WiredWX Hobby Weather ToolsLog in

 


Antivirus Soft virus

2 posters

descriptionAntivirus Soft virus EmptyAntivirus Soft virus

more_horiz
My computer has been infected with the Antivirus Soft virus. I ran Malware Bytes in safe mode and it found one infection. However, after removing the infection, the virus was still present on my computer. I tried another scan in safe mode and it found NO infections.

Here's the Hijackthis Log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:09:19 AM, on 5/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [hdjpepfr] C:\Documents and Settings\Owner\Local Settings\Application Data\mreonffuq\sdlqtyktssd.exe
O4 - HKLM\..\Run: [asam] C:\Documents and Settings\Owner\Local Settings\Application Data\asam.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4066 bytes

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
    O4 - HKLM\..\Run: [hdjpepfr] C:\Documents and Settings\Owner\Local Settings\Application Data\mreonffuq\sdlqtyktssd.exe
    O4 - HKLM\..\Run: [asam] C:\Documents and Settings\Owner\Local Settings\Application Data\asam.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
IMalwarebytes' Anti-Malware 1.44
Database version: 3767
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/23/2010 7:49:17 PM
mbam-log-2010-05-23 (19-49-17).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 172919
Time elapsed: 25 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PVSM74OR\packupdate_build107_302[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

However, I found another update for Malware so I'm going to re-scan and report the new log after the updated scan is done.

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
I updated Malware Bytes and ran a quick scan. It came up with 6 infections. I removed the infections and this is the log that came up:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4134

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/23/2010 8:19:36 PM
mbam-log-2010-05-23 (20-19-36).txt

Scan type: Quick scan
Objects scanned: 128726
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\3cb8715e.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\lgQf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\asam.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\syssvc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
OTL Extras logfile created on: 5/23/2010 8:33:56 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 616.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 58.71 Gb Free Space | 78.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-CQL6UJGE1V
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (AOL Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\asam.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\asam.exe:*:Enabled:enable -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A508AAA-3B69-4326-B89E-A6166FA05D3C}" = Canon MultiPASS Suite 4.01
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™️ 4.2
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Disney Toontown Online" = Disney Toontown Online
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2010 1:51:53 PM | Computer Name = HOME-CQL6UJGE1V | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\System32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 3/30/2010 2:18:24 PM | Computer Name = HOME-CQL6UJGE1V | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\System32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 3/31/2010 12:46:04 PM | Computer Name = HOME-CQL6UJGE1V | Source = Application Hang | ID = 1002
Description = Hanging application Adobe Premiere Elements.exe, version 8.0.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2010 6:41:07 PM | Computer Name = HOME-CQL6UJGE1V | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module urlmon.dll, version 6.0.2900.3676, fault address 0x0003df2f.

Error - 4/6/2010 11:13:04 AM | Computer Name = HOME-CQL6UJGE1V | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2010 11:13:08 AM | Computer Name = HOME-CQL6UJGE1V | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2010 11:13:09 AM | Computer Name = HOME-CQL6UJGE1V | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2010 1:58:56 PM | Computer Name = HOME-CQL6UJGE1V | Source = Application Error | ID = 1000
Description = Faulting application mpservic.exe, version 4.0.1.0, faulting module
netsrv32.dll, version 4.0.1.0, fault address 0x00001e1a.

Error - 4/26/2010 9:14:44 PM | Computer Name = HOME-CQL6UJGE1V | Source = Application Hang | ID = 1002
Description = Hanging application wiaacmgr.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2010 9:14:45 PM | Computer Name = HOME-CQL6UJGE1V | Source = Application Hang | ID = 1002
Description = Hanging application wiaacmgr.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/23/2010 8:11:28 PM | Computer Name = HOME-CQL6UJGE1V | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 5/23/2010 8:11:28 PM | Computer Name = HOME-CQL6UJGE1V | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 5/23/2010 8:12:03 PM | Computer Name = HOME-CQL6UJGE1V | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 5/23/2010 8:19:53 PM | Computer Name = HOME-CQL6UJGE1V | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/23/2010 8:21:05 PM | Computer Name = HOME-CQL6UJGE1V | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/23/2010 8:21:05 PM | Computer Name = HOME-CQL6UJGE1V | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/23/2010 8:22:55 PM | Computer Name = HOME-CQL6UJGE1V | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/23/2010 8:22:55 PM | Computer Name = HOME-CQL6UJGE1V | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/23/2010 8:23:03 PM | Computer Name = HOME-CQL6UJGE1V | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/23/2010 8:24:20 PM | Computer Name = HOME-CQL6UJGE1V | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm OMCI


< End of report >

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
OTL logfile created on: 5/23/2010 8:33:56 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 616.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 58.71 Gb Free Space | 78.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-CQL6UJGE1V
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/23 20:31:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/02 14:22:27 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/23 20:31:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 01:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/31 16:05:11 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/20 04:42:45 | 000,033,280 | R--- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2004/08/04 01:56:44 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2002/06/25 17:48:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2002/06/25 17:48:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2001/10/19 20:40:14 | 000,061,440 | ---- | M] (Canon Inc) [Auto | Stopped] -- C:\Program Files\Canon\MultiPASS4\mpservic.exe -- (MpService)


========== Driver Services (SafeList) ==========

DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/09/18 18:31:04 | 000,048,408 | ---- | M] (Canon) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cis1284.sys -- (cis1284)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 23:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 15:20:16 | 000,000,000 | ---D | M]

[2010/05/21 22:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/23 01:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5z12rfeq.default\extensions
[2010/05/22 08:40:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5z12rfeq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/22 23:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/06/25 17:38:30 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe (Canon Inc)
O4 - HKLM..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\mptbox.exe (Canon Inc)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/15 17:55:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 19:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/05/22 13:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/05/22 08:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/05/22 08:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2010/05/22 08:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AIM
[2010/05/22 08:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2010/05/21 23:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/21 23:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/21 22:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/05/21 22:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/05/21 22:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/05/21 22:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/05/21 22:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010/05/21 22:12:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/05/21 22:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sony
[2010/05/21 22:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/05/21 22:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/05/21 22:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/05/21 22:02:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/05/21 22:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/05/21 22:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/05/21 22:01:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/05/21 22:01:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/05/21 22:01:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/05/21 22:01:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/05/21 22:01:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/05/21 22:01:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/05/21 22:01:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/05/21 22:01:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/05/21 22:01:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/05/21 22:01:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/05/21 22:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/05/21 22:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/05/21 22:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/05/21 11:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/21 11:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/05/21 11:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/05/19 16:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/19 16:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2010/05/19 16:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/19 16:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/05/19 16:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/28 16:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Disney
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 20:22:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 20:21:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 20:19:54 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/23 20:19:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/23 20:19:52 | 001,656,336 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/23 19:59:06 | 016,218,682 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\May 22 2010 - VID00013.AVI
[2010/05/23 19:59:02 | 002,529,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\May 22 2010 - VID00012.AVI
[2010/05/23 19:59:00 | 003,213,460 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\May 22 2010 - VID00011.AVI
[2010/05/23 19:58:56 | 003,076,354 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\May 22 2010 - VID00009.AVI
[2010/05/23 11:42:59 | 000,000,059 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\httpwww.facebook.comref=logo.URL
[2010/05/22 15:24:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/21 11:22:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/05/19 16:55:00 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk
[2010/05/01 21:40:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 16:39:28 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Toontown Online.lnk
[2010/04/25 18:44:07 | 000,509,574 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/25 18:44:07 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/25 18:44:07 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 20:01:15 | 016,218,682 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\May 22 2010 - VID00013.AVI
[2010/05/23 20:01:15 | 003,213,460 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\May 22 2010 - VID00011.AVI
[2010/05/23 20:01:15 | 003,076,354 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\May 22 2010 - VID00009.AVI
[2010/05/23 20:01:15 | 002,529,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\May 22 2010 - VID00012.AVI
[2010/05/23 11:42:59 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\httpwww.facebook.comref=logo.URL
[2010/05/21 22:26:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/21 22:02:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/21 22:02:01 | 000,069,632 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/05/21 22:01:57 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/21 11:22:13 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/05/19 16:55:00 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk
[2010/04/28 16:39:28 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Toontown Online.lnk
[2010/04/14 23:53:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/11 18:21:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/16 16:13:06 | 000,020,900 | ---- | C] () -- C:\WINDOWS\System32\MpUpMon.dll
[2010/02/16 10:29:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/25 17:45:48 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 18

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 20.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
Hi, unfortunately I'm running my computer in safe mode right now and it's not allowing me to delete or install any new forms of Java. However, I'm currently running the ESET Online Scan and I'll be posting the log up shortly.

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
Here is the ESET Scan log:

-------------------------------------------
Monday, February 15, 2010 4:46:26 PM
Administrative privileged user logged on.
Parsing template defltwk.inf.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure User Rights...
Configure S-1-5-32-546.
remove SeInteractiveLogonRight.
Configure S-1-5-32-547.
remove SeNetworkLogonRight.
remove SeSystemtimePrivilege.
remove SeRemoteShutdownPrivilege.
remove SeIncreaseBasePriorityPrivilege.
remove SeInteractiveLogonRight.
remove SeProfileSingleProcessPrivilege.
remove SeShutdownPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-32-551.
remove SeBackupPrivilege.
remove SeInteractiveLogonRight.
remove SeRestorePrivilege.
remove SeShutdownPrivilege.
Configure S-1-5-19.
add SeAuditPrivilege.
add SeIncreaseQuotaPrivilege.
add SeAssignPrimaryTokenPrivilege.
Configure S-1-5-20.
add SeAuditPrivilege.
add SeIncreaseQuotaPrivilege.
add SeAssignPrimaryTokenPrivilege.
Configure S-1-5-32-544.
add SeChangeNotifyPrivilege.
add SeUndockPrivilege.
add SeManageVolumePrivilege.
add SeRemoteInteractiveLogonRight.
remove SeNetworkLogonRight.
Configure S-1-5-32-545.
add SeNetworkLogonRight.
add SeChangeNotifyPrivilege.
add SeUndockPrivilege.
Configure S-1-1-0.
remove SeNetworkLogonRight.
remove SeInteractiveLogonRight.
remove SeShutdownPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-21-343818398-1682526488-725345543-501.
add SeNetworkLogonRight.
add SeInteractiveLogonRight.
add SeDenyNetworkLogonRight.
add SeDenyInteractiveLogonRight.

User Rights configuration was completed successfully.


----Configure Group Membership...
Configure Users.
add INTERACTIVE.
add Authenticated Users.

Group Membership configuration was completed successfully.


----Configure Registry Keys...
Configure users\.default.
Configure users\.default\AppEvents.
Configure users\.default\Console.
Configure users\.default\Control Panel.
Configure users\.default\Environment.
Configure users\.default\Keyboard Layout.
Configure users\.default\UNICODE Program Groups.
Configure users\.default\software.
Configure users\.default\software\Policies.
Configure users\.default\software\microsoft.
Configure users\.default\software\microsoft\Clock.
Configure users\.default\software\microsoft\Command Processor.
Configure users\.default\software\microsoft\CTF.
Configure users\.default\software\microsoft\File Manager.
Configure users\.default\software\microsoft\Internet Explorer.
Configure users\.default\software\microsoft\Multimedia.
Configure users\.default\software\microsoft\Ntbackup.
Configure users\.default\software\microsoft\RegEdt32.
Configure users\.default\software\microsoft\Schedule+.
Configure users\.default\software\microsoft\Windows.
Configure users\.default\software\microsoft\Windows Help.
Configure users\.default\software\microsoft\Windows NT.
Configure users\.default\software\microsoft\netdde.
Configure users\.default\software\microsoft\netdde\DDE Trusted Shares.
Configure users\.default\software\microsoft\systemcertificates.
Configure users\.default\software\microsoft\systemcertificates\CA.
Configure users\.default\software\microsoft\systemcertificates\Disallowed.
Configure users\.default\software\microsoft\systemcertificates\My.
Configure users\.default\software\microsoft\systemcertificates\trust.
Configure users\.default\software\microsoft\systemcertificates\root.
Configure users\.default\software\microsoft\systemcertificates\root\Certificates.
Configure users\.default\software\microsoft\systemcertificates\root\CRLs.
Configure users\.default\software\microsoft\systemcertificates\root\CTLs.
Configure machine\software.
Configure machine\software\ODBC.
Configure machine\software\Policies.
Configure machine\software\Program Groups.
Configure machine\software\Secure.
Configure machine\software\classes.
Configure machine\software\classes\*.
Configure machine\software\classes\.acw.
Configure machine\software\classes\.ani.
Configure machine\software\classes\.avi.
Configure machine\software\classes\.bat.
Configure machine\software\classes\.bfc.
Configure machine\software\classes\.bkf.
Configure machine\software\classes\.blg.
Configure machine\software\classes\.cat.
Configure machine\software\classes\.cer.
Configure machine\software\classes\.clp.
Configure machine\software\classes\.cmd.
Configure machine\software\classes\.com.
Configure machine\software\classes\.cpl.
Configure machine\software\classes\.crl.
Configure machine\software\classes\.crt.
Configure machine\software\classes\.cur.
Configure machine\software\classes\.der.
Configure machine\software\classes\.dll.
Configure machine\software\classes\.doc.
Configure machine\software\classes\.drv.
Configure machine\software\classes\.dun.
Configure machine\software\classes\.exe.
Configure machine\software\classes\.fnd.
Configure machine\software\classes\.fon.
Configure machine\software\classes\.grp.
Configure machine\software\classes\.hlp.
Configure machine\software\classes\.icc.
Configure machine\software\classes\.icm.
Configure machine\software\classes\.ico.
Configure machine\software\classes\.inf.
Configure machine\software\classes\.ini.
Configure machine\software\classes\.job.
Configure machine\software\classes\.lnk.
Configure machine\software\classes\.log.
Configure machine\software\classes\.mid.
Configure machine\software\classes\.mmm.
Configure machine\software\classes\.msc.
Configure machine\software\classes\.msi.
Configure machine\software\classes\.msp.
Configure machine\software\classes\.MsRcIncident.
Configure machine\software\classes\.otf.
Configure machine\software\classes\.p10.
Configure machine\software\classes\.p12.
Configure machine\software\classes\.p7b.
Configure machine\software\classes\.p7m.
Configure machine\software\classes\.p7r.
Configure machine\software\classes\.p7s.
Configure machine\software\classes\.pbk.
Configure machine\software\classes\.pfm.
Configure machine\software\classes\.pfx.
Configure machine\software\classes\.pif.
Configure machine\software\classes\.pko.
Configure machine\software\classes\.pma.
Configure machine\software\classes\.pmc.
Configure machine\software\classes\.pml.
Configure machine\software\classes\.pmr.
Configure machine\software\classes\.pmw.
Configure machine\software\classes\.pnf.
Configure machine\software\classes\.psw.
Configure machine\software\classes\.que.
Configure machine\software\classes\.reg.
Configure machine\software\classes\.rnk.
Configure machine\software\classes\.rtf.
Configure machine\software\classes\.scf.
Configure machine\software\classes\.scp.
Configure machine\software\classes\.scr.
Configure machine\software\classes\.sdb.
Configure machine\software\classes\.shb.
Configure machine\software\classes\.shs.
Configure machine\software\classes\.spc.
Configure machine\software\classes\.sst.
Configure machine\software\classes\.stl.
Configure machine\software\classes\.sys.
Configure machine\software\classes\.ttc.
Configure machine\software\classes\.ttf.
Configure machine\software\classes\.txt.
Configure machine\software\classes\.wav.
Configure machine\software\classes\.webpnp.
Configure machine\software\classes\.wtx.
Configure machine\software\classes\.zap.
Configure machine\software\classes\AccessControlEntry.
Configure machine\software\classes\AccessControlList.
Configure machine\software\classes\acwfile.
Configure machine\software\classes\ADCS.
Configure machine\software\classes\ADs.
Configure machine\software\classes\ADsDSOObject.
Configure machine\software\classes\ADsNamespaces.
Configure machine\software\classes\ADsSecurityUtility.
Configure machine\software\classes\ADSystemInfo.
Configure machine\software\classes\anifile.
Configure machine\software\classes\appfixfile.
Configure machine\software\classes\AppID.
Configure machine\software\classes\Applications.
Configure machine\software\classes\ATL.Registrar.
Configure machine\software\classes\AVIFile.
Configure machine\software\classes\batfile.
Configure machine\software\classes\Briefcase.
Configure machine\software\classes\CATFile.
Configure machine\software\classes\CEnroll.CEnroll.
Configure machine\software\classes\CEnroll.CEnroll.1.
Configure machine\software\classes\CERFile.
Configure machine\software\classes\CertificateStoreFile.
Configure machine\software\classes\CLSID.
Configure machine\software\classes\cmdfile.
Configure machine\software\classes\comfile.
Configure machine\software\classes\cplfile.
Configure machine\software\classes\CRLFile.
Configure machine\software\classes\CryptPKO.CryptPKO.
Configure machine\software\classes\CryptPKO.CryptPKO.1.
Configure machine\software\classes\CryptSig.CryptSig.
Configure machine\software\classes\CryptSig.CryptSig.1.
Configure machine\software\classes\curfile.
Configure machine\software\classes\Direct3DRM.
Configure machine\software\classes\DirectDraw.
Configure machine\software\classes\DirectDraw7.
Configure machine\software\classes\DirectDrawClipper.
Configure machine\software\classes\Directory.
Configure machine\software\classes\DirectPlay.
Configure machine\software\classes\DirectPlayLobby.
Configure machine\software\classes\DirectShow.
Configure machine\software\classes\DirectSound.
Configure machine\software\classes\DirectSound8.
Configure machine\software\classes\DirectSoundBufferConfig.
Configure machine\software\classes\DirectSoundCapture.
Configure machine\software\classes\DirectSoundCapture8.
Configure machine\software\classes\DirectSoundChorusDMO.
Configure machine\software\classes\DirectSoundCompressorDMO.
Configure machine\software\classes\DirectSoundDistortionDMO.
Configure machine\software\classes\DirectSoundEchoDMO.
Configure machine\software\classes\DirectSoundFlangerDMO.
Configure machine\software\classes\DirectSoundFullDuplex.
Configure machine\software\classes\DirectSoundFXChorusPage.
Configure machine\software\classes\DirectSoundFXCompressorPage.
Configure machine\software\classes\DirectSoundFXDistortionPage.
Configure machine\software\classes\DirectSoundFXEchoPage.
Configure machine\software\classes\DirectSoundFXFlangerPage.
Configure machine\software\classes\DirectSoundFXGarglePage.
Configure machine\software\classes\DirectSoundFXI3DL2ReverbPage.
Configure machine\software\classes\DirectSoundFXParamEqPage.
Configure machine\software\classes\DirectSoundGargleDMO.
Configure machine\software\classes\DirectSoundI3DL2ReverbDMO.
Configure machine\software\classes\DirectSoundParamEqDMO.
Configure machine\software\classes\DirectXFile.
Configure machine\software\classes\DiskManagement.Connection.
Configure machine\software\classes\DiskManagement.Control.
Configure machine\software\classes\DiskManagement.DataObject.
Configure machine\software\classes\DiskManagement.SnapIn.
Configure machine\software\classes\DiskManagement.SnapInAbout.
Configure machine\software\classes\DiskManagement.SnapInComponent.
Configure machine\software\classes\DiskManagement.SnapInExtension.
Configure machine\software\classes\DiskManagement.UITasks.
Configure machine\software\classes\dllfile.
Configure machine\software\classes\DNWithBinary.
Configure machine\software\classes\DNWithString.
Configure machine\software\classes\DocShortcut.
Configure machine\software\classes\Drive.
Configure machine\software\classes\drvfile.
Configure machine\software\classes\dunfile.
Configure machine\software\classes\exefile.
Configure machine\software\classes\file.
Configure machine\software\classes\fndfile.
Configure machine\software\classes\Folder.
Configure machine\software\classes\fonfile.
Configure machine\software\classes\GC.
Configure machine\software\classes\helpfile.
Configure machine\software\classes\hlpfile.
Configure machine\software\classes\icmfile.
Configure machine\software\classes\icofile.
Configure machine\software\classes\IMsiServer.
Configure machine\software\classes\inffile.
Configure machine\software\classes\inifile.
Configure machine\software\classes\Interface.
Configure machine\software\classes\JobObject.
Configure machine\software\classes\LargeInteger.
Configure machine\software\classes\LDAP.
Configure machine\software\classes\LDAPNamespace.
Configure machine\software\classes\lnkfile.
Configure machine\software\classes\MDACVer.Version.
Configure machine\software\classes\MDACVer.Version.2.70.
Configure machine\software\classes\Microsoft.DirectSoundCaptureAecDMO.
Configure machine\software\classes\Microsoft.DirectSoundCaptureAgcDMO.
Configure machine\software\classes\Microsoft.DirectSoundCaptureNoiseSuppressDMO.
Configure machine\software\classes\MIDFile.
Configure machine\software\classes\MIME.
Configure machine\software\classes\MPlayer.
Configure machine\software\classes\msbackupfile.
Configure machine\software\classes\MSCFile.
Configure machine\software\classes\MSExtGroup.
Configure machine\software\classes\MSExtLocality.
Configure machine\software\classes\MSExtOrganization.
Configure machine\software\classes\MSExtOrganizationUnit.
Configure machine\software\classes\MSExtPrintQueue.
Configure machine\software\classes\MSExtUser.
Configure machine\software\classes\Msi.Package.
Configure machine\software\classes\Msi.Patch.
Configure machine\software\classes\MSMQ.MSMQApplication.
Configure machine\software\classes\MSMQ.MSMQApplication.1.
Configure machine\software\classes\MSMQ.MSMQCoordinatedTransactionDispenser.
Configure machine\software\classes\MSMQ.MSMQCoordinatedTransactionDispenser.1.
Configure machine\software\classes\MSMQ.MSMQDestination.
Configure machine\software\classes\MSMQ.MSMQDestination.1.
Configure machine\software\classes\MSMQ.MSMQEvent.
Configure machine\software\classes\MSMQ.MSMQEvent.1.
Configure machine\software\classes\MSMQ.MSMQManagement.
Configure machine\software\classes\MSMQ.MSMQManagement.1.
Configure machine\software\classes\MSMQ.MSMQMessage.
Configure machine\software\classes\MSMQ.MSMQMessage.1.
Configure machine\software\classes\MSMQ.MSMQQuery.
Configure machine\software\classes\MSMQ.MSMQQuery.1.
Configure machine\software\classes\MSMQ.MSMQQueue.
Configure machine\software\classes\MSMQ.MSMQQueue.1.
Configure machine\software\classes\MSMQ.MSMQQueueInfo.
Configure machine\software\classes\MSMQ.MSMQQueueInfo.1.
Configure machine\software\classes\MSMQ.MSMQQueueInfos.
Configure machine\software\classes\MSMQ.MSMQQueueInfos.1.
Configure machine\software\classes\MSMQ.MSMQTransaction.
Configure machine\software\classes\MSMQ.MSMQTransaction.1.
Configure machine\software\classes\MSMQ.MSMQTransactionDispenser.
Configure machine\software\classes\MSMQ.MSMQTransactionDispenser.1.
Configure machine\software\classes\MSProgramGroup.
Configure machine\software\classes\MsRcIncident.
Configure machine\software\classes\Msttsdrv.MSVoiceData.
Configure machine\software\classes\Msttsdrv.MSVoiceData.1.
Configure machine\software\classes\Msttsdrv.SpTtsEngUI.
Configure machine\software\classes\Msttsdrv.SpTtsEngUI.1.
Configure machine\software\classes\MSTTSEng.MSMSTTSEngine.1.
Configure machine\software\classes\NameTranslate.
Configure machine\software\classes\Network.
Configure machine\software\classes\NetworkConnections.
Configure machine\software\classes\otffile.
Configure machine\software\classes\P10File.
Configure machine\software\classes\P7MFile.
Configure machine\software\classes\P7RFile.
Configure machine\software\classes\P7SFile.
Configure machine\software\classes\Pathname.
Configure machine\software\classes\pbkfile.
Configure machine\software\classes\PerfFile.
Configure machine\software\classes\pfmfile.
Configure machine\software\classes\PFXFile.
Configure machine\software\classes\piffile.
Configure machine\software\classes\PKOFile.
Configure machine\software\classes\pnffile.
Configure machine\software\classes\Printers.
Configure machine\software\classes\PropertyEntry.
Configure machine\software\classes\PropertyValue.
Configure machine\software\classes\PSWFile.
Configure machine\software\classes\QueueObject.
Configure machine\software\classes\regedit.
Configure machine\software\classes\regfile.
Configure machine\software\classes\rnkfile.
Configure machine\software\classes\SAPI.LTSLexicon.
Configure machine\software\classes\SAPI.LTSLexicon.1.
Configure machine\software\classes\SAPI.SpAudioFormat.
Configure machine\software\classes\SAPI.SpAudioFormat.1.
Configure machine\software\classes\SAPI.SpCompressedLexicon.
Configure machine\software\classes\SAPI.SpCompressedLexicon.1.
Configure machine\software\classes\SAPI.SpCustomStream.
Configure machine\software\classes\SAPI.SpCustomStream.1.
Configure machine\software\classes\SAPI.SpDataKey.
Configure machine\software\classes\SAPI.SpDataKey.1.
Configure machine\software\classes\SAPI.SpFileStream.
Configure machine\software\classes\SAPI.SpFileStream.1.
Configure machine\software\classes\SAPI.SpGramCompBackEnd.
Configure machine\software\classes\SAPI.SpGramCompBackEnd.1.
Configure machine\software\classes\SAPI.SpGrammarCompiler.
Configure machine\software\classes\SAPI.SpGrammarCompiler.1.
Configure machine\software\classes\SAPI.SpInProcRecoContext.
Configure machine\software\classes\SAPI.SpInProcRecoContext.1.
Configure machine\software\classes\SAPI.SpInprocRecognizer.
Configure machine\software\classes\SAPI.SpInprocRecognizer.1.
Configure machine\software\classes\SAPI.SpITNProcessor.
Configure machine\software\classes\SAPI.SpITNProcessor.1.
Configure machine\software\classes\SAPI.SpLexicon.
Configure machine\software\classes\SAPI.SpLexicon.1.
Configure machine\software\classes\SAPI.SpMemoryStream.
Configure machine\software\classes\SAPI.SpMemoryStream.1.
Configure machine\software\classes\SAPI.SpMMAudioEnum.
Configure machine\software\classes\SAPI.SpMMAudioEnum.1.
Configure machine\software\classes\SAPI.SpMMAudioIn.
Configure machine\software\classes\SAPI.SpMMAudioIn.1.
Configure machine\software\classes\SAPI.SpMMAudioOut.
Configure machine\software\classes\SAPI.SpMMAudioOut.1.
Configure machine\software\classes\SAPI.SPNotify.1.
Configure machine\software\classes\SAPI.SpNotifyTranslator.
Configure machine\software\classes\SAPI.SpNotifyTranslator.1.
Configure machine\software\classes\SAPI.SpNullPhoneConverter.
Configure machine\software\classes\SAPI.SpNullPhoneConverter.1.
Configure machine\software\classes\SAPI.SpObjectToken.
Configure machine\software\classes\SAPI.SpObjectToken.1.
Configure machine\software\classes\SAPI.SpObjectTokenCategory.
Configure machine\software\classes\SAPI.SpObjectTokenCategory.1.
Configure machine\software\classes\SAPI.SpObjectTokenEnum.
Configure machine\software\classes\SAPI.SpObjectTokenEnum.1.
Configure machine\software\classes\SAPI.SpPhoneConverter.
Configure machine\software\classes\SAPI.SpPhoneConverter.1.
Configure machine\software\classes\SAPI.SpPhrase.1.
Configure machine\software\classes\SAPI.SpPhraseBuilder.
Configure machine\software\classes\SAPI.SpPhraseBuilder.1.
Configure machine\software\classes\SAPI.SpPhraseInfoBuilder.
Configure machine\software\classes\SAPI.SpPhraseInfoBuilder.1.
Configure machine\software\classes\SAPI.SpRecPlayAudio.
Configure machine\software\classes\SAPI.SpRecPlayAudio.1.
Configure machine\software\classes\SAPI.SpResourceManager.
Configure machine\software\classes\SAPI.SpResourceManager.1.
Configure machine\software\classes\SAPI.SpSharedRecoContext.
Configure machine\software\classes\SAPI.SpSharedRecoContext.1.
Configure machine\software\classes\SAPI.SpSharedRecognizer.
Configure machine\software\classes\SAPI.SpSharedRecognizer.1.
Configure machine\software\classes\SAPI.SpStream.
Configure machine\software\classes\SAPI.SpStream.1.
Configure machine\software\classes\SAPI.SpStreamFormatConverter.
Configure machine\software\classes\SAPI.SpStreamFormatConverter.1.
Configure machine\software\classes\SAPI.SpTextSelectionInformation.
Configure machine\software\classes\SAPI.SpTextSelectionInformation.1.
Configure machine\software\classes\SAPI.SpUncompressedLexicon.
Configure machine\software\classes\SAPI.SpUncompressedLexicon.1.
Configure machine\software\classes\SAPI.SpVoice.
Configure machine\software\classes\SAPI.SpVoice.1.
Configure machine\software\classes\SAPI.SpWaveFormatEx.
Configure machine\software\classes\SAPI.SpWaveFormatEx.1.
Configure machine\software\classes\scrfile.
Configure machine\software\classes\SecurityDescriptor.
Configure machine\software\classes\SHCmdFile.
Configure machine\software\classes\Shell.
Configure machine\software\classes\ShellScrap.
Configure machine\software\classes\SoundRec.
Configure machine\software\classes\SPCFile.
Configure machine\software\classes\StaticDib.
Configure machine\software\classes\StaticEnhancedMetafile.
Configure machine\software\classes\StaticMetafile.
Configure machine\software\classes\STLFile.
Configure machine\software\classes\sysfile.
Configure machine\software\classes\System.DirectSoundCaptureAecDMO.
Configure machine\software\classes\System.DirectSoundCaptureAgcDMO.
Configure machine\software\classes\System.DirectSoundCaptureNsDMO.
Configure machine\software\classes\SystemFileAssociations.
Configure machine\software\classes\ttcfile.
Configure machine\software\classes\ttffile.
Configure machine\software\classes\txtfile.
Configure machine\software\classes\TypeLib.
Configure machine\software\classes\Unknown.
Configure machine\software\classes\webpnpFile.
Configure machine\software\classes\WindowsInstaller.Installer.
Configure machine\software\classes\WindowsInstaller.Message.
Configure machine\software\classes\WinNT.
Configure machine\software\classes\WinNTNamespace.
Configure machine\software\classes\WinNTSystemInfo.
Configure machine\software\classes\zapfile.
Configure machine\software\microsoft.
Configure machine\software\microsoft\Active Setup.
Configure machine\software\microsoft\ADs.
Configure machine\software\microsoft\AudioCompressionManager.
Configure machine\software\microsoft\Command Processor.
Configure machine\software\microsoft\CTF.
Configure machine\software\microsoft\DataAccess.
Configure machine\software\microsoft\DeviceManager.
Configure machine\software\microsoft\Direct3D.
Configure machine\software\microsoft\DirectDraw.
Configure machine\software\microsoft\DirectInput.
Configure machine\software\microsoft\DirectMusic.
Configure machine\software\microsoft\DirectPlay.
Configure machine\software\microsoft\DirectX.
Configure machine\software\microsoft\Driver Signing.
Configure machine\software\microsoft\DrWatson.
Configure machine\software\microsoft\EAPOL.
Configure machine\software\microsoft\EnterpriseCertificates.
Configure machine\software\microsoft\ESENT.
Configure machine\software\microsoft\EventSystem.
Configure machine\software\microsoft\MMC.
Configure machine\software\microsoft\Mobile.
Configure machine\software\microsoft\Mr. Enigma.
Configure machine\software\microsoft\NetSh.
Configure machine\software\microsoft\Non-Driver Signing.
Configure machine\software\microsoft\Ole.
Configure machine\software\microsoft\PCHealth.
Configure machine\software\microsoft\Rpc.
Configure machine\software\microsoft\Secure.
Configure machine\software\microsoft\Speech.
Configure machine\software\microsoft\SystemCertificates.
Configure machine\software\microsoft\Tracing.
Configure machine\software\microsoft\WBEM.
Configure machine\software\microsoft\Windows Messaging Subsystem.
Configure machine\software\microsoft\Windows Scripting Host.
Configure machine\software\microsoft\cryptography.
Configure machine\software\microsoft\cryptography\CatalogDB.
Configure machine\software\microsoft\cryptography\Defaults.
Configure machine\software\microsoft\cryptography\IEDirtyFlags.
Configure machine\software\microsoft\cryptography\Machine Settings.
Configure machine\software\microsoft\cryptography\OID.
Configure machine\software\microsoft\cryptography\Protect.
Configure machine\software\microsoft\cryptography\Providers.
Configure machine\software\microsoft\cryptography\RNG.
Configure machine\software\microsoft\cryptography\Services.
Configure machine\software\microsoft\cryptography\calais.
Configure machine\software\microsoft\netdde.
Configure machine\software\microsoft\netdde\DDE Shares.
Configure machine\software\microsoft\netdde\Parameters.
Configure machine\software\microsoft\windows.
Configure machine\software\microsoft\windows\currentversion.
Configure machine\software\microsoft\windows\currentversion\App Paths.
Configure machine\software\microsoft\windows\currentversion\Applets.
Configure machine\software\microsoft\windows\currentversion\Control Panel.
Configure machine\software\microsoft\windows\currentversion\Controls Folder.
Configure machine\software\microsoft\windows\currentversion\CSCSettings.
Configure machine\software\microsoft\windows\currentversion\Dynamic Directory.
Configure machine\software\microsoft\windows\currentversion\Explorer.
Configure machine\software\microsoft\windows\currentversion\H323TSP.
Configure machine\software\microsoft\windows\currentversion\IPConfTSP.
Configure machine\software\microsoft\windows\currentversion\MS-DOS Emulation.
Configure machine\software\microsoft\windows\currentversion\Nls.
Configure machine\software\microsoft\windows\currentversion\Reliability.
Configure machine\software\microsoft\windows\currentversion\RenameFiles.
Configure machine\software\microsoft\windows\currentversion\RunOnce.
Configure machine\software\microsoft\windows\currentversion\RunOnceEx.
Configure machine\software\microsoft\windows\currentversion\Setup.
Configure machine\software\microsoft\windows\currentversion\Shell Extensions.
Configure machine\software\microsoft\windows\currentversion\ShellScrap.
Configure machine\software\microsoft\windows\currentversion\SideBySide.
Configure machine\software\microsoft\windows\currentversion\Syncmgr.
Configure machine\software\microsoft\windows\currentversion\Uninstall.
Configure machine\software\microsoft\windows\currentversion\telephony.
Configure machine\software\microsoft\windows\currentversion\telephony\Country List.
Configure machine\software\microsoft\windows\currentversion\telephony\Locations.
Configure machine\software\microsoft\windows\currentversion\telephony\Providers.
Configure machine\software\microsoft\windows\currentversion\telephony\TAPI3.
Configure machine\software\microsoft\windows\currentversion\telephony\Terminal Manager.
Configure machine\software\microsoft\windows nt.
Configure machine\software\microsoft\windows nt\currentversion.
Configure machine\software\microsoft\windows nt\currentversion\Accessibility.
Configure machine\software\microsoft\windows nt\currentversion\AeDebug.
Configure machine\software\microsoft\windows nt\currentversion\Asr.
Configure machine\software\microsoft\windows nt\currentversion\Classes.
Configure machine\software\microsoft\windows nt\currentversion\Compatibility.
Configure machine\software\microsoft\windows nt\currentversion\Compatibility32.
Configure machine\software\microsoft\windows nt\currentversion\Console.
Configure machine\software\microsoft\windows nt\currentversion\Drivers.
Configure machine\software\microsoft\windows nt\currentversion\drivers.desc.
Configure machine\software\microsoft\windows nt\currentversion\Drivers32.
Configure machine\software\microsoft\windows nt\currentversion\EFS.
Configure machine\software\microsoft\windows nt\currentversion\Embedding.
Configure machine\software\microsoft\windows nt\currentversion\Event Viewer.
Configure machine\software\microsoft\windows nt\currentversion\File Manager.
Configure machine\software\microsoft\windows nt\currentversion\Font Drivers.
Configure machine\software\microsoft\windows nt\currentversion\FontDPI.
Configure machine\software\microsoft\windows nt\currentversion\FontMapper.
Configure machine\software\microsoft\windows nt\currentversion\Fonts.
Configure machine\software\microsoft\windows nt\currentversion\FontSubstitutes.
Configure machine\software\microsoft\windows nt\currentversion\GRE_Initialize.
Configure machine\software\microsoft\windows nt\currentversion\HotFix.
Configure machine\software\microsoft\windows nt\currentversion\Image File Execution Options.
Configure machine\software\microsoft\windows nt\currentversion\IME Compatibility.
Configure machine\software\microsoft\windows nt\currentversion\IMM.
Configure machine\software\microsoft\windows nt\currentversion\IniFileMapping.
Configure machine\software\microsoft\windows nt\currentversion\LanguagePack.
Configure machine\software\microsoft\windows nt\currentversion\LastFontSweep.
Configure machine\software\microsoft\windows nt\currentversion\MCI.
Configure machine\software\microsoft\windows nt\currentversion\MCI Extensions.
Configure machine\software\microsoft\windows nt\currentversion\MCI32.
Configure machine\software\microsoft\windows nt\currentversion\Midimap.
Configure machine\software\microsoft\windows nt\currentversion\ModuleCompatibility.
Configure machine\software\microsoft\windows nt\currentversion\Network.
Configure machine\software\microsoft\windows nt\currentversion\PerHwIdStorage.
Configure machine\software\microsoft\windows nt\currentversion\Ports.
Configure machine\software\microsoft\windows nt\currentversion\ProfileList.
Configure machine\software\microsoft\windows nt\currentversion\related.desc.
Configure machine\software\microsoft\windows nt\currentversion\SeCEdit.
Configure machine\software\microsoft\windows nt\currentversion\Setup.
Configure machine\software\microsoft\windows nt\currentversion\Storage.
Configure machine\software\microsoft\windows nt\currentversion\SvcHost.
Configure machine\software\microsoft\windows nt\currentversion\Terminal Server.
Configure machine\software\microsoft\windows nt\currentversion\Time Zones.
Configure machine\software\microsoft\windows nt\currentversion\Type 1 Installer.
Configure machine\software\microsoft\windows nt\currentversion\Userinstallable.drivers.
Configure machine\software\microsoft\windows nt\currentversion\Windows.
Configure machine\software\microsoft\windows nt\currentversion\Winlogon.
Configure machine\software\microsoft\windows nt\currentversion\WOW.
Configure machine\software\microsoft\windows nt\currentversion\perflib.
Configure machine\system.
Configure machine\system\MountedDevices.
Configure machine\system\Select.
Configure machine\system\Setup.
Configure machine\system\currentcontrolset.
Configure machine\system\currentcontrolset\control.
Configure machine\system\currentcontrolset\control\AGP.
Configure machine\system\currentcontrolset\control\Arbiters.
Configure machine\system\currentcontrolset\control\BackupRestore.
Configure machine\system\currentcontrolset\control\Biosinfo.
Configure machine\system\currentcontrolset\control\BootVerificationProgram.
Configure machine\system\currentcontrolset\control\CoDeviceInstallers.
Configure machine\system\currentcontrolset\control\COM Name Arbiter.
Configure machine\system\currentcontrolset\control\ComputerName.
Configure machine\system\currentcontrolset\control\ContentIndex.
Configure machine\system\currentcontrolset\control\CrashControl.
Configure machine\system\currentcontrolset\control\CriticalDeviceDatabase.
Configure machine\system\currentcontrolset\control\DeviceClasses.
Configure machine\system\currentcontrolset\control\FileSystem.
Configure machine\system\currentcontrolset\control\GraphicsDrivers.
Configure machine\system\currentcontrolset\control\GroupOrderList.
Configure machine\system\currentcontrolset\control\HAL.
Configure machine\system\currentcontrolset\control\IDConfigDB.
Configure machine\system\currentcontrolset\control\Lsa.
Configure machine\system\currentcontrolset\control\MediaProperties.
Configure machine\system\currentcontrolset\control\MediaResources.
Configure machine\system\currentcontrolset\control\Network.
Configure machine\system\currentcontrolset\control\NetworkProvider.
Configure machine\system\currentcontrolset\control\Nls.
Configure machine\system\currentcontrolset\control\NTMS.
Configure machine\system\currentcontrolset\control\PnP.
Configure machine\system\currentcontrolset\control\Print.
Configure machine\system\currentcontrolset\control\PriorityControl.
Configure machine\system\currentcontrolset\control\ProductOptions.
Configure machine\system\currentcontrolset\control\SafeBoot.
Configure machine\system\currentcontrolset\control\ScsiPort.
Configure machine\system\currentcontrolset\control\SecurityProviders.
Configure machine\system\currentcontrolset\control\ServiceGroupOrder.
Configure machine\system\currentcontrolset\control\Session Manager.
Configure machine\system\currentcontrolset\control\Setup.
Configure machine\system\currentcontrolset\control\StillImage.
Configure machine\system\currentcontrolset\control\SystemResources.
Configure machine\system\currentcontrolset\control\Terminal Server.
Configure machine\system\currentcontrolset\control\TimeZoneInformation.
Configure machine\system\currentcontrolset\control\Update.
Configure machine\system\currentcontrolset\control\UsbFlags.
Configure machine\system\currentcontrolset\control\Video.
Configure machine\system\currentcontrolset\control\VirtualDeviceDrivers.
Configure machine\system\currentcontrolset\control\Windows.
Configure machine\system\currentcontrolset\control\WOW.
Configure machine\system\currentcontrolset\control\hivelist.
Configure machine\system\currentcontrolset\control\ServiceCurrent.
Configure machine\system\currentcontrolset\control\class.
Configure machine\system\currentcontrolset\control\keyboard layout.
Configure machine\system\currentcontrolset\control\keyboard layout\DosKeybCodes.
Configure machine\system\currentcontrolset\control\keyboard layout\DosKeybIDs.
Configure machine\system\currentcontrolset\control\keyboard layouts.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000402.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000405.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000406.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000407.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000408.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000409.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000040a.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000040b.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000040c.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000040e.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000040f.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000410.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000413.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000414.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000415.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000416.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000418.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000419.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000041A.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000041b.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000041c.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000041d.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000041f.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000422.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000423.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000424.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000425.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000426.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000427.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000042c.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000042f.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000438.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000043f.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000440.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000444.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000450.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000807.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000809.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000080a.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000080c.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000813.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000816.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000081a.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000082c.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000843.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000c0c.
Configure machine\system\currentcontrolset\control\keyboard layouts\00000c1a.
Configure machine\system\currentcontrolset\control\keyboard layouts\00001009.
Configure machine\system\currentcontrolset\control\keyboard layouts\0000100c.
Configure machine\system\currentcontrolset\control\keyboard layouts\00001809.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010402.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010405.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010407.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010408.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010409.
Configure machine\system\currentcontrolset\control\keyboard layouts\0001040a.
Configure machine\system\currentcontrolset\control\keyboard layouts\0001040e.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010410.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010415.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010416.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010419.
Configure machine\system\currentcontrolset\control\keyboard layouts\0001041b.
Configure machine\system\currentcontrolset\control\keyboard layouts\0001041f.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010426.
Configure machine\system\currentcontrolset\control\keyboard layouts\00010427.
Configure machine\system\currentcontrolset\control\keyboard layouts\0001080c.
Configure machine\system\currentcontrolset\control\keyboard layouts\00011009.
Configure machine\system\currentcontrolset\control\keyboard layouts\00011809.
Configure machine\system\currentcontrolset\control\keyboard layouts\00020405.
Configure machine\system\currentcontrolset\control\keyboard layouts\00020408.
Configure machine\system\currentcontrolset\control\keyboard layouts\00020409.
Configure machine\system\currentcontrolset\control\keyboard layouts\00030408.
Configure machine\system\currentcontrolset\control\keyboard layouts\00030409.
Configure machine\system\currentcontrolset\control\keyboard layouts\00040408.
Configure machine\system\currentcontrolset\control\keyboard layouts\00040409.
Configure machine\system\currentcontrolset\control\keyboard layouts\00050408.
Configure machine\system\currentcontrolset\control\keyboard layouts\00060408.
Configure machine\system\currentcontrolset\control\securepipeservers.
Configure machine\system\currentcontrolset\control\securepipeservers\winreg.
Configure machine\system\currentcontrolset\control\securepipeservers\winreg\AllowedPaths.
Configure machine\system\currentcontrolset\control\wmi.
Configure machine\system\currentcontrolset\control\wmi\security.
Configure machine\system\currentcontrolset\services.
Configure machine\system\currentcontrolset\services\Abiosdsk.
Configure machine\system\currentcontrolset\services\abp480n5.
Configure machine\system\currentcontrolset\services\ACPI.
Configure machine\system\currentcontrolset\services\ACPIEC.
Configure machine\system\currentcontrolset\services\adpu160m.
Configure machine\system\currentcontrolset\services\Aha154x.
Configure machine\system\currentcontrolset\services\aic78u2.
Configure machine\system\currentcontrolset\services\aic78xx.
Configure machine\system\currentcontrolset\services\AliIde.
Configure machine\system\currentcontrolset\services\amsint.
Configure machine\system\currentcontrolset\services\asc.
Configure machine\system\currentcontrolset\services\asc3350p.
Configure machine\system\currentcontrolset\services\asc3550.
Configure machine\system\currentcontrolset\services\atapi.
Configure machine\system\currentcontrolset\services\Atdisk.
Configure machine\system\currentcontrolset\services\AudioSrv.
Configure machine\system\currentcontrolset\services\BattC.
Configure machine\system\currentcontrolset\services\Beep.
Configure machine\system\currentcontrolset\services\cbidf2k.
Configure machine\system\currentcontrolset\services\cd20xrnt.
Configure machine\system\currentcontrolset\services\Cdaudio.
Configure machine\system\currentcontrolset\services\Cdfs.
Configure machine\system\currentcontrolset\services\Cdrom.
Configure machine\system\currentcontrolset\services\Changer.
Configure machine\system\currentcontrolset\services\CiSvc.
Configure machine\system\currentcontrolset\services\CmdIde.
Configure machine\system\currentcontrolset\services\Cpqarray.
Configure machine\system\currentcontrolset\services\dac2w2k.
Configure machine\system\currentcontrolset\services\dac960nt.
Configure machine\system\currentcontrolset\services\Disk.
Configure machine\system\currentcontrolset\services\dmadmin.
Configure machine\system\currentcontrolset\services\dmboot.
Configure machine\system\currentcontrolset\services\dmio.
Configure machine\system\currentcontrolset\services\dmload.
Configure machine\system\currentcontrolset\services\dmserver.
Configure machine\system\currentcontrolset\services\dpti2o.
Configure machine\system\currentcontrolset\services\Fastfat.
Configure machine\system\currentcontrolset\services\Fdc.
Configure machine\system\currentcontrolset\services\Fips.
Configure machine\system\currentcontrolset\services\Flpydisk.
Configure machine\system\currentcontrolset\services\Fs_Rec.
Configure machine\system\currentcontrolset\services\Ftdisk.
Configure machine\system\currentcontrolset\services\HidServ.
Configure machine\system\currentcontrolset\services\hidusb.
Configure machine\system\currentcontrolset\services\hpn.
Configure machine\system\currentcontrolset\services\hpt3xx.
Configure machine\system\currentcontrolset\services\i2omgmt.
Configure machine\system\currentcontrolset\services\i2omp.
Configure machine\system\currentcontrolset\services\i8042prt.
Configure machine\system\currentcontrolset\services\Imapi.
Configure machine\system\currentcontrolset\services\ini910u.
Configure machine\system\currentcontrolset\services\Inport.
Configure machine\system\currentcontrolset\services\IntelIde.
Configure machine\system\currentcontrolset\services\isapnp.
Configure machine\system\currentcontrolset\services\Kbdclass.
Configure machine\system\currentcontrolset\services\kbdhid.
Configure machine\system\currentcontrolset\services\KSecDD.
Configure machine\system\currentcontrolset\services\lbrtfdc.
Configure machine\system\currentcontrolset\services\mnmdd.
Configure machine\system\currentcontrolset\services\Modem.
Configure machine\system\currentcontrolset\services\Mouclass.
Configure machine\system\currentcontrolset\services\mouhid.
Configure machine\system\currentcontrolset\services\MountMgr.
Configure machine\system\currentcontrolset\services\mraid35x.
Configure machine\system\currentcontrolset\services\Msfs.
Configure machine\system\currentcontrolset\services\MSIServer.
Configure machine\system\currentcontrolset\services\Mup.
Configure machine\system\currentcontrolset\services\NDIS.
Configure machine\system\currentcontrolset\services\NDProxy.
Configure machine\system\currentcontrolset\services\Netlogon.
Configure machine\system\currentcontrolset\services\Netman.
Configure machine\system\currentcontrolset\services\Npfs.
Configure machine\system\currentcontrolset\services\Ntfs.
Configure machine\system\currentcontrolset\services\Null.
Configure machine\system\currentcontrolset\services\Parport.
Configure machine\system\currentcontrolset\services\PartMgr.
Configure machine\system\currentcontrolset\services\ParVdm.
Configure machine\system\currentcontrolset\services\PCI.
Configure machine\system\currentcontrolset\services\PCIDump.
Configure machine\system\currentcontrolset\services\PCIIde.
Configure machine\system\currentcontrolset\services\Pcmcia.
Configure machine\system\currentcontrolset\services\perc2.
Configure machine\system\currentcontrolset\services\perc2hib.
Configure machine\system\currentcontrolset\services\PerfDisk.
Configure machine\system\currentcontrolset\services\PerfNet.
Configure machine\system\currentcontrolset\services\PerfOS.
Configure machine\system\currentcontrolset\services\PerfProc.
Configure machine\system\currentcontrolset\services\PlugPlay.
Configure machine\system\currentcontrolset\services\ProtectedStorage.
Configure machine\system\currentcontrolset\services\ql1080.
Configure machine\system\currentcontrolset\services\Ql10wnt.
Configure machine\system\currentcontrolset\services\ql12160.
Configure machine\system\currentcontrolset\services\ql1240.
Configure machine\system\currentcontrolset\services\ql1280.
Configure machine\system\currentcontrolset\services\seclogon.
Configure machine\system\currentcontrolset\services\SENS.
Configure machine\system\currentcontrolset\services\serenum.
Configure machine\system\currentcontrolset\services\Serial.
Configure machine\system\currentcontrolset\services\Sfloppy.
Configure machine\system\currentcontrolset\services\Simbad.
Configure machine\system\currentcontrolset\services\Sparrow.
Configure machine\system\currentcontrolset\services\Spooler.
Configure machine\system\currentcontrolset\services\swenum.
Configure machine\system\currentcontrolset\services\symc810.
Configure machine\system\currentcontrolset\services\symc8xx.
Configure machine\system\currentcontrolset\services\sym_hi.
Configure machine\system\currentcontrolset\services\sym_u3.
Configure machine\system\currentcontrolset\services\Tcpip.
Configure machine\system\currentcontrolset\services\TosIde.
Configure machine\system\currentcontrolset\services\TrkWks.
Configure machine\system\currentcontrolset\services\TSDDD.
Configure machine\system\currentcontrolset\services\Udfs.
Configure machine\system\currentcontrolset\services\ultra.
Configure machine\system\currentcontrolset\services\Update.
Configure machine\system\currentcontrolset\services\UPS.
Configure machine\system\currentcontrolset\services\usbccgp.
Configure machine\system\currentcontrolset\services\usbhub.
Configure machine\system\currentcontrolset\services\usbuhci.
Configure machine\system\currentcontrolset\services\VgaSave.
Configure machine\system\currentcontrolset\services\ViaIde.
Configure machine\system\currentcontrolset\services\VolSnap.
Configure machine\system\currentcontrolset\services\VSS.
Configure machine\system\currentcontrolset\services\WinSock2.
Configure machine\system\currentcontrolset\services\WinTrust.
Configure machine\system\currentcontrolset\services\appmgmt.
Configure machine\system\currentcontrolset\services\appmgmt\Parameters.
Configure machine\system\currentcontrolset\services\appmgmt\security.
Configure machine\system\currentcontrolset\services\clipsrv.
Configure machine\system\currentcontrolset\services\clipsrv\security.
Configure machine\system\currentcontrolset\services\cryptsvc.
Configure machine\system\currentcontrolset\services\cryptsvc\Parameters.
Configure machine\system\currentcontrolset\services\cryptsvc\Enum.
Configure machine\system\currentcontrolset\services\cryptsvc\security.
Configure machine\system\currentcontrolset\services\ersvc.
Configure machine\system\currentcontrolset\services\ersvc\Parameters.
Configure machine\system\currentcontrolset\services\ersvc\Enum.
Configure machine\system\currentcontrolset\services\ersvc\security.
Configure machine\system\currentcontrolset\services\eventlog.
Configure machine\system\currentcontrolset\services\eventlog\Application.
Configure machine\system\currentcontrolset\services\eventlog\System.
Configure machine\system\currentcontrolset\services\eventlog\security.
Configure machine\system\currentcontrolset\services\eventlog\security\DS.
Configure machine\system\currentcontrolset\services\eventlog\security\LSA.
Configure machine\system\currentcontrolset\services\eventlog\security\NetDDE Object.
Configure machine\system\currentcontrolset\services\eventlog\security\SC Manager.
Configure machine\system\currentcontrolset\services\eventlog\security\Security.
Configure machine\system\currentcontrolset\services\eventlog\security\Security Account Manager.
Configure machine\system\currentcontrolset\services\eventlog\security\Spooler.
Configure machine\system\currentcontrolset\services\irenum.
Configure machine\system\currentcontrolset\services\irenum\security.
Configure machine\system\currentcontrolset\services\netdde.
Configure machine\system\currentcontrolset\services\netdde\security.
Configure machine\system\currentcontrolset\services\netddedsdm.
Configure machine\system\currentcontrolset\services\netddedsdm\security.
Configure machine\system\currentcontrolset\services\rpcss.
Configure machine\system\currentcontrolset\services\rpcss\Parameters.
Configure machine\system\currentcontrolset\services\rpcss\Enum.
Configure machine\system\currentcontrolset\services\rpcss\security.
Configure machine\system\currentcontrolset\services\samss.
Configure machine\system\currentcontrolset\services\samss\Enum.
Configure machine\system\currentcontrolset\services\samss\security.
Configure machine\system\currentcontrolset\services\scarddrv.
Configure machine\system\currentcontrolset\services\scarddrv\security.
Configure machine\system\currentcontrolset\services\scardsvr.
Configure machine\system\currentcontrolset\services\scardsvr\security.
Configure machine\system\currentcontrolset\services\stisvc.
Configure machine\system\currentcontrolset\services\stisvc\security.
Configure machine\system\currentcontrolset\services\sysmonlog.
Configure machine\system\currentcontrolset\services\sysmonlog\log queries.
Configure machine\system\currentcontrolset\services\tapisrv.
Configure machine\system\currentcontrolset\services\tapisrv\Parameters.
Configure machine\system\currentcontrolset\services\tapisrv\Performance.
Configure machine\system\currentcontrolset\services\tapisrv\Enum.
Configure machine\system\currentcontrolset\services\tapisrv\security.
Configure machine\system\currentcontrolset\services\w32time.
Configure machine\system\currentcontrolset\services\w32time\Enum.
Configure machine\system\currentcontrolset\services\w32time\security.
Configure machine\system\currentcontrolset\services\wmi.
Warning 2: The system cannot find the file specified.
Error enumerating info for machine\system\currentcontrolset\services\wmi.

Configuration of Registry Keys was completed successfully.


----Configure File Security...
Configure c:\autoexec.bat.
Warning 2: The system cannot find the file specified.
Error setting security on c:\autoexec.bat.
Configure c:\boot.ini.
Configure c:\config.sys.
Warning 2: The system cannot find the file specified.
Error setting security on c:\config.sys.
Configure c:\ntbootdd.sys.
Warning 2: The system cannot find the file specified.
Error setting security on c:\ntbootdd.sys.
Configure c:\ntdetect.com.
Configure c:\ntldr.
Configure c:\program files.
Configure c:\windows.
Configure c:\windows\debug.
Configure c:\windows\debug\usermode.
Configure c:\windows\repair.
Configure c:\windows\system32.
Configure c:\windows\system32\config.
Configure c:\windows\system32\dllcache.
Configure c:\windows\system32\ias.
Configure c:\windows\system32\spool.
Configure c:\windows\system32\spool\drivers.
Configure c:\windows\temp.

File Security configuration was completed successfully.


----Configure Security Policy...
Configure password information.
LSA anonymous lookup names setting : existing SD = D:(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS).
LSA anonymous lookup names setting : computed SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS).
Configure LSA anonymous lookup setting.
Guest account is disabled.

System Access configuration was completed successfully.
Configure log settings.
Configure event audit settings.

Audit/Log configuration was completed successfully.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\forceunlocklogon.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\limitblankpassworduse.
Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec.
Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec.
Configure machine\system\currentcontrolset\control\lsa\nodefaultadminowner.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Configure machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.

Configuration of Registry Values was completed successfully.


----Configure available attachment engines...

Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...
-------------------------------------------
Monday, February 15, 2010 4:56:17 PM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\inf\syscomp.inf.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure File Security...

File Security configuration was completed successfully.


----Un-initialize configuration engine...

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
Hello.
That doesn't look like the right log, please read my instructions carefully.

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
Sorry, here's the right one I hope:

# scan_time=5868
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\19\7cc87393-31435a39 Java/TrojanDownloader.Agent.NAM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\6108f8b3-69e1a6aa multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\55\3860eaf7-47a517e3 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2d01433aca4528499d617254f96970fc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-25 03:31:02
# local_time=2010-05-24 11:31:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=44595
# found=1
# cleaned=1
# scan_time=6321
C:\Documents and Settings\Owner\Local Settings\Application Data\mreonffuq\sdlqtyktssd.exe a variant of Win32/Kryptik.EDN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    C:\Documents and Settings\Owner\Local Settings\Application Data\mreonffuq

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
I did that and the computer rebooted. Should the virus be off by now?

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
Hello.
Yeah, the OTL script was just to removed a leftover folder.

How is the machine running now?

descriptionAntivirus Soft virus EmptyRe: Antivirus Soft virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum