Jump to content


Photo

IE8 Redirects Search Engine Results


  • This topic is locked This topic is locked
51 replies to this topic

#1 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 27 February 2010 - 11:33 PM

This computer had the pc diagnostic infection. I removed the malware with malwarebytes program.

The IE8 is redirecting google searchs to random websites.

Mcafee protection does not find any problems.

This computer seems sluggish also.

What is the first step?

below are the log files.

===rsjit info.txt===
info.txt logfile of random's system information tool 1.06 2010-02-27 22:18:25

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource-->C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.5-->C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer YTUPL-->C:\Program Files\InstallShield Installation Information\{65EB09A3-993B-401E-8936-C9708CBFAB26}\Setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HTC Driver-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync-->MsiExec.exe /I{D5AF36E3-D72D-4E30-AB64-48A98BDDEE73}
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_68bc5f58\Setup.exe /APR-REMOVE
Lexmark 1300 Series-->C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RCA easyRip 2.1.7.0-->"C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\unins000.exe"
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell™ 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Zune Language Pack (DE)-->MsiExec.exe /X{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune Language Pack (IT)-->MsiExec.exe /X{40EC6323-497B-44DA-8A88-74578622D9B3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{888FFC82-688D-46AB-A776-B417885432B6}

Hosts File Missing
======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: THORNTON
Event Code: 7000
Message: The Network Monitor service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 3283
Source Name: Service Control Manager
Time Written: 20100107072715.000000-360
Event Type: error
User:

Computer Name: THORNTON
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 0011113E35A3 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 3282
Source Name: Dhcp
Time Written: 20100107072649.000000-360
Event Type: error
User:

Computer Name: THORNTON
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3279
Source Name: Tcpip
Time Written: 20100106185512.000000-360
Event Type: warning
User:

Computer Name: THORNTON
Event Code: 7000
Message: The Windows CardSpace service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 3270
Source Name: Service Control Manager
Time Written: 20100106101809.000000-360
Event Type: error
User:

Computer Name: THORNTON
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.

Record Number: 3269
Source Name: Service Control Manager
Time Written: 20100106101808.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: THORNTON
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: There is not enough space on the disk.


Record Number: 15845
Source Name: crypt32
Time Written: 20100209010114.000000-360
Event Type: error
User:

Computer Name: THORNTON
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: There is not enough space on the disk.


Record Number: 15842
Source Name: crypt32
Time Written: 20100209010112.000000-360
Event Type: error
User:

Computer Name: THORNTON
Event Code: 5051
Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 5040 (0x13b0)

Thread address : 0x02274768

Thread message :

Build VSCORE.14.0.0.435 / 5301.4018
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\rsvpsp.dll
by C:\Program Files\LimeWire\LimeWire.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


Record Number: 15771
Source Name: McLogEvent
Time Written: 20100205042856.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: THORNTON
Event Code: 5051
Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 1868 (0x74c)

Thread address : 0x0228AAE6

Thread message :

Build VSCORE.14.0.0.435 / 5301.4018
Object being scanned = \Device\HarddiskVolume2\PROGRAM FILES\MCAFEE\VIRUSSCAN\MCINSUPD.EXE
by System
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


Record Number: 15758
Source Name: McLogEvent
Time Written: 20100204105522.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: THORNTON
Event Code: 5051
Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 392 (0x188)

Thread address : 0x021E1CB0

Thread message :

Build VSCORE.14.0.0.435 / 5301.4018
Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Kaitlyn\Application Data\uTorrent\resume.dat.new
by C:\Program Files\uTorrent\uTorrent.exe
4(3282)(0)
4(2953)(0)
7200(2032)(0)
7595(2032)(0)
7005(1875)(0)
7004(1875)(0)
5006(1875)(0)
5004(1875)(0)


Record Number: 15748
Source Name: McLogEvent
Time Written: 20100203211704.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
===hjt.txt (2.03)===
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:09:31 PM, on 2/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\taskmgr.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {015338AF-CE01-493C-AC6E-FBF3F2191E4E} - C:\Program Files\Messenger\home455101.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06A1B5C7-82A2-4721-BB0D-2444D43A0A8F} - C:\WINDOWS\system32\jkhfc.dll (file missing)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {343BDC5B-04D3-4839-8D58-ECE722CCDF9B} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60BE9701-10F2-4008-B05C-3DBE44A5B193} - C:\WINDOWS\system32\ssqpm.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {9DD4168D-F6EE-463E-A9CE-6460CC83F882} - C:\WINDOWS\system32\pmkjg.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F750EC2B-D401-19C6-B1EF-78A40830DCEA} - C:\DOCUME~1\Kaitlyn\APPLIC~1\MEMOGP~1\store hold.exe (file missing)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [F8FB01F8F9FEFD0] BFC2C7BFC0C5C.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide....ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1267302751296
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace....ceUploader2.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll (file missing)
O20 - Winlogon Notify: mljjghf - mljjghf.dll (file missing)
O21 - SSODL: pemowopak - {c3c3e280-1866-4ed3-b4cc-e7a7ea04d9ea} - c:\windows\system32\zobomisi.dll (file missing)
O21 - SSODL: wojifinib - {1ea14c41-e4d2-49e9-a825-21062e23ab9a} - c:\windows\system32\tumudono.dll (file missing)
O21 - SSODL: vagivafam - {d77a1412-515c-492c-a240-6ef7f902f258} - c:\windows\system32\tumudono.dll (file missing)
O21 - SSODL: mawijovem - {e79d734a-e451-4d68-a4d2-21a9fc2436e1} - c:\windows\system32\dodasito.dll (file missing)
O21 - SSODL: jibeyezib - {f796e740-bcd7-4c9b-8954-64f3ba2dd9fd} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: mujuzedij - {c3c3e280-1866-4ed3-b4cc-e7a7ea04d9ea} - c:\windows\system32\zobomisi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {1ea14c41-e4d2-49e9-a825-21062e23ab9a} - c:\windows\system32\tumudono.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {d77a1412-515c-492c-a240-6ef7f902f258} - c:\windows\system32\tumudono.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {e79d734a-e451-4d68-a4d2-21a9fc2436e1} - c:\windows\system32\dodasito.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {f796e740-bcd7-4c9b-8954-64f3ba2dd9fd} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 15125 bytes

===hjt.txt (2.02)===
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:55 PM, on 2/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe


#2 schrauber

schrauber

    Advanced Member

  • Trusted Malware Techs
  • 723 posts
  • Gender:Male
  • Location:Germany


Posted 28 February 2010 - 03:47 AM

Hello, dbrown708
Welcome to the PCPitstop Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

regards,
schrauber

Proud Member of ASAP and UNITE since 2009

If I have helped you then please consider donating to continue the fight against malware: Donate

#3 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 28 February 2010 - 08:57 AM

here is the log file you have requested.

Thanks,

--dave

==start==
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-28 07:27:48
Windows 5.1.2600 Service Pack 3
Running: hsv6m031.exe; Driver: C:\DOCUME~1\Patricia\LOCALS~1\Temp\agrcipog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEBF8778A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEBF87821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEBF87738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEBF8774C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEBF87835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEBF87861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEBF878CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEBF878B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEBF877CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEBF878FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEBF8780D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEBF87710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEBF87724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEBF8779E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEBF87937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEBF878A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEBF8788D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEBF8784B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEBF87923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEBF8790F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEBF87776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEBF87762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEBF87877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEBF877F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEBF878E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEBF877E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEBF877B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 82AE5A9A

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
==end==

#4 schrauber

schrauber

    Advanced Member

  • Trusted Malware Techs
  • 723 posts
  • Gender:Male
  • Location:Germany


Posted 02 March 2010 - 12:09 AM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingc...to-use-combofix
regards,
schrauber

Proud Member of ASAP and UNITE since 2009

If I have helped you then please consider donating to continue the fight against malware: Donate

#5 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 02 March 2010 - 09:34 AM

The first time of running combofix the following error occured (BSOD)
BAR_POOL_CALLER
Stop:0x000000c2 (0x00000007,0x00000CD4,0x00000000,0x8056274E)

Second time thru produced this log file. Note: i used dab.exe instead of schrauber to rename combofix.

Thanks,

--dave

===start===
ComboFix 10-03-01.03 - Patricia 03/02/2010 7:42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.116 [GMT -6:00]
Running from: c:\downloads\dab.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\ebexiromyt.inf
c:\documents and settings\Kaitlyn\Application Data\anorinysir.vbs
c:\documents and settings\Kaitlyn\Application Data\iniasd.txt
c:\documents and settings\Kaitlyn\Application Data\sedeq.bat
c:\documents and settings\Kaitlyn\Application Data\ugiroj.bat
c:\documents and settings\Kaitlyn\Cookies\aganujihih.scr
c:\documents and settings\Kaitlyn\Cookies\atic.reg
c:\documents and settings\Kaitlyn\Cookies\ezebivyta.db
c:\documents and settings\Kaitlyn\Cookies\ireqyg.vbs
c:\documents and settings\Kaitlyn\Cookies\jyvefuzo.inf
c:\documents and settings\Kaitlyn\Cookies\nozaban.dll
c:\documents and settings\Kaitlyn\Cookies\tulaziji.vbs
c:\documents and settings\Kaitlyn\Cookies\ulynivoti.bin
c:\documents and settings\Kaitlyn\Cookies\zalypir.reg
c:\documents and settings\Kaitlyn\Local Settings\Application Data\genybuc.reg
c:\documents and settings\Kaitlyn\Local Settings\Application Data\jygeb.vbs
c:\documents and settings\Kaitlyn\Local Settings\Application Data\siwe.bat
c:\program files\Altnet
c:\program files\Altnet\Download Manager\altinst1.dll
c:\program files\Altnet\Download Manager\altinst2.dll
c:\program files\Common Files\ugoc.reg
c:\program files\iMeshBar
c:\program files\kernel
C:\WA6P
c:\windows\arohi.exe
c:\windows\gerybisok.scr
c:\windows\onipoxaqi.inf
c:\windows\osekiqygo.vbs
c:\windows\system32\amdeaous.ini
c:\windows\system32\atenmxtn.ini
c:\windows\system32\bomyz.vbs
c:\windows\system32\bqusyvti.ini
c:\windows\SYSTEM32\cfhkj.bak1
c:\windows\SYSTEM32\cfhkj.bak2
c:\windows\SYSTEM32\cfhkj.ini
c:\windows\system32\ehopwynw.ini
c:\windows\system32\fjvrtjaj.ini
c:\windows\system32\fuhurmwu.ini
c:\windows\system32\fvyslbxs.ini
c:\windows\system32\gbiogrvm.ini
c:\windows\SYSTEM32\ggjlm.bak1
c:\windows\SYSTEM32\ggjlm.bak2
c:\windows\system32\ggjlm.ini
c:\windows\SYSTEM32\gjkmp.bak1
c:\windows\system32\gjkmp.ini
c:\windows\system32\hbmclphw.ini
c:\windows\SYSTEM32\hgjlm.bak1
c:\windows\SYSTEM32\hgjlm.bak2
c:\windows\system32\hgjlm.ini
c:\windows\system32\iaewdibs.ini
c:\windows\system32\iiuugilc.ini
c:\windows\system32\iowafbqe.ini
c:\windows\system32\ipolghok.ini
c:\windows\system32\ismvlniy.ini
c:\windows\system32\itfwmqjo.ini
c:\windows\system32\jaasifsu.ini
c:\windows\system32\kkuamydr.ini
c:\windows\system32\kldyaxom.ini
c:\windows\system32\kngpxgul.ini
c:\windows\system32\kuyophhh.ini
c:\windows\system32\leddqqjx.ini
c:\windows\system32\lyyhvvrs.ini
c:\windows\SYSTEM32\mpqss.bak1
c:\windows\SYSTEM32\mpqss.bak2
c:\windows\SYSTEM32\mpqss.ini
c:\windows\system32\mvaqwair.ini
c:\windows\system32\nnwtmebi.ini
c:\windows\system32\okecclhd.ini
c:\windows\system32\ovlkdilx.ini
c:\windows\system32\owexvogn.ini
c:\windows\SYSTEM32\qqstv.bak1
c:\windows\system32\qqstv.ini
c:\windows\system32\sstanesi.ini
c:\windows\system32\suqwdiev.ini
c:\windows\system32\thavcdwo.ini
c:\windows\system32\tumudono.dll
c:\windows\system32\ufmxxrvy.ini
c:\windows\system32\uuuqbcxi.ini
c:\windows\system32\vcwqfkcp.ini
c:\windows\system32\wvpbsijq.ini
c:\windows\system32\xvqdgapg.ini
c:\windows\SYSTEM32\xyadd.bak1
c:\windows\SYSTEM32\xyadd.bak2
c:\windows\system32\xyadd.ini
c:\windows\SYSTEM32\xyadd.ini2
c:\windows\SYSTEM32\xyadd.tmp
c:\windows\system32\yxkuddop.ini
c:\windows\vucunaz.bat
c:\windows\ynyvifede.vbs

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :P
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_FOPN
-------\Legacy_VSPF_HK
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_FWSvc
-------\Service_vspf


((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-02-28 16:33 . 2010-02-28 16:33 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Search
2010-02-28 04:34 . 2010-02-28 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-27 20:49 . 2010-02-27 20:49 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Desktop Search
2010-02-27 07:38 . 2010-02-27 07:39 -------- d-----w- c:\documents and settings\Jonathan\Application Data\FUJIFILM
2010-02-27 05:26 . 2010-02-27 05:26 -------- d-----w- c:\documents and settings\Patricia\Application Data\Musicmatch
2010-02-27 03:11 . 2010-02-27 03:11 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes
2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes
2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-26 23:35 . 2010-02-26 23:35 -------- d-----w- c:\documents and settings\Patricia\Application Data\Skinux
2010-02-26 23:30 . 2010-02-26 23:30 -------- d-----w- c:\documents and settings\Patricia\Application Data\Teleca
2010-02-21 16:30 . 2010-02-21 16:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\Facebook

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 12:54 . 2007-09-04 00:48 -------- d-----w- c:\program files\Lx_cats
2010-02-28 13:20 . 2010-02-28 04:34 -------- d-----w- c:\program files\PCPitstop
2010-02-28 04:17 . 2010-02-28 04:17 -------- d-----w- c:\program files\trend micro
2010-02-28 03:58 . 2010-02-28 03:58 -------- d-----w- c:\program files\TrendMicro
2010-02-28 02:13 . 2010-02-27 20:48 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-28 01:33 . 2004-11-07 22:03 114672 -c--a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-28 00:28 . 2007-11-26 00:43 -------- d-----w- c:\program files\Zune
2010-02-28 00:18 . 2010-02-28 00:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-27 20:44 . 2010-02-27 20:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-27 20:20 . 2010-02-27 20:20 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-02-27 07:39 . 2009-12-26 17:34 -------- d-----w- c:\program files\FinePixViewer
2010-02-27 05:32 . 2004-10-15 20:23 -------- d-----w- c:\program files\Dell
2010-02-27 05:27 . 2004-10-15 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 03:56 . 2004-10-15 20:22 -------- d-----w- c:\program files\Java
2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 02:19 . 2010-02-27 02:19 444 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-25 18:31 . 2007-12-13 22:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\LimeWire
2010-02-25 18:09 . 2009-12-24 20:32 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\uTorrent
2010-02-24 16:47 . 2009-10-04 22:17 -------- d-----w- c:\program files\McAfee
2010-02-24 16:27 . 2010-02-24 16:27 229380 ----a-w- c:\documents and settings\All Users\SPL18F3.tmp
2010-02-24 16:25 . 2010-02-24 16:24 16932868 ----a-w- c:\documents and settings\All Users\SPL18F1.tmp
2010-01-22 16:53 . 2010-01-22 16:53 882 ----a-w- c:\windows\system32\ud-boot-time.cmd
2010-01-07 22:07 . 2010-02-27 02:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-02-27 02:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 20:38 . 2010-01-07 20:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 20:38 . 2010-01-07 20:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-01-07 20:22 . 2009-09-02 05:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 10:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 10:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 10:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-05-05 09:41 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-10-04 13:03 . 2009-10-04 13:03 19627 -c--a-w- c:\program files\Common Files\iqebu.com
2009-10-04 13:03 . 2009-10-04 13:03 18138 -c--a-w- c:\program files\Common Files\ojezih.dat
2009-10-04 00:06 . 2009-10-04 00:06 16013 -c--a-w- c:\program files\Common Files\puxybyput.exe
2009-10-04 00:06 . 2009-10-04 00:06 18840 -c--a-w- c:\program files\Common Files\doragulupu.pif
2009-10-03 00:52 . 2009-10-03 00:52 19541 -c--a-w- c:\program files\Common Files\yrer._dl
2009-10-03 00:52 . 2009-10-03 00:52 10262 -c--a-w- c:\program files\Common Files\amoxypugu._sy
2009-10-03 00:26 . 2009-10-03 00:26 14154 -c--a-w- c:\program files\Common Files\tyfezunu.scr
2009-09-29 02:44 . 2009-09-29 02:44 19614 -c--a-w- c:\program files\Common Files\cihonusugu.dll
2009-09-29 02:44 . 2009-09-29 02:44 18545 -c--a-w- c:\program files\Common Files\juciritiko.dll
2009-09-29 02:44 . 2009-09-29 02:44 15605 -c--a-w- c:\program files\Common Files\ysuqywurok.com
2009-09-29 02:44 . 2009-09-29 02:44 15131 -c--a-w- c:\program files\Common Files\anuzob.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-15 26112]
"Anti bits phone mail"="c:\documents and settings\All Users\Application Data\meowamokantibits\sectregs.exe" [2005-10-22 0]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]
"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"Easy Dock"="c:\documents and settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe" [2009-04-03 573440]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]

c:\documents and settings\Kaitlyn\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-12-26 303104]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\system32"=
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdccoms.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2009 4:24 PM 93320]
S0 qmyjpfrd;qmyjpfrd;c:\windows\system32\drivers\ttxmebrh.sys --> c:\windows\system32\drivers\ttxmebrh.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\SYSTEM32\DRIVERS\ANDROIDUSB.sys [12/17/2009 5:34 PM 25728]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 7:18 PM 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

2010-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

2010-03-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 04:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
Trusted Zone: musicmatch.com\online
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{015338AF-CE01-493C-AC6E-FBF3F2191E4E} - c:\program files\Messenger\home455101.dll
BHO-{06A1B5C7-82A2-4721-BB0D-2444D43A0A8F} - c:\windows\system32\jkhfc.dll
BHO-{343BDC5B-04D3-4839-8D58-ECE722CCDF9B} - c:\windows\system32\vtsqq.dll
BHO-{60BE9701-10F2-4008-B05C-3DBE44A5B193} - c:\windows\system32\ssqpm.dll
BHO-{9DD4168D-F6EE-463E-A9CE-6460CC83F882} - c:\windows\system32\pmkjg.dll
BHO-{F750EC2B-D401-19C6-B1EF-78A40830DCEA} - c:\docume~1\Kaitlyn\APPLIC~1\MEMOGP~1\store hold.exe
Toolbar-Locked - (no file)
HKCU-Run-MessengerPlus3 - c:\program files\Messenger Plus! 3\MsgPlus.exe
HKLM-Run-F8FB01F8F9FEFD0 - BFC2C7BFC0C5C.exe
HKLM-Run-lxdcmon.exe - c:\program files\Lexmark 1300 Series\lxdcmon.exe
SharedTaskScheduler-{c3c3e280-1866-4ed3-b4cc-e7a7ea04d9ea} - c:\windows\system32\zobomisi.dll
SharedTaskScheduler-{1ea14c41-e4d2-49e9-a825-21062e23ab9a} - c:\windows\system32\tumudono.dll
SharedTaskScheduler-{d77a1412-515c-492c-a240-6ef7f902f258} - c:\windows\system32\tumudono.dll
SharedTaskScheduler-{e79d734a-e451-4d68-a4d2-21a9fc2436e1} - c:\windows\system32\dodasito.dll
SharedTaskScheduler-{f796e740-bcd7-4c9b-8954-64f3ba2dd9fd} - (no file)
ShellExecuteHooks-{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - (no file)
SSODL-pemowopak-{c3c3e280-1866-4ed3-b4cc-e7a7ea04d9ea} - c:\windows\system32\zobomisi.dll
SSODL-wojifinib-{1ea14c41-e4d2-49e9-a825-21062e23ab9a} - c:\windows\system32\tumudono.dll
SSODL-vagivafam-{d77a1412-515c-492c-a240-6ef7f902f258} - c:\windows\system32\tumudono.dll
SSODL-mawijovem-{e79d734a-e451-4d68-a4d2-21a9fc2436e1} - c:\windows\system32\dodasito.dll
SSODL-jibeyezib-{f796e740-bcd7-4c9b-8954-64f3ba2dd9fd} - (no file)
Notify-ddayx - c:\windows\system32\ddayx.dll
Notify-mljgh - c:\windows\system32\mljgh.dll
Notify-mljjghf - mljjghf.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 08:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\lxdccoms.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
.
**************************************************************************
.
Completion time: 2010-03-02 08:18:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-02 14:18

Pre-Run: 5,498,564,608 bytes free
Post-Run: 6,322,855,936 bytes free

- - End Of File - - 1D5055CA5209D690095D3D13F863D68A
===end===

#6 schrauber

schrauber

    Advanced Member

  • Trusted Malware Techs
  • 723 posts
  • Gender:Male
  • Location:Germany


Posted 02 March 2010 - 01:27 PM

Hi,

Open notepad and copy/paste the text in the quotebox below into it:

http://forums.pcpits...=...25&t=180757

Collect::
c:\program files\Common Files\iqebu.com
c:\program files\Common Files\ojezih.dat
c:\program files\Common Files\puxybyput.exe
c:\program files\Common Files\doragulupu.pif
c:\program files\Common Files\yrer._dl
c:\program files\Common Files\amoxypugu._sy
c:\program files\Common Files\tyfezunu.scr
c:\program files\Common Files\cihonusugu.dll
c:\program files\Common Files\juciritiko.dll
c:\program files\Common Files\ysuqywurok.com
c:\program files\Common Files\anuzob.exe


Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards,
schrauber

Proud Member of ASAP and UNITE since 2009

If I have helped you then please consider donating to continue the fight against malware: Donate

#7 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 02 March 2010 - 02:45 PM

The bsod error had a type. the correct error is BAD_POOL_CALLER not BAR_POOL_CALLER.

FYI, combofix requested an update to a newer version during this run.

Here is the log file from combofix which was activated by the script you requested.

Thanks again.

--dave
==start==
ComboFix 10-03-01.04 - Patricia 03/02/2010 13:17:59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.197 [GMT -6:00]
Running from: c:\documents and settings\Patricia\Desktop\dab.exe
Command switches used :: c:\documents and settings\Patricia\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

file zipped: c:\program files\Common Files\amoxypugu._sy
file zipped: c:\program files\Common Files\anuzob.exe
file zipped: c:\program files\Common Files\cihonusugu.dll
file zipped: c:\program files\Common Files\doragulupu.pif
file zipped: c:\program files\Common Files\iqebu.com
file zipped: c:\program files\Common Files\juciritiko.dll
file zipped: c:\program files\Common Files\ojezih.dat
file zipped: c:\program files\Common Files\puxybyput.exe
file zipped: c:\program files\Common Files\tyfezunu.scr
file zipped: c:\program files\Common Files\yrer._dl
file zipped: c:\program files\Common Files\ysuqywurok.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\amoxypugu._sy
c:\program files\Common Files\anuzob.exe
c:\program files\Common Files\cihonusugu.dll
c:\program files\Common Files\doragulupu.pif
c:\program files\Common Files\iqebu.com
c:\program files\Common Files\juciritiko.dll
c:\program files\Common Files\ojezih.dat
c:\program files\Common Files\puxybyput.exe
c:\program files\Common Files\tyfezunu.scr
c:\program files\Common Files\yrer._dl
c:\program files\Common Files\ysuqywurok.com

.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-03-02 13:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-03-02 13:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-03-01 05:06 . 2010-03-01 05:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-02-28 16:33 . 2010-02-28 16:33 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Search
2010-02-28 04:34 . 2010-02-28 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-28 04:34 . 2010-02-28 13:20 -------- d-----w- c:\program files\PCPitstop
2010-02-28 04:17 . 2010-02-28 04:17 -------- d-----w- c:\program files\trend micro
2010-02-28 04:17 . 2010-02-28 04:18 -------- d-----w- C:\rsit
2010-02-28 03:58 . 2010-02-28 03:58 -------- d-----w- c:\program files\TrendMicro
2010-02-28 02:01 . 2010-02-28 03:26 -------- d-----w- c:\windows\UltraDefrag
2010-02-28 00:46 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-28 00:10 . 2010-02-28 00:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-27 20:49 . 2010-02-27 20:49 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Desktop Search
2010-02-27 20:48 . 2010-02-28 02:13 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-27 20:44 . 2010-02-27 20:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-27 20:20 . 2010-02-27 20:20 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-02-27 07:38 . 2010-02-27 07:39 -------- d-----w- c:\documents and settings\Jonathan\Application Data\FUJIFILM
2010-02-27 05:26 . 2010-02-27 05:26 -------- d-----w- c:\documents and settings\Patricia\Application Data\Musicmatch
2010-02-27 05:22 . 2010-02-27 16:43 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\Musicmatch
2010-02-27 03:36 . 2010-02-27 03:36 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-02-27 03:23 . 2010-02-27 03:24 -------- d-sh--w- c:\documents and settings\Patricia\PrivacIE
2010-02-27 03:11 . 2010-02-27 03:11 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes
2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes
2010-02-27 02:20 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-27 02:20 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 02:19 . 2010-02-27 02:19 444 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-26 23:35 . 2010-02-26 23:35 -------- d-----w- c:\documents and settings\Patricia\Application Data\Skinux
2010-02-26 23:30 . 2010-02-26 23:30 -------- d-----w- c:\documents and settings\Patricia\Application Data\Teleca
2010-02-26 23:29 . 2010-02-26 23:29 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\Apple Computer
2010-02-26 23:23 . 2010-02-26 23:23 -------- d-sh--w- c:\documents and settings\Patricia\IETldCache
2010-02-25 17:19 . 2010-02-25 17:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-23 01:19 . 2010-02-23 01:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-21 16:30 . 2010-02-21 16:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\Facebook

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 12:54 . 2007-09-04 00:48 -------- d-----w- c:\program files\Lx_cats
2010-02-28 03:59 . 2010-02-28 03:59 388096 ----a-r- c:\documents and settings\Patricia\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-28 01:33 . 2004-11-07 22:03 114672 -c--a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-28 00:28 . 2007-11-26 00:43 -------- d-----w- c:\program files\Zune
2010-02-27 07:39 . 2009-12-26 17:34 -------- d-----w- c:\program files\FinePixViewer
2010-02-27 05:32 . 2004-10-15 20:23 -------- d-----w- c:\program files\Dell
2010-02-27 05:27 . 2004-10-15 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 03:56 . 2004-10-15 20:22 -------- d-----w- c:\program files\Java
2010-02-27 03:22 . 2010-02-27 03:22 152576 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-27 03:21 . 2010-02-27 03:17 79488 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-25 18:31 . 2007-12-13 22:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\LimeWire
2010-02-25 18:09 . 2009-12-24 20:32 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\uTorrent
2010-02-24 17:09 . 2009-05-15 01:04 1 ----a-w- c:\documents and settings\Kaitlyn\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-24 16:47 . 2009-10-04 22:17 -------- d-----w- c:\program files\McAfee
2010-02-24 16:27 . 2010-02-24 16:27 229380 ----a-w- c:\documents and settings\All Users\SPL18F3.tmp
2010-02-24 16:25 . 2010-02-24 16:24 16932868 ----a-w- c:\documents and settings\All Users\SPL18F1.tmp
2010-02-22 12:32 . 2009-11-12 12:40 79488 ----a-w- c:\documents and settings\Kaitlyn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-21 16:31 . 2010-02-21 16:31 50354 ----a-w- c:\documents and settings\Kaitlyn\Application Data\Facebook\uninstall.exe
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Kaitlyn\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Kaitlyn\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-22 16:53 . 2010-01-22 16:53 882 ----a-w- c:\windows\system32\ud-boot-time.cmd
2010-01-07 20:38 . 2010-01-07 20:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 20:38 . 2010-01-07 20:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-01-07 20:22 . 2009-09-02 05:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 10:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 10:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 20:33 . 2009-12-11 20:33 20480 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-12-11 20:33 . 2009-12-11 20:33 18944 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-12-11 20:33 . 2009-12-11 20:33 17408 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-12-11 20:33 . 2009-12-11 20:33 20480 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-12-11 20:33 . 2009-12-11 20:33 8192 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-12-08 19:27 . 2004-08-04 10:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 10:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-05-05 09:41 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-15 26112]
"Anti bits phone mail"="c:\documents and settings\All Users\Application Data\meowamokantibits\sectregs.exe" [2005-10-22 0]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]
"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"Easy Dock"="c:\documents and settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe" [2009-04-03 573440]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]

c:\documents and settings\Kaitlyn\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-12-26 303104]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\system32"=
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdccoms.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2009 4:24 PM 93320]
S0 qmyjpfrd;qmyjpfrd;c:\windows\system32\drivers\ttxmebrh.sys --> c:\windows\system32\drivers\ttxmebrh.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\SYSTEM32\DRIVERS\ANDROIDUSB.sys [12/17/2009 5:34 PM 25728]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 7:18 PM 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

2010-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

2010-03-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 04:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
Trusted Zone: musicmatch.com\online
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 13:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-03-02 13:37:50
ComboFix-quarantined-files.txt 2010-03-02 19:37
ComboFix2.txt 2010-03-02 14:18

Pre-Run: 6,225,948,672 bytes free
Post-Run: 6,174,814,208 bytes free

- - End Of File - - BDC9DE8E34A3167F4513F4D85E7B8A85
Upload was successful
==end==

#8 schrauber

schrauber

    Advanced Member

  • Trusted Malware Techs
  • 723 posts
  • Gender:Male
  • Location:Germany


Posted 04 March 2010 - 01:07 PM

Looks much better :)


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\ttxmebrh.sys
Driver::
qmyjpfrd



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.





Also please post back with a fresh RSIT logfile.
regards,
schrauber

Proud Member of ASAP and UNITE since 2009

If I have helped you then please consider donating to continue the fight against malware: Donate

#9 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 04 March 2010 - 10:02 PM

Here is the latest combofix log file. FYI combofix again requested an update.

Thanks,

--dave
ComboFix 10-03-04.02 - Patricia 03/04/2010 20:20:28.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.235 [GMT -6:00]
Running from: c:\documents and settings\Patricia\Desktop\dab.exe
Command switches used :: c:\documents and settings\Patricia\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\drivers\ttxmebrh.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_qmyjpfrd


((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 00:04 . 2010-03-05 00:04 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\Windows Desktop Search
2010-03-03 14:10 . 2010-03-03 14:10 -------- d-----w- c:\documents and settings\Patricia\Application Data\OpenOffice.org
2010-02-28 16:33 . 2010-02-28 16:33 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Search
2010-02-28 04:34 . 2010-02-28 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-27 20:49 . 2010-02-27 20:49 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Desktop Search
2010-02-27 07:38 . 2010-02-27 07:39 -------- d-----w- c:\documents and settings\Jonathan\Application Data\FUJIFILM
2010-02-27 05:26 . 2010-02-27 05:26 -------- d-----w- c:\documents and settings\Patricia\Application Data\Musicmatch
2010-02-27 03:11 . 2010-02-27 03:11 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes
2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes
2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-26 23:35 . 2010-02-26 23:35 -------- d-----w- c:\documents and settings\Patricia\Application Data\Skinux
2010-02-26 23:30 . 2010-02-26 23:30 -------- d-----w- c:\documents and settings\Patricia\Application Data\Teleca
2010-02-21 16:30 . 2010-02-21 16:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\Facebook

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 02:15 . 2010-03-05 02:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-05 00:23 . 2009-12-24 20:32 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\uTorrent
2010-03-05 00:06 . 2007-12-13 22:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\LimeWire
2010-03-02 12:54 . 2007-09-04 00:48 -------- d-----w- c:\program files\Lx_cats
2010-02-28 13:20 . 2010-02-28 04:34 -------- d-----w- c:\program files\PCPitstop
2010-02-28 04:17 . 2010-02-28 04:17 -------- d-----w- c:\program files\trend micro
2010-02-28 03:58 . 2010-02-28 03:58 -------- d-----w- c:\program files\TrendMicro
2010-02-28 02:13 . 2010-02-27 20:48 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-28 01:33 . 2004-11-07 22:03 114672 -c--a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-28 00:28 . 2007-11-26 00:43 -------- d-----w- c:\program files\Zune
2010-02-28 00:18 . 2010-02-28 00:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-27 20:44 . 2010-02-27 20:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-27 20:20 . 2010-02-27 20:20 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-02-27 07:39 . 2009-12-26 17:34 -------- d-----w- c:\program files\FinePixViewer
2010-02-27 05:32 . 2004-10-15 20:23 -------- d-----w- c:\program files\Dell
2010-02-27 05:27 . 2004-10-15 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 03:56 . 2004-10-15 20:22 -------- d-----w- c:\program files\Java
2010-02-27 02:19 . 2010-02-27 02:19 444 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-24 16:47 . 2009-10-04 22:17 -------- d-----w- c:\program files\McAfee
2010-02-24 16:27 . 2010-02-24 16:27 229380 ----a-w- c:\documents and settings\All Users\SPL18F3.tmp
2010-02-24 16:25 . 2010-02-24 16:24 16932868 ----a-w- c:\documents and settings\All Users\SPL18F1.tmp
2010-01-22 16:53 . 2010-01-22 16:53 882 ----a-w- c:\windows\system32\ud-boot-time.cmd
2010-01-07 22:07 . 2010-03-05 02:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-03-05 02:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 20:38 . 2010-01-07 20:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 20:38 . 2010-01-07 20:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-01-07 20:22 . 2009-09-02 05:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 10:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 10:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 10:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 10:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-15 26112]
"Anti bits phone mail"="c:\documents and settings\All Users\Application Data\meowamokantibits\sectregs.exe" [2005-10-22 0]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]
"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"Easy Dock"="c:\documents and settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe" [2009-04-03 573440]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]

c:\documents and settings\Kaitlyn\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-12-26 303104]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\system32"=
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdccoms.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2009 4:24 PM 93320]
S3 HTCAND32;HTC Device Driver;c:\windows\SYSTEM32\DRIVERS\ANDROIDUSB.sys [12/17/2009 5:34 PM 25728]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 7:18 PM 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

2010-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

2010-03-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 04:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
Trusted Zone: musicmatch.com\online
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 20:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4904)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\lxdccoms.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
.
**************************************************************************
.
Completion time: 2010-03-04 20:52:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-05 02:52
ComboFix2.txt 2010-03-02 19:38
ComboFix3.txt 2010-03-02 14:18

Pre-Run: 6,079,791,104 bytes free
Post-Run: 6,046,769,152 bytes free

- - End Of File - - BFB2ABE807261DD5E5EB83AFAEE95726

#10 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 04 March 2010 - 10:07 PM

Here is the hijackthis log file. --dave Malwarebytes' Anti-Malware 1.44 Database version: 3825 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/4/2010 9:05:55 PM mbam-log-2010-03-04 (21-05-54).txt Scan type: Quick Scan Objects scanned: 153235 Time elapsed: 10 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#11 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 04 March 2010 - 10:10 PM

And finally the rsit.exe log file.

--dave

Logfile of random's system information tool 1.06 (written by random/random)
Run by Patricia at 2010-03-04 21:08:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (17%) free of 35 GB
Total RAM: 510 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:32 PM, on 3/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\downloads\RSIT.exe
C:\Program Files\trend micro\Patricia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide....ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1267302751296
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace....ceUploader2.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12232 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-10-15 26112]
"Anti bits phone mail"=C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe []
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-02-05 20480]
"LXDCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 []
"Easy Dock"=C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe [2009-04-03 573440]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-05-27 598016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [2006-01-19 11776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"
"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\SYSTEM32\lxczcoms.exe"="C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:1200 Series Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\lxdccoms.exe"="C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:1300 Series Server"
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Disabled:Device Monitor Appliaction"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener"
"C:\WINDOWS\system32\printer.exe"="C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\spoolvs.exe"="C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\system32\winav.exe"="%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Kaitlyn\Application Data\mcrupdate.exe"="C:\Documents and Settings\Kaitlyn\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Kaitlyn\Application Data\pcpriv.exe"="C:\Documents and Settings\Kaitlyn\Application Data\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Kaitlyn\Application Data\syscleaner.exe"="C:\Documents and Settings\Kaitlyn\Application Data\syscleaner.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-03-04 20:52:31 ----A---- C:\ComboFix.txt
2010-03-04 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-03 08:10:24 ----D---- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org
2010-03-02 07:55:43 ----A---- C:\WINDOWS\system32\proquota.exe
2010-03-02 06:57:37 ----A---- C:\Boot.bak
2010-03-02 06:57:18 ----RASHD---- C:\cmdcons
2010-03-02 06:54:51 ----A---- C:\WINDOWS\zip.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWSC.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWREG.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\sed.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\PEV.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\MBR.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\grep.exe
2010-03-02 06:54:21 ----D---- C:\WINDOWS\ERDNT
2010-03-02 06:53:49 ----D---- C:\Qoobox
2010-02-28 10:33:08 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Search
2010-02-27 22:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2010-02-27 22:34:29 ----D---- C:\Program Files\PCPitstop
2010-02-27 22:17:20 ----D---- C:\Program Files\trend micro
2010-02-27 22:17:10 ----D---- C:\rsit
2010-02-27 21:58:34 ----D---- C:\Program Files\TrendMicro
2010-02-27 20:01:48 ----D---- C:\WINDOWS\UltraDefrag
2010-02-27 19:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-02-27 19:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-02-27 19:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-02-27 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-27 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-02-27 18:10:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-27 14:51:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-02-27 14:49:55 ----D---- C:\WINDOWS\system32\windowspowershell
2010-02-27 14:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2010-02-27 14:49:45 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search
2010-02-27 14:48:58 ----D---- C:\Program Files\Windows Desktop Search
2010-02-27 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-02-27 14:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-02-27 14:46:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-27 14:44:35 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-27 14:43:59 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-27 14:20:28 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe
2010-02-26 23:26:27 ----D---- C:\Documents and Settings\Patricia\Application Data\Musicmatch
2010-02-26 21:59:13 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-26 21:59:12 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-26 21:59:11 ----A---- C:\WINDOWS\system32\java.exe
2010-02-26 21:36:01 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-02-26 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-26 21:11:14 ----D---- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
2010-02-26 20:20:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-26 17:35:24 ----D---- C:\Documents and Settings\Patricia\Application Data\Skinux
2010-02-26 17:30:52 ----D---- C:\Documents and Settings\Patricia\Application Data\Teleca
2010-02-25 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-12 03:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-12 03:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-12 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-12 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-12 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-12 03:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 07:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

======List of files/folders modified in the last 1 months======

2010-03-04 21:06:50 ----D---- C:\WINDOWS\Temp
2010-03-04 20:52:38 ----D---- C:\WINDOWS\system32\DRIVERS
2010-03-04 20:52:26 ----D---- C:\WINDOWS\Prefetch
2010-03-04 20:40:41 ----D---- C:\WINDOWS
2010-03-04 20:40:28 ----A---- C:\WINDOWS\system.ini
2010-03-04 20:36:29 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt
2010-03-04 20:36:24 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2010-03-04 20:36:23 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem #2.txt
2010-03-04 20:36:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-04 20:32:50 ----D---- C:\WINDOWS\system32\CONFIG
2010-03-04 20:28:23 ----D---- C:\WINDOWS\SYSTEM32
2010-03-04 20:28:23 ----D---- C:\WINDOWS\AppPatch
2010-03-04 20:28:18 ----D---- C:\Program Files\Common Files
2010-03-04 20:19:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 20:15:34 ----D---- C:\Program Files
2010-03-04 18:39:44 ----D---- C:\downloads
2010-03-04 18:02:10 ----HD---- C:\WINDOWS\INF
2010-03-02 08:17:27 ----SD---- C:\WINDOWS\Tasks
2010-03-02 07:55:49 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-03-02 06:57:39 ----RASH---- C:\BOOT.INI
2010-03-02 06:54:42 ----D---- C:\Program Files\Lx_cats
2010-02-28 07:22:00 ----SD---- C:\Documents and Settings\Patricia\Application Data\Microsoft
2010-02-27 22:37:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-27 21:59:10 ----SHD---- C:\WINDOWS\Installer
2010-02-27 19:47:08 ----A---- C:\WINDOWS\imsins.BAK
2010-02-27 19:46:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-27 19:02:00 ----D---- C:\Program Files\Windows Media Player
2010-02-27 18:58:32 ----D---- C:\WINDOWS\SECURITY
2010-02-27 18:55:14 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-27 18:54:57 ----RSD---- C:\WINDOWS\ASSEMBLY
2010-02-27 18:49:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-27 18:37:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-27 18:36:39 ----D---- C:\WINDOWS\WinSxS
2010-02-27 18:28:56 ----D---- C:\Program Files\Zune
2010-02-27 18:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-27 18:19:17 ----D---- C:\Program Files\Internet Explorer
2010-02-27 18:19:13 ----D---- C:\WINDOWS\ie8updates
2010-02-27 18:06:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-27 18:05:53 ----RSD---- C:\WINDOWS\Fonts
2010-02-27 14:49:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-27 14:49:02 ----D---- C:\WINDOWS\system32\en-US
2010-02-27 14:48:57 ----D---- C:\WINDOWS\system32\WBEM
2010-02-27 14:45:05 ----A---- C:\WINDOWS\WIN.INI
2010-02-27 14:44:29 ----D---- C:\WINDOWS\Help
2010-02-27 07:23:05 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-02-27 01:39:12 ----D---- C:\Program Files\FinePixViewer
2010-02-27 01:15:57 ----D---- C:\WINDOWS\Sun
2010-02-26 23:32:11 ----D---- C:\Program Files\Dell
2010-02-26 23:27:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-26 23:18:57 ----D---- C:\temp
2010-02-26 23:09:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-02-26 21:56:23 ----D---- C:\Program Files\Java
2010-02-26 21:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2010-02-26 17:25:06 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-02-24 10:47:46 ----D---- C:\Program Files\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-15 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 catchme;catchme; \??\C:\dab\catchme.sys []
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-07-02 25728]
S3 mbr;mbr; \??\C:\DOCUME~1\Patricia\LOCALS~1\Temp\mbr.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]
R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520]
R2 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-12 537520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#12 schrauber

schrauber

    Advanced Member

  • Trusted Malware Techs
  • 723 posts
  • Gender:Male
  • Location:Germany


Posted 05 March 2010 - 04:34 PM

Hi,

How is it running now?


Please copy and paste the content of the codebox below into notepad and save it as fix.reg to your desktop. Be sure to set Save As to all files.

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\winav.exe"=-
"C:\\Documents and Settings\\Kaitlyn\\Application Data\\mcrupdate.exe"=-
"C:\\Documents and Settings\\Kaitlyn\\Application Data\\pcpriv.exe"=-
"C:\\Documents and Settings\\Kaitlyn\\Application Data\\syscleaner.exe"=-

Doubleclick the fix.reg and allow it to merge the info to the registry.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt



Please post back with a fresh RSIT logfile.

Edited by schrauber, 05 March 2010 - 04:35 PM.

regards,
schrauber

Proud Member of ASAP and UNITE since 2009

If I have helped you then please consider donating to continue the fight against malware: Donate

#13 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 05 March 2010 - 08:20 PM

the search engine redirects have been negated. the computer feels faster once a program has been loaded. It still seem slow during the loading and the start up process. FYI this could be because the hard drive is almost full and the page file is spread over 381 fragements. I have tried to defrag the hard drive to no avail.

--dave

Here is the esetscan log file:

==start of esetscan log===
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\5\58ba5ec5-286904c7 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\5\58ba5ec5-526daf8b Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\54\390e62b6-1407550b Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\54\390e62b6-350f3756 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\9\9c58f09-6284c850 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-2dfb3e1f-2032876d.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-2dfb3e1f-638c6f88.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-2dfb3e1f-6aebf6ed.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-2dfb3e1f-6ef1355b.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-3677b51f-33688f72.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kaitlyn\Shared\Dave Koz - Together again - 4_14.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Kaitlyn\Shared\umbrella taylor swift pre-release version.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\40\42123aa8-42c70422 OSX/Exploit.Smid.B trojan deleted - quarantined
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\40\42123aa8-45ad8b05 OSX/Exploit.Smid.B trojan deleted - quarantined
C:\Program Files\Common Files\mrfw\mrfwd\vocabulary Win32/TrojanDownloader.TSUpdate.J trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\amdeaous.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atenmxtn.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\bqusyvti.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cfhkj.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cfhkj.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cfhkj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ehopwynw.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fjvrtjaj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fuhurmwu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fvyslbxs.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gbiogrvm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ggjlm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ggjlm.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ggjlm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gjkmp.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gjkmp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hbmclphw.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hgjlm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hgjlm.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hgjlm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iaewdibs.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iiuugilc.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iowafbqe.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipolghok.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ismvlniy.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\itfwmqjo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\jaasifsu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kkuamydr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kldyaxom.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kngpxgul.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kuyophhh.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\leddqqjx.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\lyyhvvrs.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mpqss.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mpqss.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mpqss.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mvaqwair.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nnwtmebi.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\okecclhd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ovlkdilx.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\owexvogn.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\qqstv.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\qqstv.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sstanesi.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\suqwdiev.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\thavcdwo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ufmxxrvy.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\uuuqbcxi.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vcwqfkcp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wvpbsijq.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xvqdgapg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yxkuddop.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0250999.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251000.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251002.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251003.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251004.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251005.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251006.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251007.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251008.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251009.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251010.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251011.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251012.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251013.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251014.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251015.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251016.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251017.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251018.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251019.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251020.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251021.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251022.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251023.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251024.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251025.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251026.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251027.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251028.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251029.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251030.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251031.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251032.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251033.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251034.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251035.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251036.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251037.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251038.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251039.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251040.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251041.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251042.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\qdiagdwc.ocx probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
==end of esetscan log file==
==start of rsit log file==
Logfile of random's system information tool 1.06 (written by random/random)
Run by Patricia at 2010-03-05 19:11:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (17%) free of 35 GB
Total RAM: 510 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:49 PM, on 3/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Zune\ZuneLauncher.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\downloads\RSIT.exe
C:\Program Files\trend micro\Patricia.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide....ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1267302751296
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace....ceUploader2.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12385 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-10-15 26112]
"Anti bits phone mail"=C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe []
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-02-05 20480]
"LXDCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 []
"Easy Dock"=C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe [2009-04-03 573440]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-05-27 598016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [2006-01-19 11776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"
"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\SYSTEM32\lxczcoms.exe"="C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:1200 Series Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\lxdccoms.exe"="C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:1300 Series Server"
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Disabled:Device Monitor Appliaction"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener"
"C:\WINDOWS\system32\printer.exe"="C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\spoolvs.exe"="C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-03-05 17:23:21 ----D---- C:\Program Files\ESET
2010-03-05 06:33:52 ----SHD---- C:\RECYCLER
2010-03-04 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-03 08:10:24 ----D---- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org
2010-03-02 07:55:43 ----A---- C:\WINDOWS\system32\proquota.exe
2010-03-02 06:57:37 ----A---- C:\Boot.bak
2010-03-02 06:57:18 ----RASHD---- C:\cmdcons
2010-03-02 06:54:51 ----A---- C:\WINDOWS\zip.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWSC.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWREG.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\sed.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\PEV.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\MBR.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\grep.exe
2010-03-02 06:54:21 ----D---- C:\WINDOWS\ERDNT
2010-03-02 06:53:49 ----D---- C:\Qoobox
2010-02-28 10:33:08 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Search
2010-02-27 22:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2010-02-27 22:34:29 ----D---- C:\Program Files\PCPitstop
2010-02-27 22:17:20 ----D---- C:\Program Files\trend micro
2010-02-27 22:17:10 ----D---- C:\rsit
2010-02-27 21:58:34 ----D---- C:\Program Files\TrendMicro
2010-02-27 19:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-02-27 19:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-02-27 19:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-02-27 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-27 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-02-27 18:10:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-27 14:51:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-02-27 14:49:55 ----D---- C:\WINDOWS\system32\windowspowershell
2010-02-27 14:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2010-02-27 14:49:45 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search
2010-02-27 14:48:58 ----D---- C:\Program Files\Windows Desktop Search
2010-02-27 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-02-27 14:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-02-27 14:46:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-27 14:44:35 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-27 14:43:59 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-27 14:20:28 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe
2010-02-26 23:26:27 ----D---- C:\Documents and Settings\Patricia\Application Data\Musicmatch
2010-02-26 21:59:13 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-26 21:59:12 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-26 21:59:11 ----A---- C:\WINDOWS\system32\java.exe
2010-02-26 21:36:01 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-02-26 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-26 21:11:14 ----D---- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
2010-02-26 20:20:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-26 17:35:24 ----D---- C:\Documents and Settings\Patricia\Application Data\Skinux
2010-02-26 17:30:52 ----D---- C:\Documents and Settings\Patricia\Application Data\Teleca
2010-02-25 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-12 03:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-12 03:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-12 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-12 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-12 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-12 03:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 07:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

======List of files/folders modified in the last 1 months======

2010-03-05 19:11:40 ----D---- C:\WINDOWS\Prefetch
2010-03-05 19:10:48 ----D---- C:\downloads
2010-03-05 19:05:17 ----D---- C:\WINDOWS\SYSTEM32
2010-03-05 18:47:30 ----D---- C:\WINDOWS\Temp
2010-03-05 17:23:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-05 17:23:21 ----D---- C:\Program Files
2010-03-05 17:12:20 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt
2010-03-05 17:12:03 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2010-03-05 17:12:02 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem #2.txt
2010-03-05 17:11:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-05 17:11:11 ----D---- C:\WINDOWS
2010-03-05 07:15:12 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-03-05 07:13:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 20:52:38 ----D---- C:\WINDOWS\system32\DRIVERS
2010-03-04 20:40:28 ----A---- C:\WINDOWS\system.ini
2010-03-04 20:32:50 ----D---- C:\WINDOWS\system32\CONFIG
2010-03-04 20:28:23 ----D---- C:\WINDOWS\AppPatch
2010-03-04 20:28:18 ----D---- C:\Program Files\Common Files
2010-03-04 18:02:10 ----HD---- C:\WINDOWS\INF
2010-03-02 08:17:27 ----SD---- C:\WINDOWS\Tasks
2010-03-02 07:55:49 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-03-02 06:57:39 ----RASH---- C:\BOOT.INI
2010-03-02 06:54:42 ----D---- C:\Program Files\Lx_cats
2010-02-28 07:22:00 ----SD---- C:\Documents and Settings\Patricia\Application Data\Microsoft
2010-02-27 21:59:10 ----SHD---- C:\WINDOWS\Installer
2010-02-27 19:47:08 ----A---- C:\WINDOWS\imsins.BAK
2010-02-27 19:46:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-27 19:02:00 ----D---- C:\Program Files\Windows Media Player
2010-02-27 18:58:32 ----D---- C:\WINDOWS\SECURITY
2010-02-27 18:55:14 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-27 18:54:57 ----RSD---- C:\WINDOWS\ASSEMBLY
2010-02-27 18:49:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-27 18:37:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-27 18:36:39 ----D---- C:\WINDOWS\WinSxS
2010-02-27 18:28:56 ----D---- C:\Program Files\Zune
2010-02-27 18:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-27 18:19:17 ----D---- C:\Program Files\Internet Explorer
2010-02-27 18:19:13 ----D---- C:\WINDOWS\ie8updates
2010-02-27 18:06:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-27 18:05:53 ----RSD---- C:\WINDOWS\Fonts
2010-02-27 14:49:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-27 14:49:02 ----D---- C:\WINDOWS\system32\en-US
2010-02-27 14:48:57 ----D---- C:\WINDOWS\system32\WBEM
2010-02-27 14:45:05 ----A---- C:\WINDOWS\WIN.INI
2010-02-27 14:44:29 ----D---- C:\WINDOWS\Help
2010-02-27 01:39:12 ----D---- C:\Program Files\FinePixViewer
2010-02-27 01:15:57 ----D---- C:\WINDOWS\Sun
2010-02-26 23:32:11 ----D---- C:\Program Files\Dell
2010-02-26 23:27:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-26 23:18:57 ----D---- C:\temp
2010-02-26 23:09:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-02-26 21:56:23 ----D---- C:\Program Files\Java
2010-02-26 21:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2010-02-26 17:25:06 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-02-24 10:47:46 ----D---- C:\Program Files\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-15 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Drive

#14 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 05 March 2010 - 08:28 PM

here is the remainder of the rsit log file. --dave ==continuation=== R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 catchme;catchme; \??\C:\dab\catchme.sys [] S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-07-02 25728] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552] S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688] S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296] R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520] R2 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-12 537520] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592] R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216] S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- ==end of rsit log file.

#15 schrauber

schrauber

    Advanced Member

  • Trusted Malware Techs
  • 723 posts
  • Gender:Male
  • Location:Germany


Posted 06 March 2010 - 09:44 AM

Hi,

Please copy and paste the content of the codebox below into notepad and save it as fix.reg to your desktop. Be sure to set Save as to all files.

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32"=-

Doubleclick on fix.reg and allow it to merge the info to the registry.








Download and Run StartupLite


This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of unecessary startup entries will be compiled.
  • Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
  • Leave all the items as Disabled and click Continue.
  • Restart your computer once it's done.
Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.





Please post back with a fresh RSIT logfile and tell me how your system is running.

Edited by schrauber, 06 March 2010 - 09:44 AM.

regards,
schrauber

Proud Member of ASAP and UNITE since 2009

If I have helped you then please consider donating to continue the fight against malware: Donate

#16 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 07 March 2010 - 01:24 AM

During the reboot process, two of the three times a window for the shelliconhiddenwindow popped up asking to be shut down.

The window defragger will only get to approx 25% complete. it stopw and states that some files can not be defragged. I manually defrag the one listed in the log file with systeminternals contig to no avail.

The computer still takes a while to be ready after activating a user. Once started, the programs seem to operate with reasonalbe response time.

Thanks,

--dave

the rsit log file you requested.

==start===
Logfile of random's system information tool 1.06 (written by random/random)
Run by Patricia at 2010-03-07 00:14:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (21%) free of 35 GB
Total RAM: 510 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:21 AM, on 3/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\downloads\RSIT.exe
C:\Program Files\trend micro\Patricia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide....ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1267302751296
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace....ceUploader2.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11625 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Anti bits phone mail"=C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe []
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-02-05 20480]
"LXDCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 []
"Easy Dock"=C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe [2009-04-03 573440]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-05-27 598016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\SYSTEM32\lxczcoms.exe"="C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:1200 Series Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\lxdccoms.exe"="C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:1300 Series Server"
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Disabled:Device Monitor Appliaction"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener"
"C:\WINDOWS\system32\printer.exe"="C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\spoolvs.exe"="C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-03-06 21:35:19 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2010-03-05 17:23:21 ----D---- C:\Program Files\ESET
2010-03-05 06:33:52 ----SHD---- C:\RECYCLER
2010-03-04 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-03 08:10:24 ----D---- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org
2010-03-02 07:55:43 ----A---- C:\WINDOWS\system32\proquota.exe
2010-03-02 06:57:37 ----A---- C:\Boot.bak
2010-03-02 06:57:18 ----RASHD---- C:\cmdcons
2010-03-02 06:54:51 ----A---- C:\WINDOWS\zip.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWSC.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWREG.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\sed.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\PEV.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\MBR.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\grep.exe
2010-03-02 06:54:21 ----D---- C:\WINDOWS\ERDNT
2010-03-02 06:53:49 ----D---- C:\Qoobox
2010-02-28 10:33:08 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Search
2010-02-27 22:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2010-02-27 22:34:29 ----D---- C:\Program Files\PCPitstop
2010-02-27 22:17:20 ----D---- C:\Program Files\trend micro
2010-02-27 22:17:10 ----D---- C:\rsit
2010-02-27 21:58:34 ----D---- C:\Program Files\TrendMicro
2010-02-27 19:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-02-27 19:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-02-27 19:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-02-27 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-27 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-02-27 18:10:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-27 14:51:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-02-27 14:49:55 ----D---- C:\WINDOWS\system32\windowspowershell
2010-02-27 14:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2010-02-27 14:49:45 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search
2010-02-27 14:48:58 ----D---- C:\Program Files\Windows Desktop Search
2010-02-27 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-02-27 14:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-02-27 14:46:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-27 14:44:35 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-27 14:43:59 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-27 14:20:28 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe
2010-02-26 23:26:27 ----D---- C:\Documents and Settings\Patricia\Application Data\Musicmatch
2010-02-26 21:59:13 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-26 21:59:12 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-26 21:59:11 ----A---- C:\WINDOWS\system32\java.exe
2010-02-26 21:36:01 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-02-26 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-26 21:11:14 ----D---- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
2010-02-26 20:20:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-26 17:35:24 ----D---- C:\Documents and Settings\Patricia\Application Data\Skinux
2010-02-26 17:30:52 ----D---- C:\Documents and Settings\Patricia\Application Data\Teleca
2010-02-25 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-12 03:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-12 03:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-12 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-12 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-12 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-12 03:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 07:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

======List of files/folders modified in the last 1 months======

2010-03-07 00:13:02 ----D---- C:\downloads
2010-03-07 00:07:05 ----D---- C:\WINDOWS\Temp
2010-03-06 21:57:43 ----D---- C:\WINDOWS\Prefetch
2010-03-06 21:52:02 ----D---- C:\WINDOWS
2010-03-06 21:50:33 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt
2010-03-06 21:50:27 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2010-03-06 21:50:26 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem #2.txt
2010-03-06 21:50:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-06 21:48:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-06 21:38:19 ----D---- C:\WINDOWS\SYSTEM32
2010-03-06 01:03:38 ----D---- C:\WINDOWS\system32\DRIVERS
2010-03-05 22:39:34 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-03-05 19:50:35 ----D---- C:\WINDOWS\Debug
2010-03-05 19:50:35 ----D---- C:\Program Files\LimeWire
2010-03-05 19:46:29 ----D---- C:\WINDOWS\system32\BWKDLogs
2010-03-05 19:45:38 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-05 19:43:12 ----D---- C:\I386
2010-03-05 17:23:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-05 17:23:21 ----D---- C:\Program Files
2010-03-04 20:40:28 ----A---- C:\WINDOWS\system.ini
2010-03-04 20:32:50 ----D---- C:\WINDOWS\system32\CONFIG
2010-03-04 20:28:23 ----D---- C:\WINDOWS\AppPatch
2010-03-04 20:28:18 ----D---- C:\Program Files\Common Files
2010-03-04 18:02:10 ----HD---- C:\WINDOWS\INF
2010-03-02 08:17:27 ----SD---- C:\WINDOWS\Tasks
2010-03-02 07:55:49 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-03-02 06:57:39 ----RASH---- C:\BOOT.INI
2010-03-02 06:54:42 ----D---- C:\Program Files\Lx_cats
2010-02-28 07:22:00 ----SD---- C:\Documents and Settings\Patricia\Application Data\Microsoft
2010-02-27 21:59:10 ----SHD---- C:\WINDOWS\Installer
2010-02-27 19:47:08 ----A---- C:\WINDOWS\imsins.BAK
2010-02-27 19:46:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-27 19:02:00 ----D---- C:\Program Files\Windows Media Player
2010-02-27 18:58:32 ----D---- C:\WINDOWS\SECURITY
2010-02-27 18:55:14 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-27 18:54:57 ----RSD---- C:\WINDOWS\ASSEMBLY
2010-02-27 18:49:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-27 18:37:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-27 18:36:39 ----D---- C:\WINDOWS\WinSxS
2010-02-27 18:28:56 ----D---- C:\Program Files\Zune
2010-02-27 18:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-27 18:19:17 ----D---- C:\Program Files\Internet Explorer
2010-02-27 18:19:13 ----D---- C:\WINDOWS\ie8updates
2010-02-27 18:06:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-27 18:05:53 ----RSD---- C:\WINDOWS\Fonts
2010-02-27 14:49:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-27 14:49:02 ----D---- C:\WINDOWS\system32\en-US
2010-02-27 14:48:57 ----D---- C:\WINDOWS\system32\WBEM
2010-02-27 14:45:05 ----A---- C:\WINDOWS\WIN.INI
2010-02-27 14:44:29 ----D---- C:\WINDOWS\Help
2010-02-27 01:39:12 ----D---- C:\Program Files\FinePixViewer
2010-02-27 01:15:57 ----D---- C:\WINDOWS\Sun
2010-02-26 23:32:11 ----D---- C:\Program Files\Dell
2010-02-26 23:27:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-26 23:18:57 ----D---- C:\temp
2010-02-26 23:09:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-02-26 21:56:23 ----D---- C:\Program Files\Java
2010-02-26 21:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2010-02-26 17:25:06 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-02-24 10:47:46 ----D---- C:\Program Files\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-15 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\dab\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-07-02 25728]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]
R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520]
R2 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-12 537520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

==end==

#17 schrauber

schrauber

    Advanced Member

  • Trusted Malware Techs
  • 723 posts
  • Gender:Male
  • Location:Germany


Posted 07 March 2010 - 06:24 AM

Hi,

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)
regards,
schrauber

Proud Member of ASAP and UNITE since 2009

If I have helped you then please consider donating to continue the fight against malware: Donate

#18 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 07 March 2010 - 12:00 PM

Here is the lop s&d log file

--dave

==start==

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A01
USER : Patricia ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Not Activated)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:6 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 03/07/2010|10:54 )

--------------------\\ Listing folders in APPLIC~1

[10/15/2004|02:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[10/15/2004|02:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Jasc Software Inc
[03/05/2010|10:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[10/15/2004|02:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sonic
[10/15/2004|02:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[01/05/2009|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[07/26/2007|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/30/2009|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[07/08/2007|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[07/08/2007|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/08/2007|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/25/2006|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[12/30/2009|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[10/15/2004|02:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[02/28/2008|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[02/26/2010|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[02/16/2008|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[12/17/2009|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HTC
[06/05/2009|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[02/26/2010|08:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[12/01/2009|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/16/2008|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[10/21/2005|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> meowamokantibits
[02/27/2010|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[06/22/2008|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Musicnotes
[03/07/2010|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[02/28/2010|07:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PCPitstop
[10/15/2004|02:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[10/15/2004|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[10/04/2009|04:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[02/16/2008|02:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[12/17/2009|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Teleca
[12/30/2009|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[06/08/2006|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[01/10/2007|04:33] C:\DOCUME~1\APPLIC~1\APPLIC~1\<DIR> Microsoft

[10/15/2004|02:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[10/15/2004|02:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Jasc Software Inc
[10/15/2004|02:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[10/15/2004|02:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sonic
[10/15/2004|02:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[04/13/2006|06:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Adobe
[10/04/2009|12:38] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> AdobeUM
[12/05/2004|05:43] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Aim
[11/24/2004|10:24] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> AOL
[06/26/2005|11:03] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> CyberLink
[04/12/2006|06:55] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> FilmLoop
[02/27/2010|01:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> FUJIFILM
[02/16/2008|08:34] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Google
[02/16/2008|08:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Gtek
[03/05/2010|10:29] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Help
[10/15/2004|02:00] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Identities
[12/19/2005|10:30] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> iMesh
[10/15/2004|02:28] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Jasc Software Inc
[11/04/2004|07:14] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Macromedia
[02/26/2010|08:20] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Malwarebytes
[11/04/2004|07:07] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> McAfee.com Personal Firewall
[10/22/2005|12:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> memo gpl move
[02/27/2010|01:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Microsoft
[02/16/2008|08:31] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> MySpace
[10/21/2005|10:08] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Show Fast Debug
[10/04/2009|12:44] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Skinux
[08/01/2005|11:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sonic
[10/15/2004|02:22] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sun

[11/30/2009|06:20] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Adobe
[07/26/2007|06:31] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> AdobeAUM
[12/21/2004|08:51] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> AdobeUM
[08/23/2009|06:18] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Aim
[11/07/2004|11:58] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> AOL
[06/22/2006|08:35] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Apple Computer
[02/20/2007|08:51] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Corel
[02/07/2005|12:09] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> CyberLink
[02/21/2010|10:31] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Facebook
[12/26/2009|12:32] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> FUJIFILM
[06/23/2007|02:08] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Google
[02/16/2008|03:05] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Gtek
[05/14/2005|11:58] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Help
[10/15/2004|02:00] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Identities
[01/27/2008|05:44] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> iMesh
[12/26/2009|11:25] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> InstallShield
[08/19/2005|08:38] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Jasc
[10/15/2004|02:28] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Jasc Software Inc
[06/24/2009|07:10] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> KodakCredentialStore
[04/04/2005|07:06] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Leadertech
[03/02/2009|08:23] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Lexmark Imaging Studio
[03/04/2010|06:06] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> LimeWire
[03/05/2006|08:13] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Macromedia
[01/08/2005|10:07] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> McAfee.com
[10/20/2004|04:41] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> McAfee.com Personal Firewall
[10/22/2005|03:15] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> memo gpl move
[12/30/2009|12:59] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Microsoft
[12/30/2009|12:52] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Mozilla
[07/18/2009|09:23] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Musicmatch
[01/05/2007|11:51] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> MySpace
[05/14/2009|07:02] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> OpenOffice.org
[10/22/2005|03:15] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Show Fast Debug
[02/16/2008|01:54] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> SiteAdvisor
[06/05/2009|05:50] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Skinux
[04/04/2005|07:07] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Sonic
[10/15/2004|02:22] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Sun
[12/17/2009|05:54] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Teleca
[03/04/2010|06:23] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> uTorrent
[03/09/2007|07:39] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Viewpoint
[12/31/2008|08:47] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> WeatherBug
[03/04/2010|06:04] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Windows Desktop Search
[03/22/2009|07:17] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Yahoo!
[10/15/2005|09:54] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Yahoo! Messenger

[02/28/2010|11:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[08/24/2007|02:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[08/30/2006|04:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> GTek
[02/03/2005|04:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[12/06/2009|01:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee
[10/20/2004|04:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[02/27/2010|02:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/05/2009|06:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore
[10/21/2005|10:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Show Fast Debug
[02/28/2010|08:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Sun

[02/25/2010|11:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[02/22/2010|07:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[09/20/2009|11:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[02/24/2010|10:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Sun

[03/07/2010|12:59] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Adobe
[10/26/2004|04:59] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> AdobeUM
[12/07/2004|06:07] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Aim
[09/08/2005|06:48] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> AOL
[03/07/2010|12:51] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Apple Computer
[09/08/2005|05:36] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Corel
[04/29/2006|08:42] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> FilmLoop
[02/17/2008|03:17] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Google
[07/06/2008|10:01] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Gtek
[12/28/2004|08:10] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Help
[10/15/2004|02:00] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Identities
[10/15/2004|02:28] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Jasc Software Inc
[10/26/2004|05:36] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Leadertech
[10/26/2004|06:12] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Macromedia
[02/26/2010|09:11] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Malwarebytes
[01/04/2005|05:01] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> McAfee.com
[10/23/2004|09:01] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> McAfee.com Personal Firewall
[02/28/2010|07:22] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Microsoft
[02/26/2010|11:26] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Musicmatch
[02/17/2008|03:08] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> MySpace
[03/03/2010|08:10] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> OpenOffice.org
[02/26/2010|05:35] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Skinux
[10/15/2004|02:28] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Sonic
[10/15/2004|02:22] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Sun
[02/26/2010|05:30] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Teleca
[02/27/2010|02:49] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Windows Desktop Search
[02/28/2010|10:33] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Windows Search

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/07/2010 12:55 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[02/15/2010 01:00 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[03/01/2010 01:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[03/07/2010 10:09 AM][--a------] C:\WINDOWS\tasks\WGASetup.job
[03/07/2010 10:09 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 AM][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Program Files

[01/29/2007|06:21] C:\Program Files\<DIR> ABBYY FineReader 6.0
[12/30/2009|08:14] C:\Program Files\<DIR> Adobe
[08/21/2005|04:58] C:\Program Files\<DIR> AOD
[03/07/2010|12:55] C:\Program Files\<DIR> Apple Software Update
[11/14/2004|07:00] C:\Program Files\<DIR> AWS
[06/18/2005|07:07] C:\Program Files\<DIR> C2Media
[09/29/2009|04:00] C:\Program Files\<DIR> Citrix
[03/04/2010|08:28] C:\Program Files\<DIR> Common Files
[10/15/2004|02:01] C:\Program Files\<DIR> ComPlus Applications
[12/30/2009|01:02] C:\Program Files\<DIR> CyberLink
[11/02/2004|05:47] C:\Program Files\<DIR> DATA BECKER
[02/26/2010|11:32] C:\Program Files\<DIR> Dell
[02/16/2008|02:29] C:\Program Files\<DIR> Dell Support Center
[04/13/2007|06:42] C:\Program Files\<DIR> DellSupport
[01/13/2007|12:28] C:\Program Files\<DIR> DIFX
[04/29/2005|11:09] C:\Program Files\<DIR> directx
[03/05/2010|05:23] C:\Program Files\<DIR> ESET
[01/29/2007|06:20] C:\Program Files\<DIR> FaxTools
[02/27/2010|01:39] C:\Program Files\<DIR> FinePixViewer
[12/17/2009|05:38] C:\Program Files\<DIR> HTC
[01/05/2009|07:53] C:\Program Files\<DIR> iMesh
[12/16/2005|01:11] C:\Program Files\<DIR> iMesh Applications
[02/26/2010|11:27] C:\Program Files\<DIR> InstallShield Installation Information
[10/15/2004|02:23] C:\Program Files\<DIR> Intel
[02/27/2010|06:19] C:\Program Files\<DIR> Internet Explorer
[01/05/2009|07:00] C:\Program Files\<DIR> iPod
[01/05/2009|07:01] C:\Program Files\<DIR> iTunes
[12/30/2009|08:20] C:\Program Files\<DIR> Jasc Software Inc
[02/26/2010|09:56] C:\Program Files\<DIR> Java
[05/14/2009|06:45] C:\Program Files\<DIR> JRE
[08/08/2009|02:04] C:\Program Files\<DIR> Kodak
[06/08/2006|05:52] C:\Program Files\<DIR> KWCX
[03/02/2009|08:20] C:\Program Files\<DIR> Lexmark 1300 Series
[03/02/2009|08:22] C:\Program Files\<DIR> Lexmark Toolbar
[03/05/2010|07:50] C:\Program Files\<DIR> LimeWire
[03/02/2010|06:54] C:\Program Files\<DIR> Lx_cats
[03/04/2010|08:15] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/24/2010|10:47] C:\Program Files\<DIR> McAfee
[06/26/2005|09:00] C:\Program Files\<DIR> McAfee AntiSpyware 1.00 Install
[10/04/2009|04:19] C:\Program Files\<DIR> McAfee.com
[01/20/2009|03:07] C:\Program Files\<DIR> Messenger
[09/26/2008|03:02] C:\Program Files\<DIR> Messenger Plus! 3
[10/15/2004|02:01] C:\Program Files\<DIR> microsoft frontpage
[02/27/2010|06:18] C:\Program Files\<DIR> Microsoft Silverlight
[10/15/2004|02:23] C:\Program Files\<DIR> Modem Helper
[01/19/2009|09:46] C:\Program Files\<DIR> Movie Maker
[08/19/2009|08:17] C:\Program Files\<DIR> Mozilla Firefox
[08/08/2009|02:20] C:\Program Files\<DIR> MSBuild
[06/07/2005|12:58] C:\Program Files\<DIR> MSN
[10/15/2004|02:01] C:\Program Files\<DIR> MSN Gaming Zone
[11/16/2006|03:01] C:\Program Files\<DIR> MSXML 4.0
[08/15/2007|02:05] C:\Program Files\<DIR> MSXML 6.0
[07/18/2009|09:23] C:\Program Files\<DIR> MUSICMATCH
[09/25/2005|08:34] C:\Program Files\<DIR> My Love
[12/30/2009|12:36] C:\Program Files\<DIR> MySpace
[04/29/2005|11:09] C:\Program Files\<DIR> Nancy Drew
[01/19/2009|09:40] C:\Program Files\<DIR> NetMeeting
[10/15/2004|02:01] C:\Program Files\<DIR> Online Services
[05/14/2009|06:44] C:\Program Files\<DIR> OpenOffice.org 3
[08/12/2009|02:06] C:\Program Files\<DIR> Outlook Express
[02/28/2010|07:20] C:\Program Files\<DIR> PCPitstop
[02/23/2009|10:08] C:\Program Files\<DIR> PokerStars
[03/07/2010|01:04] C:\Program Files\<DIR> QuickTime
[12/30/2009|12:59] C:\Program Files\<DIR> Real
[08/08/2009|02:19] C:\Program Files\<DIR> Reference Assemblies
[10/12/2005|07:01] C:\Program Files\<DIR> Show Fast Debug
[02/16/2008|01:54] C:\Program Files\<DIR> SiteAdvisor
[10/15/2004|02:25] C:\Program Files\<DIR> Sonic
[03/07/2010|12:14] C:\Program Files\<DIR> trend micro
[02/27/2010|09:58] C:\Program Files\<DIR> TrendMicro
[11/02/2004|05:46] C:\Program Files\<DIR> Uninstall Information
[12/24/2009|02:34] C:\Program Files\<DIR> uTorrent
[12/30/2009|08:28] C:\Program Files\<DIR> Viewpoint
[02/16/2008|03:05] C:\Program Files\<DIR> WebCyberCoach
[12/30/2009|12:57] C:\Program Files\<DIR> WildTangent
[02/27/2010|08:13] C:\Program Files\<DIR> Windows Desktop Search
[02/27/2010|02:44] C:\Program Files\<DIR> Windows Media Connect 2
[02/27/2010|07:02] C:\Program Files\<DIR> Windows Media Player
[01/19/2009|09:39] C:\Program Files\<DIR> Windows NT
[10/15/2004|02:01] C:\Program Files\<DIR> WindowsUpdate
[10/15/2004|02:32] C:\Program Files\<DIR> WordPerfect Office 12
[10/15/2004|02:01] C:\Program Files\<DIR> XEROX
[12/30/2009|08:29] C:\Program Files\<DIR> Yahoo!
[02/27/2010|06:28] C:\Program Files\<DIR> Zune

--------------------\\ Listing Folders in C:\Program Files\Common Files

[12/30/2009|12:44] C:\Program Files\Common Files\<DIR> Adobe
[12/30/2009|12:30] C:\Program Files\Common Files\<DIR> AOL
[03/07/2010|12:56] C:\Program Files\Common Files\<DIR> Apple
[10/15/2004|02:32] C:\Program Files\Common Files\<DIR> Borland Shared
[01/13/2007|12:28] C:\Program Files\Common Files\<DIR> ComponentOne
[10/15/2004|02:32] C:\Program Files\Common Files\<DIR> Corel
[06/08/2006|05:50] C:\Program Files\Common Files\<DIR> InstallShield
[10/15/2004|02:22] C:\Program Files\Common Files\<DIR> Java
[06/05/2009|04:34] C:\Program Files\Common Files\<DIR> Kodak
[10/04/2009|04:19] C:\Program Files\Common Files\<DIR> McAfee
[02/27/2010|06:06] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/04/2008|03:49] C:\Program Files\Common Files\<DIR> mrfw
[10/15/2004|02:00] C:\Program Files\Common Files\<DIR> MSSoap
[01/16/2005|10:01] C:\Program Files\Common Files\<DIR> NSV
[10/15/2004|02:26] C:\Program Files\Common Files\<DIR> Nullsoft
[10/15/2004|02:00] C:\Program Files\Common Files\<DIR> ODBC
[10/15/2004|02:26] C:\Program Files\Common Files\<DIR> Real
[10/15/2004|02:00] C:\Program Files\Common Files\<DIR> Services
[10/15/2004|02:25] C:\Program Files\Common Files\<DIR> Sonic
[10/15/2004|02:00] C:\Program Files\Common Files\<DIR> SpeechEngines
[02/16/2008|02:28] C:\Program Files\Common Files\<DIR> supportsoft
[01/19/2009|09:39] C:\Program Files\Common Files\<DIR> System
[12/17/2009|05:40] C:\Program Files\Common Files\<DIR> Teleca Shared
[12/26/2009|12:26] C:\Program Files\Common Files\<DIR> Windows Live
[08/31/2008|03:43] C:\Program Files\Common Files\<DIR> WinFixer 2005
[07/05/2007|08:09] C:\Program Files\Common Files\<DIR> YGP

--------------------\\ Process

( 66 Processes )

iexplore.exe ~ [PID:4276]
iexplore.exe ~ [PID:2060]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\Program Files\C2Media
C:\DOCUME~1\Patricia\Cookies\patricia@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 10:55:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:14][D:2]-> C:\DOCUME~1\Patricia\LOCALS~1\Temp
[F:120][D:0]-> C:\DOCUME~1\Patricia\Cookies
[F:889][D:4]-> C:\DOCUME~1\Patricia\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 03/07/2010|10:57 - Option : [1]

--------------------\\ Scan completed at 10:57:20

==end==

#19 schrauber

schrauber

    Advanced Member

  • Trusted Malware Techs
  • 723 posts
  • Gender:Male
  • Location:Germany


Posted 09 March 2010 - 12:17 AM

Hi, Please post back with a fresh RSIT logfile.

Edited by schrauber, 09 March 2010 - 12:19 AM.

regards,
schrauber

Proud Member of ASAP and UNITE since 2009

If I have helped you then please consider donating to continue the fight against malware: Donate

#20 dbrown708

dbrown708

    Member

  • Members
  • 43 posts
  • Location:Mississippi USA


Posted 09 March 2010 - 08:19 AM

Here is the rsit file you asked for. mafee was disabled.

--dave

==start==
Logfile of random's system information tool 1.06 (written by random/random)
Run by Patricia at 2010-03-09 07:09:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (20%) free of 35 GB
Total RAM: 510 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:39 AM, on 3/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\downloads\RSIT.exe
C:\Program Files\trend micro\Patricia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide....ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1267302751296
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace....ceUploader2.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11896 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Anti bits phone mail"=C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe []
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-02-05 20480]
"LXDCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 []
"Easy Dock"=C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe [2009-04-03 573440]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-05-27 598016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\SYSTEM32\lxczcoms.exe"="C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:1200 Series Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\lxdccoms.exe"="C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:1300 Series Server"
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Disabled:Device Monitor Appliaction"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener"
"C:\WINDOWS\system32\printer.exe"="C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\spoolvs.exe"="C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-03-07 10:54:02 ----A---- C:\lopR.txt
2010-03-07 10:53:19 ----D---- C:\Lop SD
2010-03-07 01:01:46 ----D---- C:\Program Files\QuickTime
2010-03-07 00:59:40 ----SHD---- C:\Config.Msi
2010-03-07 00:55:21 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-03-07 00:51:31 ----D---- C:\Documents and Settings\Patricia\Application Data\Apple Computer
2010-03-06 21:35:19 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2010-03-05 17:23:21 ----D---- C:\Program Files\ESET
2010-03-05 06:33:52 ----SHD---- C:\RECYCLER
2010-03-04 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-03 08:10:24 ----D---- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org
2010-03-02 07:55:43 ----A---- C:\WINDOWS\system32\proquota.exe
2010-03-02 06:57:37 ----A---- C:\Boot.bak
2010-03-02 06:57:18 ----RASHD---- C:\cmdcons
2010-03-02 06:54:51 ----A---- C:\WINDOWS\zip.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWSC.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWREG.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\sed.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\PEV.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\MBR.exe
2010-03-02 06:54:51 ----A---- C:\WINDOWS\grep.exe
2010-03-02 06:54:21 ----D---- C:\WINDOWS\ERDNT
2010-03-02 06:53:49 ----D---- C:\Qoobox
2010-02-28 10:33:08 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Search
2010-02-27 22:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2010-02-27 22:34:29 ----D---- C:\Program Files\PCPitstop
2010-02-27 22:17:20 ----D---- C:\Program Files\trend micro
2010-02-27 22:17:10 ----D---- C:\rsit
2010-02-27 21:58:34 ----D---- C:\Program Files\TrendMicro
2010-02-27 19:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-02-27 19:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-02-27 19:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-02-27 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-27 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-02-27 18:10:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-27 14:51:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-02-27 14:49:55 ----D---- C:\WINDOWS\system32\windowspowershell
2010-02-27 14:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2010-02-27 14:49:45 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search
2010-02-27 14:48:58 ----D---- C:\Program Files\Windows Desktop Search
2010-02-27 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-02-27 14:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-02-27 14:46:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-27 14:44:35 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-27 14:43:59 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-27 14:20:28 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe
2010-02-26 23:26:27 ----D---- C:\Documents and Settings\Patricia\Application Data\Musicmatch
2010-02-26 21:59:13 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-26 21:59:12 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-26 21:59:11 ----A---- C:\WINDOWS\system32\java.exe
2010-02-26 21:36:01 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-02-26 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-26 21:11:14 ----D---- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
2010-02-26 20:20:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-26 17:35:24 ----D---- C:\Documents and Settings\Patricia\Application Data\Skinux
2010-02-26 17:30:52 ----D---- C:\Documents and Settings\Patricia\Application Data\Teleca
2010-02-25 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-12 03:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-12 03:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-12 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-12 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-12 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-12 03:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 07:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

======List of files/folders modified in the last 1 months======

2010-03-09 07:09:52 ----D---- C:\WINDOWS\Prefetch
2010-03-09 07:07:07 ----D---- C:\WINDOWS\Temp
2010-03-09 06:59:33 ----D---- C:\Program Files\Lx_cats
2010-03-09 06:59:00 ----D---- C:\WINDOWS
2010-03-09 06:58:54 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt
2010-03-09 06:58:24 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2010-03-09 06:58:23 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem #2.txt
2010-03-09 06:58:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-07 11:22:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-07 10:53:15 ----D---- C:\downloads
2010-03-07 10:10:27 ----D---- C:\Program Files
2010-03-07 10:10:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-07 01:05:08 ----SHD---- C:\WINDOWS\Installer
2010-03-07 01:01:49 ----D---- C:\WINDOWS\SYSTEM32
2010-03-07 00:59:18 ----D---- C:\Documents and Settings\Patricia\Application Data\Adobe
2010-03-07 00:57:10 ----D---- C:\WINDOWS\WinSxS
2010-03-07 00:56:55 ----D---- C:\Program Files\Common Files\Apple
2010-03-07 00:55:58 ----SD---- C:\WINDOWS\Tasks
2010-03-07 00:55:30 ----D---- C:\Program Files\Apple Software Update
2010-03-06 01:03:38 ----D---- C:\WINDOWS\system32\DRIVERS
2010-03-05 22:39:34 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-03-05 19:50:35 ----D---- C:\WINDOWS\Debug
2010-03-05 19:50:35 ----D---- C:\Program Files\LimeWire
2010-03-05 19:46:29 ----D---- C:\WINDOWS\system32\BWKDLogs
2010-03-05 19:45:38 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-05 19:43:12 ----D---- C:\I386
2010-03-04 20:40:28 ----A---- C:\WINDOWS\system.ini
2010-03-04 20:32:50 ----D---- C:\WINDOWS\system32\CONFIG
2010-03-04 20:28:23 ----D---- C:\WINDOWS\AppPatch
2010-03-04 20:28:18 ----D---- C:\Program Files\Common Files
2010-03-04 18:02:10 ----HD---- C:\WINDOWS\INF
2010-03-02 07:55:49 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-03-02 06:57:39 ----RASH---- C:\BOOT.INI
2010-02-28 07:22:00 ----SD---- C:\Documents and Settings\Patricia\Application Data\Microsoft
2010-02-27 19:47:08 ----A---- C:\WINDOWS\imsins.BAK
2010-02-27 19:46:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-27 19:02:00 ----D---- C:\Program Files\Windows Media Player
2010-02-27 18:58:32 ----D---- C:\WINDOWS\SECURITY
2010-02-27 18:55:14 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-27 18:54:57 ----RSD---- C:\WINDOWS\ASSEMBLY
2010-02-27 18:49:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-27 18:37:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-27 18:28:56 ----D---- C:\Program Files\Zune
2010-02-27 18:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-27 18:19:17 ----D---- C:\Program Files\Internet Explorer
2010-02-27 18:19:13 ----D---- C:\WINDOWS\ie8updates
2010-02-27 18:06:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-27 18:05:53 ----RSD---- C:\WINDOWS\Fonts
2010-02-27 14:49:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-27 14:49:02 ----D---- C:\WINDOWS\system32\en-US
2010-02-27 14:48:57 ----D---- C:\WINDOWS\system32\WBEM
2010-02-27 14:45:05 ----A---- C:\WINDOWS\WIN.INI
2010-02-27 14:44:29 ----D---- C:\WINDOWS\Help
2010-02-27 01:39:12 ----D---- C:\Program Files\FinePixViewer
2010-02-27 01:15:57 ----D---- C:\WINDOWS\Sun
2010-02-26 23:32:11 ----D---- C:\Program Files\Dell
2010-02-26 23:27:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-26 23:18:57 ----D---- C:\temp
2010-02-26 23:09:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-02-26 21:56:23 ----D---- C:\Program Files\Java
2010-02-26 21:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2010-02-26 17:25:06 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-02-24 10:47:46 ----D---- C:\Program Files\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-15 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\dab\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-07-02 25728]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]
R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520]
R2 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-12 537520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
==end==




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users