Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.virtumonde keeps coming back after cleaning it out with Malewarebytes


  • This topic is locked This topic is locked
74 replies to this topic

#1 rjwright

rjwright

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 12 April 2009 - 06:32 PM

Hi there,

After reading many of the forums here on removing this pesky trojan Virtumonde, it keeps coming back. I have run Malewarebytes, Vundofix and Spyware Doctor. Vundofix didn't work, Spyware Doctor works somewhat and Malewarebytes seems to be the only program that works UNTIL I access the internet again using either Mozilla Firefox or AOL software. IE7 is disabled due to this trojan. I don't what else to do here. It also keeps shutting down the Firefox web browser when I'm right in the middle of doing something like writing this post. I am running Windows XP Home edition, SP3.

Thanks

Edited by rjwright, 12 April 2009 - 07:06 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 AM

Posted 26 April 2009 - 12:02 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 rjwright

rjwright
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 26 April 2009 - 12:15 PM

Hi There, Here you go.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Daddy_2 at 2009-04-26 13:07:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (62%) free of 38 GB
Total RAM: 1022 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:45 PM, on 4/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\AOL\1129470813\ee\AOLSoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\AOL 9.1\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Daddy_2\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Daddy_2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129470813\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ModemHelper] E:\MDM_Util /EntryAfterReseatReboot
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: crypynet - C:\WINDOWS\SYSTEM32\cryptnet.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9736 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-03 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-12 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-15 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{BA52B914-B692-46c4-B683-905236F6F655}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2005-10-19 126976]
"Dell AIO Printer A920"=C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe [2003-05-02 270336]
"HostManager"=C:\Program Files\Common Files\AOL\1129470813\ee\AOLSoftware.exe [2008-11-06 41264]
"ModemHelper"=E:\MDM_Util /EntryAfterReseatReboot []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-03 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-15 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-06-03 50528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypynet]
C:\WINDOWS\system32\cryptnet.dll [2008-04-13 64512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=cli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-04-26 13:07:23 ----D---- C:\rsit
2009-04-24 08:51:52 ----D---- C:\Program Files\CCleaner
2009-04-23 19:45:04 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-23 19:44:54 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-23 19:44:54 ----D---- C:\Documents and Settings\Daddy_2\Application Data\SUPERAntiSpyware.com
2009-04-23 19:44:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-18 16:37:26 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Mozilla
2009-04-18 16:32:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-18 16:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 16:22:02 ----D---- C:\Program Files\Trend Micro
2009-04-17 15:04:51 ----HDC---- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-17 08:23:48 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Malwarebytes
2009-04-16 22:29:50 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Macromedia
2009-04-16 22:24:20 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Adobe
2009-04-16 22:20:03 ----HD---- C:\Documents and Settings\Daddy_2\Application Data\GTek
2009-04-16 22:19:59 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Real
2009-04-16 22:18:50 ----ASH---- C:\Documents and Settings\Daddy_2\Application Data\DESKTOP.INI
2009-04-16 22:18:37 ----SD---- C:\Documents and Settings\Daddy_2\Application Data\Microsoft
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Symantec
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Sun
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Sonic
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Jasc Software Inc
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Identities
2009-04-16 18:59:29 ----D---- C:\Program Files\Startup Inspector for Windows
2009-04-16 17:59:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\AOL
2009-04-15 23:27:48 ----D---- C:\0c78be0a7887340383fc066a5e
2009-04-15 23:16:07 ----D---- C:\Program Files\ACW
2009-04-15 21:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 21:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 21:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 21:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 21:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 21:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 20:12:38 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 19:47:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-15 19:39:39 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-04-15 18:52:23 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-15 18:52:23 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-15 18:52:22 ----A---- C:\WINDOWS\system32\java.exe
2009-04-13 18:30:28 ----SHD---- C:\RECYCLER
2009-04-12 18:05:52 ----A---- C:\WINDOWS\zip.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\vFind.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\SWSC.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\SWREG.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\sed.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\grep.exe
2009-04-12 18:05:41 ----D---- C:\WINDOWS\ERDNT
2009-04-12 11:28:23 ----HD---- C:\WINDOWS\PIF
2009-04-12 09:51:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-07 19:51:56 ----A---- C:\WINDOWS\system32\q4Hjayd8IG7LI9z.vbs
2009-04-03 20:44:25 ----D---- C:\Program Files\Common Files\xing shared
2009-03-28 19:43:27 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2009-04-26 10:27:04 ----A---- C:\WINDOWS\WIN.INI
2009-04-26 10:26:53 ----D---- C:\WINDOWS\Temp
2009-04-26 10:25:27 ----D---- C:\WINDOWS
2009-04-26 10:25:17 ----D---- C:\WINDOWS\Prefetch
2009-04-26 10:25:00 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-04-26 10:17:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-25 08:01:37 ----D---- C:\Program Files\McAfee
2009-04-24 13:37:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-24 13:34:41 ----A---- C:\WINDOWS\dellstat.ini
2009-04-24 09:29:53 ----D---- C:\WINDOWS\SYSTEM32
2009-04-24 08:55:11 ----D---- C:\WINDOWS\Minidump
2009-04-24 08:55:11 ----D---- C:\WINDOWS\Debug
2009-04-24 08:51:52 ----AD---- C:\Program Files
2009-04-24 08:45:31 ----HD---- C:\WINDOWS\INF
2009-04-24 08:43:35 ----D---- C:\WINDOWS\system32\DRIVERS
2009-04-24 08:26:27 ----SHD---- C:\System Volume Information
2009-04-24 08:26:27 ----D---- C:\WINDOWS\system32\Restore
2009-04-23 19:45:01 ----SHD---- C:\WINDOWS\Installer
2009-04-23 19:44:20 ----D---- C:\Program Files\Common Files
2009-04-22 20:09:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-22 18:26:03 ----D---- C:\Program Files\Spyware Doctor
2009-04-21 17:42:54 ----SD---- C:\WINDOWS\Tasks
2009-04-20 21:11:53 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-19 17:46:01 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-04-19 17:45:08 ----D---- C:\WINDOWS\system32\en-US
2009-04-19 17:45:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-18 17:40:12 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-04-18 13:19:37 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-18 13:04:47 ----D---- C:\WINDOWS\REPAIR
2009-04-18 13:04:41 ----D---- C:\WINDOWS\Registration
2009-04-18 10:50:59 ----D---- C:\WINDOWS\system32\FxsTmp
2009-04-17 18:44:16 ----D---- C:\I386
2009-04-17 08:22:11 ----D---- C:\Program Files\CleanUp!
2009-04-16 22:22:56 ----D---- C:\Documents and Settings
2009-04-16 22:19:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-16 22:19:20 ----D---- C:\Program Files\Web Publish
2009-04-16 22:00:26 ----AD---- C:\WINDOWS\system32\CONFIG
2009-04-16 22:00:01 ----D---- C:\WINDOWS\system32\WBEM
2009-04-16 20:01:06 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-16 19:56:24 ----D---- C:\Program Files\WildTangent
2009-04-15 23:46:37 ----D---- C:\Program Files\Internet Explorer
2009-04-15 23:23:02 ----AC---- C:\WINDOWS\ODBC.INI
2009-04-15 21:28:07 ----D---- C:\WINDOWS\AppPatch
2009-04-15 21:23:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 18:51:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-15 18:47:56 ----D---- C:\Program Files\Java
2009-04-15 17:22:21 ----D---- C:\Program Files\Viewpoint
2009-04-13 19:08:23 ----A---- C:\WINDOWS\system.ini
2009-04-12 16:15:23 ----D---- C:\Downloads
2009-04-12 11:08:04 ----D---- C:\Program Files\Registry Mechanic
2009-04-11 21:48:25 ----D---- C:\WINDOWS\ShellNew
2009-04-10 14:46:30 ----D---- C:\HeavyWeather
2009-04-06 07:57:26 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 20:44:12 ----D---- C:\Program Files\Common Files\Real
2009-04-03 20:44:07 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-04-03 20:43:45 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-04-03 20:43:45 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-04-03 20:43:35 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-04-03 13:49:27 ----AC---- C:\WINDOWS\cdPlayer.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-01-19 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys []
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-15 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-05-02 303104]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-20 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:39 AM

Posted 01 May 2009 - 04:08 PM

Hi rjwright,

Sorry for not getting a reply earlier. suebaby41 could not reply to the topic due to health problems. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • I see from the log you are using a registry cleaner. It is even scheduled to run. Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.

  • Optional:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you uninstall the following program via Add or Remove Programs if your are using it:

    Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    If you uninstalled it also remove the folder in bold: C:\Program Files\Viewpoint

  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    • Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As").
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.


  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please include in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • Any comment or feedback about how it went.

Edited by farbar, 02 May 2009 - 02:29 AM.


#5 rjwright

rjwright
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 01 May 2009 - 07:54 PM

Hi Farber,

First of all, I hope that Suebaby41 will be alright. I heard she has a "Trigger Finger". I hear they are painful. Now on to the topic at hand. I have removed Veiwpoint in the past but the media player keeps coming back. When I went to remove the program folder of Veiwpoint, a warning came up saying, Cannot delete AxMetaStream.dll. Being used by another program, even though no other program was running at that time, that I know of. Everything else you asked me to do went great. I will be posting the MBAM log and the Combofix log as soon as I let you know what doesn't seem to be working.

1. I am unable to go to Microsoft Windows Update website to download any updates that I may need. It comes up with Error code 0x800704DD. It is set to automatically download and install updates and I believe it is doing so but I don't see it doing it.

2. My McAfee Viruscan and Personal Firewall software don't appear to updating, or at least it doesn't show me if it is or not. The icon on the task bar appears for about 15 seconds on start up then it disappears. When I manually try to check for updates, it doesn't do or show anything. It usually tells me when the program is up to date.

3. I know this was probably a bad thing to do but it was the only way to remove the Virtumonde Trojan I had. I had to shut off the System Restore. Before Suebaby41 posted her reply to my original post, I ran Malwarebytes and then Superantispyware Free Edition to remove the Trojan. They showed me that part of the Trojan was in a restore point. Since then, I haven't had an infection.

4. Overall, that is about it other than this computer does slow down to a crawl at times. On another note, I wish something could be done about this satilite internet. I just started to read your reply and a rain cloud pasted over so I lost the connection. :thumbup2: As far as the registry cleaner goes, if it's the PC Registry Cleaner you were referring to, I haven't ran that for at least 10 days now. The only thing it may do is update on its own.

Here's the logs you requested. Both programs ran like a charm. :


Malwarebytes' Anti-Malware 1.36
Database version: 2066
Windows 5.1.2600 Service Pack 3

5/1/2009 7:41:33 PM
mbam-log-2009-05-01 (19-41-33).txt

Scan type: Quick Scan
Objects scanned: 92223
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix 09-05-02.4 - Daddy_2 05/01/2009 19:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.634 [GMT -4:00]
Running from: c:\documents and settings\Daddy_2\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-26 17:07 . 2009-04-26 17:07 -------- d-----w C:\rsit
2009-04-24 12:51 . 2009-04-24 12:51 -------- d-----w c:\program files\CCleaner
2009-04-23 23:45 . 2009-04-23 23:45 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-23 23:44 . 2009-04-23 23:44 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-23 23:44 . 2009-04-23 23:44 -------- d-----w c:\documents and settings\Daddy_2\Application Data\SUPERAntiSpyware.com
2009-04-23 23:44 . 2009-04-23 23:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-18 20:32 . 2009-05-01 15:03 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-18 20:32 . 2009-04-24 13:02 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-17 20:22 . 2009-04-17 20:22 -------- d-----w c:\program files\Trend Micro
2009-04-17 19:04 . 2009-04-17 19:04 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-17 18:22 . 2008-04-14 00:12 116224 ----a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-17 18:22 . 2001-08-18 02:36 23040 ----a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-17 18:22 . 2008-04-14 00:12 18944 ----a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-17 18:22 . 2001-08-18 02:37 27648 ----a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-17 18:22 . 2001-08-18 02:37 4608 ----a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-04-17 18:21 . 2001-08-18 02:37 99865 ----a-w c:\windows\system32\dllcache\xlog.exe
2009-04-17 18:21 . 2001-08-17 16:11 16970 ----a-w c:\windows\system32\dllcache\xem336n5.sys
2009-04-17 18:21 . 2008-04-14 00:12 8192 ----a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-17 18:21 . 2008-04-13 18:36 8832 ----a-w c:\windows\system32\dllcache\wmiacpi.sys
2009-04-17 18:21 . 2004-08-04 02:31 154624 ----a-w c:\windows\system32\dllcache\wlluc48.sys
2009-04-17 18:21 . 2001-08-17 16:12 34890 ----a-w c:\windows\system32\dllcache\wlandrv2.sys
2009-04-17 18:21 . 2001-08-17 17:28 771581 ----a-w c:\windows\system32\dllcache\winacisa.sys
2009-04-17 18:21 . 2001-08-18 02:36 53760 ----a-w c:\windows\system32\dllcache\wiamsmud.dll
2009-04-17 18:21 . 2002-08-29 10:00 31232 ----a-w c:\windows\system32\dllcache\weitekp9.sys
2009-04-17 18:21 . 2002-08-29 10:00 41600 ----a-w c:\windows\system32\dllcache\weitekp9.dll
2009-04-17 18:19 . 2002-08-29 10:00 185344 ----a-w c:\windows\system32\dllcache\thawbrkr.dll
2009-04-17 18:18 . 2002-08-29 10:00 26624 ----a-w c:\windows\system32\dllcache\sm92w.dll
2009-04-17 18:17 . 2001-08-17 16:12 19017 ----a-w c:\windows\system32\dllcache\rtl8029.sys
2009-04-17 18:16 . 2001-08-17 16:12 26153 ----a-w c:\windows\system32\dllcache\pcmlm56.sys
2009-04-17 18:15 . 2008-04-13 18:46 49024 ----a-w c:\windows\system32\dllcache\mstape.sys
2009-04-17 18:14 . 2001-08-17 16:49 22848 ----a-w c:\windows\system32\dllcache\lwusbhid.sys
2009-04-17 18:13 . 2001-08-17 16:12 45632 ----a-w c:\windows\system32\dllcache\ip5515.sys
2009-04-17 18:12 . 2008-04-13 18:40 28288 ----a-w c:\windows\system32\dllcache\grserial.sys
2009-04-17 18:11 . 2001-08-17 16:20 334208 ----a-w c:\windows\system32\dllcache\ds1wdm.sys
2009-04-17 18:10 . 2001-08-17 16:11 39936 ----a-w c:\windows\system32\dllcache\cnxt1803.sys
2009-04-17 18:09 . 2001-08-17 17:12 2944 ----a-w c:\windows\system32\dllcache\brfilt.sys
2009-04-17 18:08 . 2001-08-18 02:36 61440 ----a-w c:\windows\system32\dllcache\acerscad.dll
2009-04-17 12:23 . 2009-04-17 12:23 -------- d-----w c:\documents and settings\Daddy_2\Application Data\Malwarebytes
2009-04-17 11:53 . 2009-04-17 11:53 -------- d-----w c:\documents and settings\Daddy_2\Local Settings\Application Data\Adobe
2009-04-17 02:27 . 2009-04-17 02:27 -------- d-----w c:\documents and settings\Daddy_2\Local Settings\Application Data\Mozilla
2009-04-17 02:20 . 2009-04-17 02:20 -------- d--h--w c:\documents and settings\Daddy_2\Application Data\GTek
2009-04-17 02:20 . 2009-04-17 02:20 -------- d-----w c:\documents and settings\Daddy_2\Local Settings\Application Data\Apple Computer
2009-04-17 02:19 . 2009-04-17 02:20 -------- d-----w c:\documents and settings\Daddy_2\Local Settings\Application Data\AOL
2009-04-16 22:59 . 2009-04-16 23:04 -------- d-----w c:\program files\Startup Inspector for Windows
2009-04-16 21:59 . 2009-04-16 21:59 -------- d-----w c:\documents and settings\Daddy_2\Application Data\AOL
2009-04-16 03:27 . 2009-04-16 03:27 -------- d-----w C:\0c78be0a7887340383fc066a5e
2009-04-16 03:16 . 2009-04-16 03:16 -------- d-----w c:\program files\ACW
2009-04-16 00:12 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 00:00 . 2009-04-16 00:00 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-15 23:47 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 23:47 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 23:47 . 2009-04-18 20:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 23:39 . 2009-04-15 23:39 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-12 15:28 . 2009-04-12 15:28 -------- d--h--w c:\windows\PIF
2009-04-12 13:51 . 2009-04-12 13:51 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-07 23:51 . 2009-04-07 23:51 615 ----a-w c:\windows\system32\q4Hjayd8IG7LI9z.vbs
2009-04-04 00:44 . 2009-04-04 00:44 -------- d-----w c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 23:53 . 2004-06-09 16:47 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-25 12:01 . 2006-08-01 01:22 -------- d-----w c:\program files\McAfee
2009-04-22 22:26 . 2008-04-02 20:01 -------- d-----w c:\program files\Spyware Doctor
2009-04-17 12:27 . 2009-04-17 02:18 150904 ----a-w c:\documents and settings\Daddy_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 12:22 . 2007-02-13 22:31 -------- d-----w c:\program files\CleanUp!
2009-04-17 02:19 . 2005-05-13 20:03 -------- d-----w c:\program files\Web Publish
2009-04-16 23:56 . 2005-07-16 21:55 -------- d-----w c:\program files\WildTangent
2009-04-15 22:51 . 2008-12-02 21:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-15 22:47 . 2004-06-09 16:53 -------- d-----w c:\program files\Java
2009-04-15 21:22 . 2004-06-09 17:03 -------- d-----w c:\program files\Viewpoint
2009-04-04 00:44 . 2004-06-09 17:02 -------- d-----w c:\program files\Common Files\Real
2009-03-25 15:06 . 2006-08-01 03:55 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 15:06 . 2006-08-01 03:55 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 15:06 . 2006-08-01 03:55 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 15:06 . 2006-08-01 03:55 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 15:05 . 2006-08-01 03:55 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-22 23:14 . 2009-03-22 23:14 -------- d-----w c:\program files\Microsoft Windows Vista Upgrade Advisor
2009-03-19 18:43 . 2008-06-24 22:33 -------- d-----w c:\program files\AOL 9.1
2009-03-15 17:26 . 2009-02-14 20:03 -------- d-----w c:\program files\Windows Desktop Search
2009-03-15 16:51 . 2009-03-15 16:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-14 23:42 . 2004-06-09 17:01 -------- d-----w c:\program files\Common Files\AOL
2009-03-13 19:58 . 2009-03-10 21:47 -------- d-----w c:\program files\NOS
2009-03-12 22:15 . 2009-02-11 16:25 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-12 22:15 . 2009-02-11 16:25 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-10 22:10 . 2004-07-16 22:42 -------- d-----w c:\program files\Common Files\Adobe
2009-03-07 01:22 . 2008-06-24 02:23 -------- d-----w c:\program files\Common Files\AOLSHARE
2009-03-06 14:22 . 2006-07-30 21:16 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-07-30 21:15 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2008-11-27 14:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2006-07-30 21:15 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2006-07-30 21:16 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2006-07-30 21:15 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2006-07-30 21:15 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 11:13 . 2006-07-30 21:15 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2006-07-30 21:15 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2006-07-30 21:15 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2006-07-30 21:15 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2002-08-29 10:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2006-07-30 21:16 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemHelper"="E:\MDM_Util" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-10-19 126976]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"HostManager"="c:\program files\Common Files\AOL\1129470813\ee\AOLSoftware.exe" [2008-11-06 41264]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-04 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypynet]
2008-04-14 00:11 64512 ----a-w c:\windows\SYSTEM32\cryptnet.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave4"= serwvdrv.dll
"wave5"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

.
- - - - ORPHANS REMOVED - - - -

Notify-Sebring - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Daddy_2\Application Data\Mozilla\Firefox\Profiles\k1lts9lm.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(672)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\AOL 9.1\waol.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\wanmpsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-05-01 20:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 00:02

Pre-Run: 24,620,150,784 bytes free
Post-Run: 24,697,872,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

225 --- E O F --- 2009-04-19 21:45

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:39 AM

Posted 02 May 2009 - 11:54 AM

Thanks for the detailed feedback.
  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Tell me if you have tried to do a repair install or remove McAfee totally and install it again.

  • Log on as a user who is a member of the local Administrators group. It would be your usual account if you are the administrator.
    Right-click the Internet Explorer icon.
    click Run as, and then run the program as a user who is a member of the local Administrators group and then click OK.

  • Go to Start -> All Programs -> Windows Update wait the page to be loaded, then press Custom button. Windows searches your computer and gives you possible updates.
    The try to update Windows. Tell me if you get any error. Also do the following step if you still could not update Windows.

  • Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line.

    cmd /c regedit /e c:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn"
    notepad c:\look.txt


    A notepad will opens with a text in it . Please post the content to your reply.


#7 rjwright

rjwright
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 02 May 2009 - 02:44 PM

Hi Farber,

1. The registry fix went fine. Everything came up as you said

2. I tried to do a repair install of both McAfee Viruscan and Personal Firewall, nothing changed. I have a feeling that I will need to do a complete uninstall in order for this problem with McAfee to be corrected. I read something very similar on someone elses topic not too long ago.

3. When I did a right-click on Internet Explorer icon, all it had for choses were, Open Home Page, Start Without Add-ons, Create Shortcut, Delete, Rename, Properties. There was no Run As anywhere.

4. Went to Windows Update website, same error message appeared. Nothing changed there.

5. Here's the log you requested:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"Asynchronous"=dword:00000001
"Disconnect"="SensDisconnectEvent"
"DLLName"="WlNotify.dll"
"Impersonate"=dword:00000001
"Lock"="SensLockEvent"
"Logoff"="SensLogoffEvent"
"logon"="sensLogonEvent"
"MaxWait"=dword:00000258
"PostShell"="SensPostShellEvent"
"Reconnect"="SensReconnectEvent"
"Safe"=dword:00000001
"Shutdown"="SensShutdownEvent"
"StartScreenSaver"="SensStartScreenSaverEvent"
"StartShell"="SensStartShellEvent"
"Startup"="SensStartupEvent"
"StopScreenSaver"="SensStopScreensaverEvent"
"Unlock"="SensUnlockEvent"

Any thoughts about deleting the Viewpoint folder from the program file? Still haven't been able to.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:39 AM

Posted 02 May 2009 - 04:37 PM

Thanks again for the detailed feedback rjwright.

2. I tried to do a repair install of both McAfee Viruscan and Personal Firewall, nothing changed. I have a feeling that I will need to do a complete uninstall in order for this problem with McAfee to be corrected. I read something very similar on someone elses topic not too long ago.

3. When I did a right-click on Internet Explorer icon, all it had for choses were, Open Home Page, Start Without Add-ons, Create Shortcut, Delete, Rename, Properties. There was no Run As anywhere.


Any thoughts about deleting the Viewpoint folder from the program file? Still haven't been able to.


We have to try a complete reinstall anyway before we go for other solutions.
To remove McAfee AntiVirus I recommend you to use McAfee Consumer Product Removal tool (MCPR.exe).

For download and instruction to use McAfee Consumer Product Removal tool click on majorgeeks.com
After application applying the tool install McAfee again.

I think you have a short-cut on the desktop. Try the icon on the Quick Launch bar or the one on the startup (start => right-click the IE icon).

About the Viewpoint folder, we will remove it. Probably the service is not removed yet. Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

#9 rjwright

rjwright
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 02 May 2009 - 06:37 PM

Hey Farber,

I uninstalled McAfee completely. It stated is was successful. I reinstalled it and nothing changed. The icon in the Quick Launch Task Bar stayed alittle bit longer but then disappeared. :thumbup2: As far as the Internet Explorer icon goes, after clicking on Start Menu and right clicking on the icon at the upper left corner, still doesn't show a Run As option. Plus there is no icon in the Task Bar for Internet Explorer.

Here's the RSIT log with the past two months:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Daddy_2 at 2009-05-02 19:23:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (62%) free of 38 GB
Total RAM: 1022 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:11 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\AOL\1129470813\ee\AOLSoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Daddy_2\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Daddy_2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129470813\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ModemHelper] E:\MDM_Util /EntryAfterReseatReboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: crypynet - C:\WINDOWS\SYSTEM32\cryptnet.dll
O23 - Service: McAfee Application Installer Cleanup (0170551241305808) (0170551241305808mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Daddy_2\LOCALS~1\Temp\017055~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9372 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-03 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-12 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-15 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{BA52B914-B692-46c4-B683-905236F6F655}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2005-10-19 126976]
"Dell AIO Printer A920"=C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe [2003-05-02 270336]
"HostManager"=C:\Program Files\Common Files\AOL\1129470813\ee\AOLSoftware.exe [2008-11-06 41264]
"ModemHelper"=E:\MDM_Util /EntryAfterReseatReboot []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-03 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-15 148888]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-06-03 50528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypynet]
C:\WINDOWS\system32\cryptnet.dll [2008-04-13 64512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 2 months======

2009-05-02 19:09:28 ----D---- C:\Program Files\Common Files\McAfee
2009-05-02 19:09:25 ----D---- C:\Program Files\McAfee.com
2009-05-02 19:08:57 ----D---- C:\Program Files\McAfee
2009-05-02 18:30:31 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-05-02 16:28:21 ----SHD---- C:\RECYCLER
2009-05-02 15:22:17 ----A---- C:\look.txt
2009-05-01 20:02:19 ----A---- C:\ComboFix.txt
2009-05-01 19:49:04 ----A---- C:\Boot.bak
2009-05-01 19:48:59 ----RASHD---- C:\cmdcons
2009-05-01 19:45:49 ----D---- C:\Qoobox
2009-04-26 13:07:23 ----D---- C:\rsit
2009-04-24 08:51:52 ----D---- C:\Program Files\CCleaner
2009-04-23 19:45:04 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-23 19:44:54 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-23 19:44:54 ----D---- C:\Documents and Settings\Daddy_2\Application Data\SUPERAntiSpyware.com
2009-04-23 19:44:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-18 16:37:26 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Mozilla
2009-04-18 16:32:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-18 16:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 16:22:02 ----D---- C:\Program Files\Trend Micro
2009-04-17 15:04:51 ----HDC---- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-17 08:23:48 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Malwarebytes
2009-04-16 22:29:50 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Macromedia
2009-04-16 22:24:20 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Adobe
2009-04-16 22:20:03 ----HD---- C:\Documents and Settings\Daddy_2\Application Data\GTek
2009-04-16 22:19:59 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Real
2009-04-16 22:18:50 ----ASH---- C:\Documents and Settings\Daddy_2\Application Data\DESKTOP.INI
2009-04-16 22:18:37 ----SD---- C:\Documents and Settings\Daddy_2\Application Data\Microsoft
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Symantec
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Sun
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Sonic
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Jasc Software Inc
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Identities
2009-04-16 18:59:29 ----D---- C:\Program Files\Startup Inspector for Windows
2009-04-16 17:59:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\AOL
2009-04-15 23:27:48 ----D---- C:\0c78be0a7887340383fc066a5e
2009-04-15 23:16:07 ----D---- C:\Program Files\ACW
2009-04-15 21:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 21:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 21:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 21:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 21:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 21:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 20:12:38 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 19:47:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-15 18:52:23 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-15 18:52:23 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-15 18:52:22 ----A---- C:\WINDOWS\system32\java.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\zip.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\vFind.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\SWSC.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\SWREG.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\sed.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\grep.exe
2009-04-12 18:05:41 ----D---- C:\WINDOWS\ERDNT
2009-04-12 11:28:23 ----HD---- C:\WINDOWS\PIF
2009-04-12 09:51:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-07 19:51:56 ----A---- C:\WINDOWS\system32\q4Hjayd8IG7LI9z.vbs
2009-04-03 20:44:25 ----D---- C:\Program Files\Common Files\xing shared
2009-03-28 19:43:27 ----D---- C:\Program Files\Mozilla Firefox
2009-03-22 20:15:17 ----D---- C:\Documents and Settings\All Users\Application Data\Dell
2009-03-22 20:14:44 ----D---- C:\Documents and Settings\All Users\Application Data\Gtek
2009-03-22 19:15:47 ----D---- C:\WINDOWS\Performance
2009-03-22 19:14:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2009-03-22 19:14:35 ----D---- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2009-03-15 12:51:04 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-15 12:48:51 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-03-14 09:53:27 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-03-10 21:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-10 21:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 21:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 17:47:49 ----D---- C:\Program Files\NOS

======List of files/folders modified in the last 2 months======

2009-05-02 19:23:52 ----D---- C:\WINDOWS\Temp
2009-05-02 19:23:51 ----D---- C:\WINDOWS\Prefetch
2009-05-02 19:19:27 ----A---- C:\WINDOWS\WIN.INI
2009-05-02 19:18:11 ----D---- C:\WINDOWS
2009-05-02 19:17:58 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-05-02 19:16:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-02 19:13:06 ----D---- C:\WINDOWS\SYSTEM32
2009-05-02 19:12:30 ----HD---- C:\WINDOWS\INF
2009-05-02 19:10:49 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-02 19:09:51 ----SD---- C:\WINDOWS\Tasks
2009-05-02 19:09:28 ----D---- C:\Program Files\Common Files
2009-05-02 19:09:25 ----AD---- C:\Program Files
2009-05-02 18:54:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-01 19:55:12 ----A---- C:\WINDOWS\system.ini
2009-05-01 19:51:48 ----AD---- C:\WINDOWS\system32\CONFIG
2009-05-01 19:50:53 ----D---- C:\WINDOWS\AppPatch
2009-05-01 19:49:04 ----RASH---- C:\BOOT.INI
2009-05-01 19:46:08 ----SHD---- C:\System Volume Information
2009-05-01 19:46:08 ----D---- C:\WINDOWS\system32\Restore
2009-05-01 18:07:20 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-05-01 12:33:56 ----A---- C:\WINDOWS\dellstat.ini
2009-04-28 20:55:27 ----SHD---- C:\WINDOWS\Installer
2009-04-24 08:55:11 ----D---- C:\WINDOWS\Minidump
2009-04-24 08:55:11 ----D---- C:\WINDOWS\Debug
2009-04-22 20:09:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-22 18:26:03 ----D---- C:\Program Files\Spyware Doctor
2009-04-20 21:11:53 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-19 17:46:01 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-04-19 17:45:08 ----D---- C:\WINDOWS\system32\en-US
2009-04-19 17:45:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-18 13:19:37 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-18 13:04:47 ----D---- C:\WINDOWS\REPAIR
2009-04-18 13:04:41 ----D---- C:\WINDOWS\Registration
2009-04-18 10:50:59 ----D---- C:\WINDOWS\system32\FxsTmp
2009-04-17 18:44:16 ----D---- C:\I386
2009-04-17 08:22:11 ----D---- C:\Program Files\CleanUp!
2009-04-16 22:22:56 ----D---- C:\Documents and Settings
2009-04-16 22:19:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-16 22:19:20 ----D---- C:\Program Files\Web Publish
2009-04-16 22:00:01 ----D---- C:\WINDOWS\system32\WBEM
2009-04-16 19:56:24 ----D---- C:\Program Files\WildTangent
2009-04-15 23:46:37 ----D---- C:\Program Files\Internet Explorer
2009-04-15 23:23:02 ----AC---- C:\WINDOWS\ODBC.INI
2009-04-15 21:23:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 18:51:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-15 18:47:56 ----D---- C:\Program Files\Java
2009-04-15 17:22:21 ----D---- C:\Program Files\Viewpoint
2009-04-12 16:15:23 ----D---- C:\Downloads
2009-04-12 11:08:04 ----D---- C:\Program Files\Registry Mechanic
2009-04-11 21:48:25 ----D---- C:\WINDOWS\ShellNew
2009-04-10 14:46:30 ----D---- C:\HeavyWeather
2009-04-06 07:57:26 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 20:44:12 ----D---- C:\Program Files\Common Files\Real
2009-04-03 20:44:07 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-04-03 20:43:45 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-04-03 20:43:45 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-04-03 20:43:35 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-04-03 13:49:27 ----AC---- C:\WINDOWS\cdPlayer.ini
2009-03-22 10:42:50 ----AD---- C:\DELL
2009-03-21 10:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-19 14:43:04 ----D---- C:\Program Files\AOL 9.1
2009-03-15 13:26:01 ----D---- C:\Program Files\Windows Desktop Search
2009-03-15 13:15:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-15 13:14:12 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-03-14 19:46:49 ----D---- C:\Program Files\AOL
2009-03-14 19:42:14 ----D---- C:\Program Files\Common Files\AOL
2009-03-14 16:19:13 ----D---- C:\WINDOWS\network diagnostic
2009-03-12 18:15:50 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-03-12 18:15:50 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-03-11 18:17:47 ----D---- C:\Program Files\Adobe
2009-03-10 18:10:16 ----D---- C:\Program Files\Common Files\Adobe
2009-03-10 18:10:03 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-10 17:31:56 ----SD---- C:\WINDOWS\occache
2009-03-08 17:33:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-06 21:22:25 ----D---- C:\Program Files\Common Files\AOLSHARE
2009-03-06 21:22:18 ----A---- C:\WINDOWS\msoffice.ini
2009-03-06 20:59:06 ----AC---- C:\WINDOWS\aolback.exe.lnk
2009-03-06 10:22:18 ----A---- C:\WINDOWS\system32\pdh.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-01-19 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys []
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-15 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-05-02 303104]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S2 0170551241305808mcinstcleanup;McAfee Application Installer Cleanup (0170551241305808); C:\DOCUME~1\Daddy_2\LOCALS~1\Temp\017055~1.EXE [2008-10-23 315264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-20 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:39 AM

Posted 03 May 2009 - 05:26 AM

rjwright,
  • This should repair the missing Run as ... . Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\exefile\shell\runas]
    
    [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
    @="\"%1\" %*"
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Log on as a user who is a member of the local Administrators group. It would be your usual account if you are the administrator.
    Right-click the Internet Explorer icon.
    Click Run as..., and then run the program as a user who is a member of the local Administrators group and then click OK.
    Now try to update Windows.

  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    @echo off
    >Log.txt (
    ipconfig /all
    echo.
    route print
    )
    start Log.txt
    Del %0
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate and double-click look.bat on the desktop.
    • A notepad opens, copy and paste the content it (log.txt) to your reply.


#11 rjwright

rjwright
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 03 May 2009 - 07:24 AM

Farber

Still no access to Windows update website. Same error message shows up; 0x800704DD.

Plus, still no Run As after right-clicking on the Internet Explorer icon either on the desktop or from the upper left corner of the Start menu. Still no icon on the Task Bar either. :thumbup2:

I did find the Internet Explorer in the program menu, right-clicked on it, found Run As and out of the two choices available, the second one asked for a password and I had none so I tried it with none. It came up with an error message: Nuable to log on: Logon failure: User account restriction. Possible reasons are blank passwords are not allowed, logon hour restrictions, or a policy restriction has been inforced.

Here is the log.txt you requested:



Windows IP Configuration



Host Name . . . . . . . . . . . . : D6JLM051

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : wildblue.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : wildblue.com

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0F-1F-4B-73-BC

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 75.106.174.150

Subnet Mask . . . . . . . . . . . : 255.255.252.0

IP Address. . . . . . . . . . . . : fe80::20f:1fff:fe4b:73bc%4

Default Gateway . . . . . . . . . : 75.106.172.1

DHCP Server . . . . . . . . . . . : 10.233.40.14

DNS Servers . . . . . . . . . . . : 75.104.128.61

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Primary WINS Server . . . . . . . : 127.0.0.1

Lease Obtained. . . . . . . . . . : Sunday, May 03, 2009 7:58:24 AM

Lease Expires . . . . . . . . . . : Sunday, May 03, 2009 7:58:24 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled


===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 1f 4b 73 bc ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 75.106.172.1 75.106.174.150 20
75.106.172.0 255.255.252.0 75.106.174.150 75.106.174.150 20
75.106.174.150 255.255.255.255 127.0.0.1 127.0.0.1 20
75.255.255.255 255.255.255.255 75.106.174.150 75.106.174.150 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 75.106.174.150 75.106.174.150 20
255.255.255.255 255.255.255.255 75.106.174.150 75.106.174.150 1
Default Gateway: 75.106.172.1
===========================================================================
Persistent Routes:
None

Edited by rjwright, 03 May 2009 - 07:44 AM.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:39 AM

Posted 03 May 2009 - 11:16 AM

I did find the Internet Explorer in the program menu, right-clicked on it, found Run As and out of the two choices available, the second one asked for a password and I had none so I tried it with none. It came up with an error message: Nuable to log on: Logon failure: User account restriction. Possible reasons are blank passwords are not allowed, logon hour restrictions, or a policy restriction has been inforced.


Did your log on name was listed next to first option which is Current User?
Has your log on account (Daddy_2) has administrative privileges? To check that go to start => Control Panel => User Accounts => There Daddy_2 should be listed as Computer Administrator.

#13 rjwright

rjwright
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 03 May 2009 - 11:36 AM

Get a load of this. When I go to User Account, the only ones that are there are Guest, which is on, and Daddy. There is no Daddy_2. Daddy is labeled as Administrator.

Edited by rjwright, 03 May 2009 - 11:37 AM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:39 AM

Posted 03 May 2009 - 12:03 PM

Get a load of this.


What do you mean?

Please perform the following:
  • Start in Safe Mode Using the F8 key:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.
    • Select Administrator to log in.
    • Go to start => Control Panel => User Accounts => Change an account => Select Daddy and set a password. Note down the password and keep it somewhere so that if you forgot it you can find it again.
  • Restart the computer and log on as Daddy and tell me how the computer is running. Also post a fresh RSIT log.


#15 rjwright

rjwright
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 03 May 2009 - 12:35 PM

" Get a load of this " is an expression meaning " What do you think about this ", " What's your opinion of this situation ". That's all I meant by it.

I created a password in Safe Mode. When I rebooted, there seemed to be no difference, just acted a bit slower. I noticed on the RSIT log that it was run by Daddy_2. That is not even in the user accounts. I have no idea where that's coming from.

Here's a fresh RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Daddy_2 at 2009-05-03 13:31:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (62%) free of 38 GB
Total RAM: 1022 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:29 PM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\AOL\1129470813\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daddy_2\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Daddy_2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129470813\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ModemHelper] E:\MDM_Util /EntryAfterReseatReboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: crypynet - C:\WINDOWS\SYSTEM32\cryptnet.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8960 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-03 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-12 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-15 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{BA52B914-B692-46c4-B683-905236F6F655}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2005-10-19 126976]
"Dell AIO Printer A920"=C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe [2003-05-02 270336]
"HostManager"=C:\Program Files\Common Files\AOL\1129470813\ee\AOLSoftware.exe [2008-11-06 41264]
"ModemHelper"=E:\MDM_Util /EntryAfterReseatReboot []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-03 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-15 148888]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypynet]
C:\WINDOWS\system32\cryptnet.dll [2008-04-13 64512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 2 months======

2009-05-03 13:17:19 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-02 19:09:28 ----D---- C:\Program Files\Common Files\McAfee
2009-05-02 19:09:25 ----D---- C:\Program Files\McAfee.com
2009-05-02 19:08:57 ----D---- C:\Program Files\McAfee
2009-05-02 18:30:31 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-05-02 16:28:21 ----SHD---- C:\RECYCLER
2009-05-02 15:22:17 ----A---- C:\look.txt
2009-05-01 20:02:19 ----A---- C:\ComboFix.txt
2009-05-01 19:49:04 ----A---- C:\Boot.bak
2009-05-01 19:48:59 ----RASHD---- C:\cmdcons
2009-05-01 19:45:49 ----D---- C:\Qoobox
2009-04-26 13:07:23 ----D---- C:\rsit
2009-04-24 08:51:52 ----D---- C:\Program Files\CCleaner
2009-04-23 19:45:04 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-23 19:44:54 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-23 19:44:54 ----D---- C:\Documents and Settings\Daddy_2\Application Data\SUPERAntiSpyware.com
2009-04-23 19:44:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-18 16:37:26 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Mozilla
2009-04-18 16:32:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-18 16:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 16:22:02 ----D---- C:\Program Files\Trend Micro
2009-04-17 15:04:51 ----HDC---- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-17 08:23:48 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Malwarebytes
2009-04-16 22:29:50 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Macromedia
2009-04-16 22:24:20 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Adobe
2009-04-16 22:20:03 ----HD---- C:\Documents and Settings\Daddy_2\Application Data\GTek
2009-04-16 22:19:59 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Real
2009-04-16 22:18:50 ----ASH---- C:\Documents and Settings\Daddy_2\Application Data\DESKTOP.INI
2009-04-16 22:18:37 ----SD---- C:\Documents and Settings\Daddy_2\Application Data\Microsoft
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Symantec
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Sun
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Sonic
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Jasc Software Inc
2009-04-16 22:18:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\Identities
2009-04-16 18:59:29 ----D---- C:\Program Files\Startup Inspector for Windows
2009-04-16 17:59:37 ----D---- C:\Documents and Settings\Daddy_2\Application Data\AOL
2009-04-15 23:27:48 ----D---- C:\0c78be0a7887340383fc066a5e
2009-04-15 23:16:07 ----D---- C:\Program Files\ACW
2009-04-15 21:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 21:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 21:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 21:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 21:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 21:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 20:12:38 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 19:47:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-15 18:52:23 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-15 18:52:23 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-15 18:52:22 ----A---- C:\WINDOWS\system32\java.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\zip.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\vFind.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\SWSC.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\SWREG.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\sed.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-12 18:05:52 ----A---- C:\WINDOWS\grep.exe
2009-04-12 18:05:41 ----D---- C:\WINDOWS\ERDNT
2009-04-12 11:28:23 ----HD---- C:\WINDOWS\PIF
2009-04-12 09:51:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-07 19:51:56 ----A---- C:\WINDOWS\system32\q4Hjayd8IG7LI9z.vbs
2009-04-03 20:44:25 ----D---- C:\Program Files\Common Files\xing shared
2009-03-28 19:43:27 ----D---- C:\Program Files\Mozilla Firefox
2009-03-22 20:15:17 ----D---- C:\Documents and Settings\All Users\Application Data\Dell
2009-03-22 20:14:44 ----D---- C:\Documents and Settings\All Users\Application Data\Gtek
2009-03-22 19:15:47 ----D---- C:\WINDOWS\Performance
2009-03-22 19:14:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2009-03-22 19:14:35 ----D---- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2009-03-15 12:51:04 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-15 12:48:51 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-03-14 09:53:27 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-03-10 21:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-10 21:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 21:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 17:47:49 ----D---- C:\Program Files\NOS

======List of files/folders modified in the last 2 months======

2009-05-03 13:31:10 ----D---- C:\WINDOWS\Temp
2009-05-03 13:31:03 ----D---- C:\WINDOWS\Prefetch
2009-05-03 13:22:16 ----D---- C:\WINDOWS
2009-05-03 13:22:11 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-05-03 13:16:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-03 09:39:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-03 09:38:56 ----D---- C:\Program Files\Spyware Doctor
2009-05-03 09:36:48 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-03 07:59:52 ----A---- C:\WINDOWS\WIN.INI
2009-05-02 20:19:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-02 19:13:06 ----D---- C:\WINDOWS\SYSTEM32
2009-05-02 19:12:30 ----HD---- C:\WINDOWS\INF
2009-05-02 19:09:51 ----SD---- C:\WINDOWS\Tasks
2009-05-02 19:09:28 ----D---- C:\Program Files\Common Files
2009-05-02 19:09:25 ----AD---- C:\Program Files
2009-05-01 19:55:12 ----A---- C:\WINDOWS\system.ini
2009-05-01 19:51:48 ----AD---- C:\WINDOWS\system32\CONFIG
2009-05-01 19:50:53 ----D---- C:\WINDOWS\AppPatch
2009-05-01 19:49:04 ----RASH---- C:\BOOT.INI
2009-05-01 19:46:08 ----SHD---- C:\System Volume Information
2009-05-01 19:46:08 ----D---- C:\WINDOWS\system32\Restore
2009-05-01 18:07:20 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-05-01 12:33:56 ----A---- C:\WINDOWS\dellstat.ini
2009-04-28 20:55:27 ----SHD---- C:\WINDOWS\Installer
2009-04-24 08:55:11 ----D---- C:\WINDOWS\Minidump
2009-04-24 08:55:11 ----D---- C:\WINDOWS\Debug
2009-04-20 21:11:53 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-19 17:46:01 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-04-19 17:45:08 ----D---- C:\WINDOWS\system32\en-US
2009-04-19 17:45:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-18 13:19:37 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-18 13:04:47 ----D---- C:\WINDOWS\REPAIR
2009-04-18 13:04:41 ----D---- C:\WINDOWS\Registration
2009-04-18 10:50:59 ----D---- C:\WINDOWS\system32\FxsTmp
2009-04-17 18:44:16 ----D---- C:\I386
2009-04-17 08:22:11 ----D---- C:\Program Files\CleanUp!
2009-04-16 22:22:56 ----D---- C:\Documents and Settings
2009-04-16 22:19:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-16 22:19:20 ----D---- C:\Program Files\Web Publish
2009-04-16 22:00:01 ----D---- C:\WINDOWS\system32\WBEM
2009-04-16 19:56:24 ----D---- C:\Program Files\WildTangent
2009-04-15 23:46:37 ----D---- C:\Program Files\Internet Explorer
2009-04-15 23:23:02 ----AC---- C:\WINDOWS\ODBC.INI
2009-04-15 21:23:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 18:51:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-15 18:47:56 ----D---- C:\Program Files\Java
2009-04-15 17:22:21 ----D---- C:\Program Files\Viewpoint
2009-04-12 16:15:23 ----D---- C:\Downloads
2009-04-12 11:08:04 ----D---- C:\Program Files\Registry Mechanic
2009-04-11 21:48:25 ----D---- C:\WINDOWS\ShellNew
2009-04-10 14:46:30 ----D---- C:\HeavyWeather
2009-04-06 07:57:26 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 20:44:12 ----D---- C:\Program Files\Common Files\Real
2009-04-03 20:44:07 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-04-03 20:43:45 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-04-03 20:43:45 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-04-03 20:43:35 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-04-03 13:49:27 ----AC---- C:\WINDOWS\cdPlayer.ini
2009-03-22 10:42:50 ----AD---- C:\DELL
2009-03-21 10:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-19 14:43:04 ----D---- C:\Program Files\AOL 9.1
2009-03-15 13:26:01 ----D---- C:\Program Files\Windows Desktop Search
2009-03-15 13:15:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-15 13:14:12 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-03-14 19:46:49 ----D---- C:\Program Files\AOL
2009-03-14 19:42:14 ----D---- C:\Program Files\Common Files\AOL
2009-03-14 16:19:13 ----D---- C:\WINDOWS\network diagnostic
2009-03-12 18:15:50 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-03-12 18:15:50 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-03-11 18:17:47 ----D---- C:\Program Files\Adobe
2009-03-10 18:10:16 ----D---- C:\Program Files\Common Files\Adobe
2009-03-10 18:10:03 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-10 17:31:56 ----SD---- C:\WINDOWS\occache
2009-03-08 17:33:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-06 21:22:25 ----D---- C:\Program Files\Common Files\AOLSHARE
2009-03-06 21:22:18 ----A---- C:\WINDOWS\msoffice.ini
2009-03-06 20:59:06 ----AC---- C:\WINDOWS\aolback.exe.lnk
2009-03-06 10:22:18 ----A---- C:\WINDOWS\system32\pdh.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-01-19 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys []
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-15 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-05-02 303104]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-20 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users