,279,360 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/03 08:02:40 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\SpywareBlaster.lnk
[2011/07/02 18:11:51 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\My Documents\06 - Nietzsche - Knowledge and Belief.lnk
[2011/07/02 18:07:46 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\BookMooch Member Home.url
[2011/07/01 20:54:06 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\Shortcut to iTunes.lnk
[2011/06/26 14:49:56 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 14:49:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/18 18:40:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\defogger_reenable
[2011/06/16 19:48:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/16 19:33:01 | 000,000,221 | ---- | C] () -- C:\Boot.bak
[2011/06/16 19:32:55 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2011/06/16 17:47:33 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\Windows Media Player.lnk
[2011/06/13 20:13:13 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/13 20:13:13 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/13 20:13:13 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/13 20:13:12 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/06/13 20:13:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/06/13 20:13:12 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/06/13 20:13:12 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/06/13 20:13:12 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/06/13 20:13:12 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/13 20:13:12 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
[2011/06/13 20:12:59 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/13 20:12:59 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/06/13 20:12:59 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/06/13 20:12:59 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/13 20:12:59 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireless SecureEasySetup.lnk
[2011/06/13 20:12:59 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/13 20:12:58 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/06/13 20:12:58 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2011/06/13 20:12:58 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2011/06/13 20:12:58 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2011/06/13 20:12:58 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
[2011/06/13 20:12:58 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2011/06/13 20:12:58 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/13 20:12:58 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2011/06/13 20:12:58 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/06/13 20:12:58 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/06/13 20:12:58 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2011/06/13 20:12:58 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2006.lnk
[2011/06/11 18:30:12 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk
[2011/06/11 18:24:27 | 000,000,248 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\PaperBack Swap.com.url
[2010/04/10 21:26:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/04 22:05:39 | 000,028,792 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/07 13:09:54 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/05/26 16:27:56 | 000,002,206 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/05/16 08:47:50 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/28 13:19:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/17 18:22:59 | 000,010,752 | -H-- | C] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/08 21:08:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/11/08 15:47:14 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\fusioncache.dat
[2006/10/04 02:01:07 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/10/04 01:46:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/04 01:46:05 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/10/04 01:41:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/04 01:15:28 | 000,125,796 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/10/04 01:14:37 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/10/04 01:14:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/10/04 01:14:20 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 04:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 04:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 04:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 04:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 04:23:22 | 000,445,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 04:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 04:23:22 | 000,072,754 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 04:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 04:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 04:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 04:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 04:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 04:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 04:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 04:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 21:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 21:30:47 | 000,159,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/15 02:00:00 | 000,077,321 | ---- | C] () -- C:\WINDOWS\unins000.exe
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Start Menu\*.* /x >
[2008/08/28 17:35:23 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2007/03/23 10:36:24 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
[2007/04/04 20:57:18 | 000,002,439 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
[2008/08/28 17:35:23 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2006/06/17 04:41:25 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2007/10/05 20:45:00 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< >

< End of report >

Advertisements

Register to Remove

#92 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 05 July 2011 - 08:10 PM

Hi wilma1313,

This looks okay. How's the computer?

Do you know what these folders are?

C:\WINDOWS\wt
C:\Documents and Settings\Owner.Miguel\My Documents\Limew

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#93 wilma1313

Silver Member

Authentic Member
386 posts

Posted 06 July 2011 - 06:19 AM

Hi, Computer way better. Garmin still goofed which was expected. Still no volume in the taskbar even though it is checked in control panel. Windows media player still doesn't work. The folder in documents is an empty folder he made up. He didn't put anything in it. The windows/wt we have no idea. Neither one of us would ever do anything purposely in that area. thanks

#94 wilma1313

Silver Member

Authentic Member
386 posts

Posted 06 July 2011 - 06:25 AM

google suggests teh windows/wt might be from Wild Tangent. We don't do games generally, but he may have tried something in the past. Some suggest its bundled in with instant messaging, which he may do - he didn't say yes or no so that usually means sometimes, but I don't want to tell you, in his language. Some of what spybot removed was wild tangent junk.

#95 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 06 July 2011 - 09:54 AM

Hi wilma1313,

Garmin may come down to uninstall reinstall.

What happens if you Click start > Control Panel

Open the "Sounds and Audio Devices" icon.
Uncheck "Place volume icon in the taskbar" checkbox .
click apply, click ok
Then recheck it
click apply, click ok

Do you recieve an error message?

Do you have an XP disk?

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#96 wilma1313

Silver Member

Authentic Member
386 posts

Posted 07 July 2011 - 06:41 AM

No disk, but I will check the other stuff tonight if I get home early enough or tomorrow afternoon at the latest.....

#97 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 07 July 2011 - 09:28 AM

Hi wilma1313, Ok. I'd still like to dig a bit deeper to see why you had this variant this time. We cleaned a newer variant of the rogue earlier.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#98 wilma1313

Silver Member

Authentic Member
386 posts

Posted 07 July 2011 - 06:29 PM

Hi, the computer acts like nothing happens when I check or uncheck that box. applying either command does not change there being no volume icon in the taskbar. No error message or any change.

#99 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 07 July 2011 - 06:42 PM

Hi wilma1313,

Ok we'll look at the sound icon later. Let's see if the machine is clean.

If you still have this program, aswMBR.exe, on your desktop please delete it and download a new copy.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#100 wilma1313

Silver Member

Authentic Member
386 posts

Posted 08 July 2011 - 08:40 PM

Hi, Mcafee keeps blocking something called Tool nir cmd calling it a pup. That happened the day the computer began to act re-infected too. I tried the scan this afternoon, after running about 4 hrs it froze the computer up and did not complete. I've been running it for 2 hrs again already, so we'll see. Tool nir cmd is quarenteened. do I try this scan in safe mode if it freezes up again? thanks,

Advertisements

Register to Remove

#101 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 09 July 2011 - 01:24 AM

Hi wilma1313,

McAfee has detected and quarantined a valid tool. This would explain why aswMBR which usually runs in less than a minute is stalled.

Try this again. Please delete the copy of aswMBR.exe you have. Download a new copy from HERE

If McAffee complains ignore it. If Mcaffee will not allow you download the tool then disable McAffee first.

Once you have the tool downloaded disable McAffee then run aswMBR.exe.

To disable McAffee

Please open McAfee Security Centre
Under Common Tasks click on Home
Click Computer Files
Click Configure
Make sure the following are disabled by ticking the "Off" button.

Virus protection
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it)
Next, select never for "When to re-enable real time scanning"
and click OK.

When you are finished McAffee can be re-enabled by reversing the above steps.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#102 wilma1313

Silver Member

Authentic Member
386 posts

Posted 09 July 2011 - 08:36 AM

The scan actually finished middle of the night and I saved the log. I'm gonna attach it, but if I need to redo with the new instructions I will. Should I get that tool out of quarantine either way? thanks.

Attached Files

MBR.zip 560bytes 174 downloads

#103 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 09 July 2011 - 11:23 AM

Hi wilma 1313, Leave the tool in quarantine for now. You attached the MBR.zip, which is one file that was created. A log file should also have been created, it should be on your desktop. Please attach it to your next reply. Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#104 wilma1313

Silver Member

Authentic Member
386 posts

Posted 09 July 2011 - 11:55 AM

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software Run date: 2011-07-08 19:48:09 ----------------------------- 19:48:09.052 OS Version: Windows 5.1.2600 Service Pack 3 19:48:09.052 Number of processors: 2 586 0x4802 19:48:09.052 ComputerName: MIGUEL UserName: Owner 19:48:16.489 Initialize success 19:49:28.177 AVAST engine defs: 11070800 19:49:32.036 The log file has been saved successfully to "C:\Documents and Settings\Owner.Miguel\Desktop\aswMBR.txt" aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software Run date: 2011-07-08 19:48:09 ----------------------------- 19:48:09.052 OS Version: Windows 5.1.2600 Service Pack 3 19:48:09.052 Number of processors: 2 586 0x4802 19:48:09.052 ComputerName: MIGUEL UserName: Owner 19:48:16.489 Initialize success 19:49:28.177 AVAST engine defs: 11070800 19:49:32.036 The log file has been saved successfully to "C:\Documents and Settings\Owner.Miguel\Desktop\aswMBR.txt" 19:51:09.224 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 19:51:09.224 Disk 0 Vendor: Hitachi_HTS541616J9AT00 SB4OA70H Size: 152627MB BusType: 3 19:51:09.255 Disk 0 MBR read successfully 19:51:09.270 Disk 0 MBR scan 19:51:09.270 Disk 0 unknown MBR code 19:51:09.302 Disk 0 scanning sectors +312560640 19:51:09.411 Disk 0 scanning C:\WINDOWS\system32\drivers 19:53:38.614 Service scanning 19:53:46.833 Disk 0 trace - called modules: 19:53:46.849 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 19:53:46.849 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a45eab8] 19:53:46.849 3 CLASSPNP.SYS[ba188fd7] -> nt!IofCallDriver -> \Device\000000af[0x8a4f7388] 19:53:46.864 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a468d98] 19:53:51.489 AVAST engine scan C:\WINDOWS 22:00:23.067 AVAST engine scan C:\Documents and Settings\Owner.Miguel 23:07:29.364 AVAST engine scan C:\Documents and Settings\All Users 00:00:19.614 Scan finished successfully 01:34:09.849 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.Miguel\Desktop\MBR.dat" 01:34:09.880 The log file has been saved successfully to "C:\Documents and Settings\Owner.Miguel\Desktop\aswMBR.txt"

#105 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 09 July 2011 - 04:51 PM

Hi wilma1313, How is the computer? Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Body Background

skin color theme