Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- OTL Extras logfile created on: 2/7/2011 2:31:15 PM - Run 1
- OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mr. Red\My Documents\Downloads\Virus removal\OTL
- Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
- Internet Explorer (Version = 8.0.6001.18702)
- Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
- 503.00 Mb Total Physical Memory | 89.00 Mb Available Physical Memory | 18.00% Memory free
- 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
- Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
- %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
- Drive C: | 74.52 Gb Total Space | 66.31 Gb Free Space | 88.98% Space Free | Partition Type: NTFS
- Drive D: | 186.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
- Computer Name: BLACK | User Name: Mr. Red | Logged in as Administrator.
- Boot Mode: Normal | Scan Mode: Current user | Quick Scan
- Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
- [color=#E56717]========== Extra Registry (SafeList) ==========[/color]
- [color=#E56717]========== File Associations ==========[/color]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
- .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
- .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
- .pif [@ = piffile] -- Reg Error: Key error. File not found
- [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
- .exe [@ = exefile] -- Reg Error: Key error. File not found
- .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
- [color=#E56717]========== Shell Spawning ==========[/color]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
- batfile [open] -- "%1" %*
- cmdfile [open] -- "%1" %*
- comfile [open] -- "%1" %*
- cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
- exefile [open] -- "%1" %*
- htmlfile [edit] -- Reg Error: Key error.
- InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
- piffile [open] -- Reg Error: Key error.
- regfile [merge] -- Reg Error: Key error.
- scrfile [config] -- "%1"
- scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
- scrfile [open] -- "%1" /S
- txtfile [edit] -- Reg Error: Key error.
- Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
- Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
- Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
- Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
- Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
- Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
- [color=#E56717]========== Security Center Settings ==========[/color]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
- "FirstRunDisabled" = 1
- "AntiVirusDisableNotify" = 0
- "FirewallDisableNotify" = 0
- "UpdatesDisableNotify" = 0
- "AntiVirusOverride" = 1
- "FirewallOverride" = 0
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
- [color=#E56717]========== System Restore Settings ==========[/color]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
- "DisableSR" = 0
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
- "Start" = 0
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
- "Start" = 2
- [color=#E56717]========== Firewall Settings ==========[/color]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
- "EnableFirewall" = 1
- "DoNotAllowExceptions" = 0
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
- [color=#E56717]========== Authorized Applications List ==========[/color]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\Apoint\Apoint.exe" = C:\Program Files\Apoint\Apoint.exe:*:Enabled:ipsec -- (Alps Electric Co., Ltd.)
- "C:\Program Files\Apoint\Apntex.exe" = C:\Program Files\Apoint\Apntex.exe:*:Enabled:ipsec -- (Alps Electric Co., Ltd.)
- "C:\WINDOWS\system32\netsh.exe" = C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec -- (Microsoft Corporation)
- "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:ipsec -- (AOL Inc.)
- "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)
- "F:\Dell Drivers\Audio\R99254.EXE" = F:\Dell Drivers\Audio\R99254.EXE:*:Enabled:ipsec
- "C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
- "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe:*:Enabled:ipsec -- (Intel Corporation)
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\paja.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\paja.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w477efa.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w477efa.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winemmi.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winemmi.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winkvqv.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winkvqv.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w1eedf22.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w1eedf22.exe:*:Enabled:ipsec
- "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winkacme.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winkacme.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\klav.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\klav.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winvatlrp.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winvatlrp.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\qimomt.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\qimomt.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w49c08d.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w49c08d.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\wincbcu.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\wincbcu.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\jdie.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\jdie.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\wintgebk.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\wintgebk.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winxsjnaj.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winxsjnaj.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w8bbadf.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w8bbadf.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winhguaf.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winhguaf.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winigpnl.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winigpnl.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\scwrs.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\scwrs.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\lvoit.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\lvoit.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winmfanvr.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winmfanvr.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winaywb.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winaywb.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\wincdbqun.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\wincdbqun.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\xcxrdj.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\xcxrdj.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w2ba075.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w2ba075.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winpopbu.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winpopbu.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\hgfkp.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\hgfkp.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winrtmei.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winrtmei.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\shlk.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\shlk.exe:*:Enabled:ipsec -- ()
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winqugmdq.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winqugmdq.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\hwkvx.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\hwkvx.exe:*:Enabled:ipsec
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winswomqt.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\winswomqt.exe:*:Enabled:ipsec -- ()
- "C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w94b3fe.exe" = C:\DOCUME~1\MR8626~1.RED\LOCALS~1\Temp\w94b3fe.exe:*:Enabled:ipsec -- ()
- [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
- "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
- "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
- "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
- "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
- "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
- "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
- "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
- "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
- "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
- "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
- "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
- "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
- "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
- "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
- "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
- "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
- "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
- "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
- "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
- "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
- "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
- "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
- "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
- "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
- "HijackThis" = HijackThis 1.99.1
- "ie8" = Windows Internet Explorer 8
- "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
- "NoIPDUC" = No-IP DUC
- "ProInst" = Intel(R) PROSet/Wireless Software
- "Uplink" = Uplink
- "Windows XP Service Pack" = Windows XP Service Pack 3
- "WinRAR" = WinRAR
- [color=#E56717]========== Last 10 Event Log Errors ==========[/color]
- [ Application Events ]
- Error - 2/3/2011 3:28:27 PM | Computer Name = BLACK | Source = Application Hang | ID = 1002
- Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
- hungapp, version 0.0.0.0, hang address 0x00000000.
- Error - 2/3/2011 3:28:29 PM | Computer Name = BLACK | Source = Application Hang | ID = 1002
- Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
- hungapp, version 0.0.0.0, hang address 0x00000000.
- Error - 2/4/2011 1:06:37 PM | Computer Name = BLACK | Source = Application Error | ID = 1000
- Description = Faulting application firefox.exe, version 1.9.2.3989, faulting module
- msvcr90.dll, version 9.0.30729.4148, fault address 0x00059231.
- Error - 2/4/2011 1:07:37 PM | Computer Name = BLACK | Source = Application Error | ID = 1000
- Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
- module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.
- Error - 2/5/2011 6:52:17 PM | Computer Name = BLACK | Source = Application Error | ID = 1000
- Description = Faulting application SZServer.exe, version 5.0.84.5, faulting module
- SZComp5.dll, version 5.0.84.5, fault address 0x00041774.
- [ System Events ]
- Error - 2/5/2011 6:52:33 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7034
- Description = The STOPzilla Service service terminated unexpectedly. It has done
- this 1 time(s).
- Error - 2/5/2011 10:27:36 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7026
- Description = The following boot-start or system-start driver(s) failed to load:
- PCIIde
- Error - 2/5/2011 10:51:27 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7026
- Description = The following boot-start or system-start driver(s) failed to load:
- szkg5 szkgfs
- Error - 2/6/2011 12:48:01 AM | Computer Name = BLACK | Source = Service Control Manager | ID = 7026
- Description = The following boot-start or system-start driver(s) failed to load:
- szkg5 szkgfs
- Error - 2/6/2011 2:52:56 AM | Computer Name = BLACK | Source = Service Control Manager | ID = 7026
- Description = The following boot-start or system-start driver(s) failed to load:
- szkg5 szkgfs
- Error - 2/6/2011 12:14:59 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7026
- Description = The following boot-start or system-start driver(s) failed to load:
- szkg5 szkgfs
- Error - 2/6/2011 4:46:49 PM | Computer Name = BLACK | Source = Dhcp | ID = 1000
- Description = Your computer has lost the lease to its IP address 192.168.1.51 on
- the Network Card with network address 0013CE4FE170.
- Error - 2/7/2011 4:10:44 AM | Computer Name = BLACK | Source = Dhcp | ID = 1000
- Description = Your computer has lost the lease to its IP address 192.168.1.224 on
- the Network Card with network address 0013CE4FE170.
- Error - 2/7/2011 12:31:59 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7026
- Description = The following boot-start or system-start driver(s) failed to load:
- szkg5 szkgfs
- Error - 2/7/2011 12:33:02 PM | Computer Name = BLACK | Source = Dhcp | ID = 1002
- Description = The IP address lease 192.168.1.51 for the Network Card with network
- address 0013CE4FE170 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
- sent a DHCPNACK message).
- < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement