0

Hey guys, I recently started having some issues with my pc. I am running Win XP SP3 and running McAfee anti-virus program. It loads fine and I am able to get online but I no longer have the link to Control Panel on my start menu and I cannot access it from the command line. When I try to use the run command it gives me a pop-up that says 'This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator" even thought I am logged on as the administrator account. This happens when I try to get into the control panel or access my display properties from the desktop. I have already run a full scan with McAfee and MBA-M and fixed the issues that were found but I am still having this issue. Here is a log from HJT, any help or suggestions would be greatly appriciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:13 PM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator.OPTIMUS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-21-57989841-1580818891-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Matthew')
O4 - HKUS\S-1-5-21-57989841-1580818891-725345543-1003\..\Run: [Aim6] (User 'Matthew')
O4 - HKUS\S-1-5-21-57989841-1580818891-725345543-1003\..\Run: [Google Update] "C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Matthew')
O4 - HKUS\S-1-5-21-57989841-1580818891-725345543-1003\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User 'Matthew')
O4 - HKUS\S-1-5-21-57989841-1580818891-725345543-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Matthew')
O4 - HKUS\S-1-5-21-57989841-1580818891-725345543-1003\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE (User 'Matthew')
O4 - HKUS\S-1-5-21-57989841-1580818891-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Crystal')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0320551256121118) (0320551256121118mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\032055~1.EXE (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 12461 bytes

3
Contributors
9
Replies
10
Views
8 Years
Discussion Span
Last Post by PhilliePhan
0

I also forgot to mention that I tried to do a system restore to resolve the issue and got an error that it could not be done with multiple restore points.

0

I also forgot to mention that I tried to do a system restore to resolve the issue and got an error that it could not be done with multiple restore points.

Update your MBAM via the "Update" Tab and run it again and post me the log.

REBOOT and then:

-- Download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.
- Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

Please post the MBAM and DDS logs for me.

Cheers :)
PP

0

Here is the info you needed. TIA for your help.

Malwarebytes' Anti-Malware 1.41
Database version: 3050
Windows 5.1.2600 Service Pack 3

10/28/2009 7:51:48 PM
mbam-log-2009-10-28 (19-51-41).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 280721
Time elapsed: 1 hour(s), 20 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Guest\Desktop\Inst_305s5.exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{3C1F0AF1-2C66-4F3C-8E02-A220E530312D}\RP528\A0084919.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{3C1F0AF1-2C66-4F3C-8E02-A220E530312D}\RP528\A0084920.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

DDS


DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 23:07:58.34 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1515 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Administrator.OPTIMUS\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CTAPR2] "c:\program files\creative\sound blaster x-fi\console launcher\CTAPR2.exe" /r
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
uPolicies-explorer: NoControlPanel = 1 (0x1)
uPolicies-explorer: NoNetworkConnections = 1 (0x1)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.opt\applic~1\mozilla\firefox\profiles\nhmpepbn.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-9-10 39472]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-6 92296]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-1 12032]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2008-12-25 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2008-12-25 1656960]
S2 0320551256121118mcinstcleanup;McAfee Application Installer Cleanup (0320551256121118);c:\windows\temp\032055~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\032055~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2009-6-3 457312]
S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2008-12-1 280064]

=============== Created Last 30 ================

2009-10-28 13:59:05 0 d-sh--w- c:\documents and settings\administrator.optimus\PrivacIE
2009-10-27 02:58:44 0 d-----w- c:\docume~1\admini~1.opt\applic~1\Malwarebytes
2009-10-27 02:58:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-27 02:58:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-27 02:58:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 02:58:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-27 02:39:59 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-26 03:25:27 1126 --sha-r- c:\documents and settings\administrator.optimus\ntuser.pol
2009-10-26 03:22:06 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-26 03:03:48 0 d-sh--w- c:\documents and settings\administrator.optimus\IETldCache
2009-10-25 16:59:51 0 d-----w- c:\program files\Open Office
2009-10-21 14:06:53 0 d--h--w- c:\windows\system32\GroupPolicy
2009-10-20 05:35:56 754 ----a-w- c:\windows\WORDPAD.INI
2009-10-17 21:45:44 0 d-----w- c:\docume~1\alluse~1\applic~1\U3

==================== Find3M ====================

2009-09-27 14:34:40 189496 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-16 17:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 17:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 17:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 17:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 17:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-09-04 11:24:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
2009-01-21 02:12:24 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-01-21 02:12:24 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-01-21 02:12:24 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 23:08:28.06 ===============

Attachments
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 5/19/2008 6:00:52 PM
System Uptime: 10/28/2009 7:55:06 PM (4 hours ago)

Motherboard: ECS-USA |  | GeForce6100PM-M2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | Socket AM2  | 2913/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 66.483 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 8 GiB total, 6.384 GiB free.
F: is FIXED (NTFS) - 24 GiB total, 19.033 GiB free.
G: is FIXED (NTFS) - 24 GiB total, 5.383 GiB free.
H: is FIXED (NTFS) - 169 GiB total, 136.211 GiB free.
I: is FIXED (NTFS) - 3 GiB total, 0.571 GiB free.
J: is FIXED (NTFS) - 160 GiB total, 101.503 GiB free.
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: IEEE 802.11g PCI Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_3AB91948&REV_01\4&72ACDAA&0&3020
Manufacturer: AirLink101
Name: IEEE 802.11g PCI Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_3AB91948&REV_01\4&72ACDAA&0&3020
Service: N3AB

==== System Restore Points ===================

RP445: 8/7/2009 11:57:14 PM - System Checkpoint
RP446: 8/9/2009 12:38:06 AM - System Checkpoint
RP447: 8/10/2009 10:21:08 AM - System Checkpoint
RP448: 8/11/2009 11:02:51 AM - System Checkpoint
RP449: 8/12/2009 12:02:51 PM - System Checkpoint
RP450: 8/13/2009 1:02:51 PM - System Checkpoint
RP451: 8/14/2009 2:03:56 PM - System Checkpoint
RP452: 8/15/2009 3:02:51 PM - System Checkpoint
RP453: 8/15/2009 4:15:54 PM - Software Distribution Service 3.0
RP454: 8/15/2009 4:21:23 PM - Software Distribution Service 3.0
RP455: 8/15/2009 4:45:43 PM - Printer Driver Microsoft XPS Document Writer Installed
RP456: 8/16/2009 6:03:36 PM - System Checkpoint
RP457: 8/17/2009 3:00:14 AM - Software Distribution Service 3.0
RP458: 8/18/2009 3:04:24 AM - System Checkpoint
RP459: 8/18/2009 3:27:40 PM - Installed Windows Media Player 11
RP460: 8/18/2009 3:28:56 PM - Installed Windows XP MSCompPackV1.
RP461: 8/19/2009 4:04:25 PM - System Checkpoint
RP462: 8/20/2009 5:04:24 PM - System Checkpoint
RP463: 8/21/2009 5:08:29 PM - System Checkpoint
RP464: 8/22/2009 7:39:09 PM - System Checkpoint
RP465: 8/23/2009 8:36:36 PM - System Checkpoint
RP466: 8/24/2009 9:36:35 PM - System Checkpoint
RP467: 8/25/2009 10:37:40 PM - System Checkpoint
RP468: 8/26/2009 3:00:14 AM - Software Distribution Service 3.0
RP469: 8/27/2009 3:36:39 AM - System Checkpoint
RP470: 8/28/2009 4:36:36 AM - System Checkpoint
RP471: 8/29/2009 5:36:35 AM - System Checkpoint
RP472: 8/30/2009 5:36:39 AM - System Checkpoint
RP473: 8/31/2009 6:36:41 AM - System Checkpoint
RP474: 9/1/2009 7:36:39 AM - System Checkpoint
RP475: 9/2/2009 3:00:19 AM - Software Distribution Service 3.0
RP476: 9/3/2009 3:36:47 AM - System Checkpoint
RP477: 9/4/2009 4:37:45 AM - System Checkpoint
RP478: 9/5/2009 5:36:39 AM - System Checkpoint
RP479: 9/6/2009 5:55:20 AM - System Checkpoint
RP480: 9/7/2009 1:20:25 PM - System Checkpoint
RP481: 9/8/2009 1:55:19 PM - System Checkpoint
RP482: 9/9/2009 3:00:14 AM - Software Distribution Service 3.0
RP483: 9/10/2009 3:17:52 AM - System Checkpoint
RP484: 9/11/2009 4:31:16 AM - System Checkpoint
RP485: 9/12/2009 4:34:53 AM - System Checkpoint
RP486: 9/13/2009 5:34:53 AM - System Checkpoint
RP487: 9/14/2009 5:34:56 AM - System Checkpoint
RP488: 9/15/2009 6:34:58 AM - System Checkpoint
RP489: 9/16/2009 7:34:59 AM - System Checkpoint
RP490: 9/17/2009 8:34:59 AM - System Checkpoint
RP491: 9/18/2009 9:35:00 AM - System Checkpoint
RP492: 9/19/2009 10:35:04 AM - System Checkpoint
RP493: 9/20/2009 11:29:25 AM - System Checkpoint
RP494: 9/21/2009 11:49:16 AM - System Checkpoint
RP495: 9/22/2009 1:46:23 PM - System Checkpoint
RP496: 9/23/2009 2:10:12 PM - System Checkpoint
RP497: 9/24/2009 2:35:01 PM - System Checkpoint
RP498: 9/25/2009 3:11:00 PM - System Checkpoint
RP499: 9/26/2009 3:35:00 PM - System Checkpoint
RP500: 9/27/2009 10:09:49 PM - System Checkpoint
RP501: 9/28/2009 11:26:20 PM - System Checkpoint
RP502: 9/29/2009 11:35:01 PM - System Checkpoint
RP503: 10/1/2009 12:35:00 AM - System Checkpoint
RP504: 10/2/2009 1:35:01 AM - System Checkpoint
RP505: 10/3/2009 2:35:00 AM - System Checkpoint
RP506: 10/4/2009 3:35:01 AM - System Checkpoint
RP507: 10/9/2009 11:25:00 PM - System Checkpoint
RP508: 10/11/2009 1:32:56 AM - System Checkpoint
RP509: 10/12/2009 2:00:27 AM - System Checkpoint
RP510: 10/13/2009 2:23:23 PM - System Checkpoint
RP511: 10/14/2009 6:44:58 PM - System Checkpoint
RP512: 10/15/2009 7:58:12 PM - System Checkpoint
RP513: 10/16/2009 3:00:23 AM - Software Distribution Service 3.0
RP514: 10/17/2009 4:58:59 AM - System Checkpoint
RP515: 10/18/2009 5:24:37 AM - System Checkpoint
RP516: 10/19/2009 6:24:37 AM - System Checkpoint
RP517: 10/20/2009 5:52:21 PM - System Checkpoint
RP518: 10/21/2009 7:03:01 PM - System Checkpoint
RP519: 10/22/2009 9:27:03 PM - System Checkpoint
RP520: 10/23/2009 10:53:28 PM - System Checkpoint
RP521: 10/25/2009 10:02:01 AM - Removed Java(TM) 6 Update 11
RP522: 10/25/2009 10:02:14 AM - Installed Java(TM) 6 Update 16
RP523: 10/25/2009 10:02:48 AM - Installed OpenOffice.org 3.1
RP524: 10/25/2009 8:21:34 PM - Restore Operation
RP525: 10/25/2009 8:31:56 PM - Restore Operation
RP526: 10/25/2009 8:35:59 PM - Restore Operation
RP527: 10/25/2009 8:39:53 PM - Restore Operation
RP528: 10/25/2009 8:44:11 PM - Restore Operation
RP529: 10/26/2009 10:11:19 PM - System Checkpoint
RP530: 10/27/2009 11:46:15 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9
AIM 6
AutoIt v3.2.12.1
BootSkin
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Camfrog Video Chat 5.3
CDDRV_Installer
Combined Community Codec Pack 2008-09-21 16:18
Command & Conquer 3
Command & Conquer Renegade
Counter-Strike: Source
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative WaveStudio 7
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
Diner Dash - Flo on the Go
Diner Dash 2
Download Manager 2.3.7
Final Fantasy XI Theme Installer
Fraps (remove only)
FTPRush v1 Unicode
Full Tilt Poker
Google Earth
Google Toolbar for Internet Explorer
Half-Life(R) 2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 6
Java(TM) 6 Update 7
KhalInstallWrapper
LimeWire 5.0.11
Logitech GamePanel Software 2.02
Logitech SetPoint
Malwarebytes' Anti-Malware
MaxtorMaxBlast
McAfee Security Scan
McAfee SecurityCenter
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 8
NVIDIA Drivers
NVIDIA PhysX v8.10.13
Paragon Partition Manager 9.0 Professional
PeerGuardian 2.0
PokerStars
PowerDVD
PSP Video 9 2.25
PunkBuster Services
QuickTime
Razer Lachesis
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB9
0

Here is the info you needed. TIA for your help.
uPolicies-explorer: NoControlPanel = 1 (0x1)
uPolicies-explorer: NoNetworkConnections = 1 (0x1)

Happy to help.

Nothing particularly evil jumps out at me from those logs. Just looks like a little minor registry alteration.

I'd like to take a more thorough look before posting the fix:
Please download Peek.bat to your desktop.
DoubleClick on it to run it and post me the contents of the log that pops up.

PP :)

0
C:\WINDOWS\system32\control.exe BUILTIN\Users:R 
                                BUILTIN\Power Users:R 
                                BUILTIN\Administrators:F 
                                NT AUTHORITY\SYSTEM:F 


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000000
"undockwithoutlogon"=dword:00000001


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]
"NoChangingWallpaper"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoControlPanel"=dword:00000001
"NoNetworkConnections"=dword:00000001
"NoFind"=dword:00000000
"NoRun"=dword:00000000

Edited by mike_2000_17: Fixed formatting

0

Please download FixIt.reg to your Desktop.
DoubleClick on FixIt.reg and allow it to merge into the registry.

Reboot for good measure and see if that helps.

Cheers :)
PP

0

Thanks so much, that got it working again!

Do you have any idea how something like that happened or what I can do to protect myself from something like it in the future other than running AV and FW software?

0

I think you have to format your entire computer system & re-install it properly to overcome that problem.

0

Thanks so much, that got it working again!
Do you have any idea how something like that happened or what I can do to protect myself from something like it in the future other than running AV and FW software?

Happy to help :)

More often than not, this is due to malware. I have seen a lot of compys issued by schools and businesses restrict this sort of access as well.
Some solid "real time" protection such as WinPatrol would be a good preventive measure.
There are other tools, but WinPatrol and SpywareBlaster are the ones I would recommend.

I think you have to format your entire computer system & re-install it properly to overcome that problem.

Errr . . . . NO.
What is the point of posting something like that?

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.