Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow computer


  • This topic is locked This topic is locked
15 replies to this topic

#1 looney2340

looney2340

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:07:02 PM

Posted 12 October 2008 - 10:05 PM

Hi there once again im calling on everyones help on my computer. I can not seem to get spybot to stop blocking a registry change from something trying to run or install itself on my computer im afraid its the begining or the middle of an infection. Im getting 5 -6 windows of spybot blocking something which says this...when i ran highjack this i did delete an entry that was for deluxecommunications its not on the log now but im sure its still loading someplace.

Registry change denied
Resident denied the change of
Excludefromknownd Dlls (catagory session manager)
Based on your blacklist

Now im getting as many as 5 -6 windows at a time saying the same thing slowing down my computer so much that it takes a long time to open anything.
Here is my highjack this log as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:24 PM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lexbces.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Son\Desktop\HiJackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...059/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\lexbces.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 5569 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 23 October 2008 - 07:26 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:07:02 PM

Posted 23 October 2008 - 10:23 PM

thank you panda for the reply i am helping my dad remotely what i did was disable tea timer and restart it not sure if it was good or not to do but seems to have stopped the problem either that or created a new one. I will follow your instsructions just to be safe and post logs here in my next reply.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 24 October 2008 - 07:21 AM

Hello.

That will be fine.

With Regards,
The Panda

#5 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:07:02 PM

Posted 26 October 2008 - 09:57 PM

Hi Panda here are the results of the scans i did

OTViewIt logfile created on: 10/26/2008 10:52:32 PM - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Son\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 48.43 Mb Available Physical Memory | 18.99% Memory free
616.66 Mb Paging File | 72.41 Mb Available in Paging File | 11.74% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 13.80 Gb Free Space | 48.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BASEMENT
Current User Name: Son
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2002/07/08 10:49:26 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2002/07/08 10:49:28 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2007/07/20 15:21:34 | 00,557,056 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2001/09/27 06:01:00 | 00,167,953 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
[2008/10/17 20:34:53 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
[2007/04/17 14:03:52 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
[2008/10/17 20:34:34 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
[2005/10/13 20:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
[2005/08/24 17:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2003/08/27 10:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
[2001/09/27 06:01:00 | 00,106,513 | ---- | M] () -- C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
[2001/09/27 06:01:00 | 00,151,569 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
[2001/09/27 06:01:00 | 00,143,377 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee VirusScan\WebScanX.exe
[2007/04/17 14:03:52 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[2008/10/17 20:34:34 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
[2001/09/27 06:01:00 | 00,036,881 | ---- | M] (Network Associates Inc.) -- C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
[2005/09/22 19:29:08 | 00,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2001/09/27 03:00:00 | 00,142,336 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
[2005/05/31 01:04:00 | 01,415,824 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/04/17 14:03:52 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
[2008/10/17 20:34:34 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
[2008/08/23 01:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/26 22:51:42 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Son\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/07/20 15:21:34 | 00,557,056 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2004/06/29 09:29:30 | 00,184,373 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe -- (AOLService [Auto | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2001/09/27 06:01:00 | 00,167,953 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe -- (AvSynMgr [Auto | Running])
File not found -- -- (DNSCacheReader [Disabled | Stopped])
File not found -- -- (iPod Service [Disabled | Stopped])
[2002/07/08 10:49:26 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2008/10/17 20:34:53 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint [Auto | Running])
[2007/04/17 14:03:52 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
[2005/10/13 20:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe [Auto | Running])
[2001/09/27 06:01:00 | 00,225,375 | ---- | M] () -- C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe -- (McShield [On_Demand | Stopped])
[2005/08/24 17:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe [Auto | Running])
[2005/07/01 20:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
File not found -- -- (Net Agent [Disabled | Stopped])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2006/03/16 11:33:12 | 01,693,464 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [On_Demand | Stopped])
[2003/08/27 10:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])

========== Driver Services ==========

[2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2005/08/21 00:49:17 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2001/08/17 08:48:52 | 00,281,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa [On_Demand | Stopped])
[2004/08/04 01:29:26 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa [On_Demand | Running])
[2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Stopped])
[2005/06/16 10:27:52 | 00,012,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rylm100.sys -- (BulkUsb [On_Demand | Stopped])
[2007/03/07 19:51:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/03/07 19:51:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2002/04/30 12:53:08 | 00,139,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2001/08/17 08:12:32 | 00,016,074 | ---- | M] (NETGEAR Corp.) -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312 [On_Demand | Running])
[2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2004/08/04 01:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/08/04 01:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP [On_Demand | Running])
[2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
[2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2008/02/28 15:31:50 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo [Auto | Running])
[2007/04/17 14:00:30 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr [On_Demand | Running])
[2008/10/17 20:34:36 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
[2008/10/17 20:34:36 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
[2004/08/04 01:41:55 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[1999/08/10 13:51:58 | 00,034,916 | ---- | M] (Marimba, Inc.) -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate [Auto | Running])
[2001/08/17 12:22:04 | 00,023,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\NaiFiltr.sys -- (NaiFiltr [On_Demand | Running])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2002/06/25 17:44:42 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2002/06/17 15:43:14 | 00,553,624 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2001/08/17 09:28:10 | 00,073,279 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone [Auto | Running])
[2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2006/03/16 11:33:00 | 00,372,824 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2003/01/10 17:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/08/04 01:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys -- (winachsf [On_Demand | Running])
[2002/06/25 17:51:20 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.msn.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default"=
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.my.myway.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default"=
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.my.myway.com/

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1009\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alogserv"=C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe (Network Associates Inc.)
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" (LogMeIn, Inc.)
"McAfee Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU (Network Associates, Inc.)
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor (Networks Associates Technologies, Inc.)
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe File not found
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor (Networks Associates Technologies, Inc.)
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe File not found
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
95 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
95 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
95 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
95 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
93 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: -- Reg Error: Key does not exist or could not be opened.
{6414512B-B978-451D-A0D8-FCFDF33E833C}: -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: -- MUWebControl Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}: http://download.mcafee.com/molbin/iss-loc/...059/mcfscan.cab -- McFreeScan Class
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1A08F044-37B8-4F87-B6F7-44142F02B883} (Servers: | Description: NETGEAR FA311 Fast Ethernet Adapter)
{E154D334-2194-454F-A1C0-ACDD72D2F3BD} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
LMIinit: "DllName" = LMIinit.dll -- C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/20 21:53:48 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/26 22:51:39 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Son\Desktop\OTViewIt.exe
[2008/10/24 00:56:22 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/14 18:04:59 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/14 18:04:26 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/14 18:04:19 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/14 18:04:18 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/14 18:04:17 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/14 18:04:16 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/13 20:11:04 | 00,210,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/10/12 23:53:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Son\Application Data\Malwarebytes
[2008/10/12 23:53:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/12 23:53:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/12 23:51:01 | 02,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Son\Desktop\mbam-setup.exe
[2008/10/12 21:55:34 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\zip.exe
[2008/10/12 21:55:34 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\process.exe
[2008/10/12 21:55:24 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\Son\Desktop\roguescanfix_setup.lnk
[2008/10/12 21:52:58 | 00,000,000 | ---D | C] -- C:\Program Files\roguescanfix
[2008/10/12 21:45:49 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2008/09/30 19:56:06 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Son\My Documents\I Am From.doc

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008/10/26 22:51:42 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Son\Desktop\OTViewIt.exe
[2008/10/26 21:03:53 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2008/10/26 12:59:42 | 00,000,041 | ---- | M] () -- C:\WINDOWS\System32\MSCANDC.INI
[2008/10/26 12:58:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/26 12:58:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/26 12:58:31 | 26,746,0608 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/17 22:52:40 | 00,001,098 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2008/10/17 20:34:36 | 00,087,352 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2008/10/17 20:34:36 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2008/10/17 20:34:36 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2008/10/17 20:34:36 | 00,028,984 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2008/10/17 20:34:36 | 00,023,736 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\lmimirr.dll
[2008/10/17 20:34:36 | 00,010,040 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\lmimirr2.dll
[2008/10/16 03:01:24 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 03:12:00 | 00,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/13 00:01:57 | 02,189,864 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Son\Desktop\mbam-setup.exe
[2008/10/12 22:26:50 | 04,276,740 | -H-- | M] () -- C:\Documents and Settings\Son\Local Settings\Application Data\IconCache.db
[2008/10/12 22:25:34 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/12 22:22:18 | 00,035,977 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/12 21:55:24 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Son\Desktop\roguescanfix_setup.lnk
[2008/10/12 21:34:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/12 21:34:29 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/10/12 21:34:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/30 19:56:07 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Son\My Documents\I Am From.doc
< End of report >

OTViewIt Extras logfile created on: 10/26/2008 10:52:32 PM - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Son\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 48.43 Mb Available Physical Memory | 18.99% Memory free
616.66 Mb Paging File | 72.41 Mb Available in Paging File | 11.74% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 13.80 Gb Free Space | 48.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BASEMENT
Current User Name: Son
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/02/09 16:59:48 | 00,259,632 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2002/07/08 10:49:28 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/03/16 11:33:12 | 01,693,464 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Disabled:TrueVector Service

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 10:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 10:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 10:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 19:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2002/04/02 17:18:18 | 07,441,224 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
File not found C:\WINDOWS\System32\mscoree.dll application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
File not found C:\WINDOWS\System32\mscoree.dll application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
File not found C:\WINDOWS\System32\mscoree.dll application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08094E03-AFE4-4853-9D31-6D0743DF5328}"=QuickTime
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}"=Microtek FineReader OCR Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3FEC3A5B-60FF-4626-B425-08E09B121A15}"=LogMeIn
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}"=McAfee Shredder
"{87AEFD84-BC0D-11D4-B885-00508B022A51}"=McAfee VirusScan
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}"=Napster Burn Engine
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{923B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Project Professional 2002
"{9E0FB790-5971-41F3-A1C3-1CF9E153FF2A}"=McAfee Firewall
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}"=Microsoft Works 6.0
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.1
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}"=ScanWizard 5
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}"=Works Synchronization
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DC19E750-988B-4005-A355-85EF66055EFE}"=Works Suite OS Pack
"{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}"=Disney Pix 2.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F2E9A716-F666-4BFD-8F31-CDC3F9350CBB}"=Disney Pix Click Downloader
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"AOL Spyware Protection"=AOL Spyware Protection
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver"=AOL You've Got Pictures Screensaver
"AOLCoach"=AOL Coach Version 1.0(Build:20040229.1 en)
"Coupon Printer for Windows4.0"=Coupon Printer for Windows
"DAO 3.5"=DAO 3.5
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IrfanView"=IrfanView (remove only)
"Lexmark Supplies Monitor"=Lexmark Supplies Monitor
"Lexmark Z55"=Lexmark Z55
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Mcafee SecurityCenter"=McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NoAdware_is1"=NoAdware v3.0
"PrintKey2000"=PrintKey2000
"PROSet"=Intel® PRO Ethernet Adapter and Software
"Quicken Home & Business 2000"=Quicken Home & Business 2000
"RealPlayer 6.0"=RealPlayer Basic
"roguescanfix_setup_is1"=roguescanfix 1.5
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"SpywareBlaster_is1"=SpywareBlaster 4.1
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebPost"=Microsoft Web Publishing Wizard 1.53
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"Works2002Setup"=Microsoft Works 2002 Setup Launcher
"ZoneAlarm Pro"=ZoneAlarm Pro
"Zuma Deluxe RA"=Zuma Deluxe RA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2008 10:08:15 AM | Computer Name = BASEMENT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/28/2008 2:44:36 PM | Computer Name = BASEMENT | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
took longer than 35000 ms to complete a request. The process will be terminated.
Thread
id : 2976 (0xba0) Thread address : 0x120dbcce Thread message : Build Sep 27 2001
09:32:02 / 5200.2160 Object being scanned = \Device\HarddiskVolume1\WINDOWS\explorer.exe
( @ 10003 (10003,10003,10010,24011))

Error - 8/28/2008 2:44:41 PM | Computer Name = BASEMENT | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
took longer than 35000 ms to complete a request. The process will be terminated.
Thread
id : 2980 (0xba4) Thread address : 0x120dbcce Thread message : Build Sep 27 2001
09:32:02 / 5200.2160 Object being scanned = \Device\HarddiskVolume1\Program Files\LogMeIn\x86\LogMeInSystray.exe
( @ 10003 (10003,10003,10003,10003))

Error - 8/31/2008 9:54:11 PM | Computer Name = BASEMENT | Source = Application Hang | ID = 1002
Description = Hanging application VsMain.exe, version 6.1.1008.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2008 9:37:52 PM | Computer Name = BASEMENT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mcscan32.dll, version 5.300.0.2777, fault address 0x0010e172.

Error - 9/19/2008 9:38:13 PM | Computer Name = BASEMENT | Source = Application Error | ID = 1001
Description = Fault bucket 904963959.

Error - 9/21/2008 11:40:01 AM | Computer Name = BASEMENT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2008 11:40:01 AM | Computer Name = BASEMENT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2008 11:40:02 AM | Computer Name = BASEMENT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2008 11:40:02 AM | Computer Name = BASEMENT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/13/2008 12:09:52 AM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AvSynMgr service.

Error - 10/13/2008 8:02:14 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7022
Description = The AVSync Manager service hung on starting.

Error - 10/13/2008 8:04:18 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7022
Description = The Remote Access Connection Manager service hung on starting.

Error - 10/13/2008 8:04:18 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Auto Connection Manager service depends on the Remote
Access Connection Manager service which failed to start because of the following
error: %%1070

Error - 10/13/2008 8:07:28 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 10/13/2008 8:07:28 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 10/16/2008 7:42:19 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7022
Description = The AVSync Manager service hung on starting.

Error - 10/24/2008 7:46:45 PM | Computer Name = BASEMENT | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 10/24/2008 7:46:54 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/24/2008 7:46:54 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of report >

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 27 October 2008 - 01:50 PM

Hello looney2340.

Are you working on this computer using remote?

I don't see anything that would be causing SpyBot to give warnings constantly yet. Let's dig deeper.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

With Regards,
The Panda

#7 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:07:02 PM

Posted 28 October 2008 - 01:52 PM

Hi Panda,
Yes i am helping remotely using a free service called logme in. I will be running a scan from kaspersky and will post a log late this evening with the other log as requested.

Thanks
Looney

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 28 October 2008 - 02:19 PM

Hello Looney.

Using remote won't usually be a problem. We will try to avoid any steps that require Safe Mode then.

I'll hear back from you later then.

With Regards,
The Panda

#9 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:07:02 PM

Posted 30 October 2008 - 01:36 PM

Hi Panda,
I have had a problem with the online scan i ran it once and left it running while i went to work and it stopped in the middle of a scan about 10 into it. Im now running the scan from th gmer.zip program once its finished i will post a log for that.

Looney

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 30 October 2008 - 02:18 PM

Hello.

That is no big problem.

With Regards,
The Panda

#11 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:07:02 PM

Posted 30 October 2008 - 11:38 PM

Hi panda below is the log from the gmer scan i did.





GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-31 00:37:30
Windows 5.1.2600 Service Pack 3


---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[456] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [11C075C0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [11C077E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [11C07750] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [11C07750] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [11C07750] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [11C077E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [11C07750] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [11C073E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [11C075C0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [11C077E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [11C07750] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [11C073E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [11C075C0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [11C077E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [11C07750] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [11C073E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [11C07750] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [11C077E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [11C07750] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [11C077E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [11C075C0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [11C07750] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [11C075C0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [11C073E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [11C07660] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [11C073E0] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [11C07880] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3960] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [11C07530] C:\Program Files\McAfee\McAfee VirusScan\Wbhook32.dll (Web Hook/Network Associates, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs NaiFiltr.sys
AttachedDevice \FileSystem\Fastfat \Fat NaiFiltr.sys

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2008-10-31 04:22:35
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime 2008-10-30 08:13:55

---- EOF - GMER 1.0.14 ----

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 31 October 2008 - 07:17 AM

Hello.

From what I can see in all the logs, your computer is malware free.

I suggest that you post a topic in Windows XP.

View Point Program
Viewpoint Manager and Viewpoint Media Player are considered as foistware instead of malware since it is installed without users approval, but does not have malicious effects. This changed from what we know in 2006 read this article.

I suggest you remove the program(s) through Add and Remove Programs.

With Regards,
The Panda

#13 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:07:02 PM

Posted 31 October 2008 - 02:07 PM

Hi Panda good news that im malware free i try and work hard to keep all my and my families computes clean. You suggested i make a post in windows XP what sould i post and what topic. If i am malware free what would i post ? Also what is Viewpoint Manager and Viewpoint Media Player and if it is in add remove programs would you know if any other programs may use it and maybe not work correctly if uninstalled ?

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 31 October 2008 - 02:15 PM

Hello looney2340.

You suggested i make a post in windows XP what sould i post and what topic

That is if you still have problems like slowness. If everything is fine, then there's no need to do so :thumbsup: .

Also what is Viewpoint Manager and Viewpoint Media Player and if it is in add remove programs would you know if any other programs may use it and maybe not work correctly if uninstalled ?

It is similar to Windows Media Player. It is usually installed without the user's permission, but is not malicious. Uninstalling it is your choice. Other programs will not be affected.

With Regards,
The Panda

#15 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:07:02 PM

Posted 31 October 2008 - 10:30 PM

Thanks panda for your help if there are any other problems ill make a post in the other forum.

Looney




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users