Jump to content
Sign in to follow this  
dbrown708

IE8 Redirects Search Engine Results

Recommended Posts

This computer had the pc diagnostic infection. I removed the malware with malwarebytes program.

 

The IE8 is redirecting google searchs to random websites.

 

Mcafee protection does not find any problems.

 

This computer seems sluggish also.

 

What is the first step?

 

below are the log files.

 

===rsjit info.txt===

info.txt logfile of random's system information tool 1.06 2010-02-27 22:18:25

 

======Uninstall list======

 

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}

-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log

Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}

CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}

CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}

CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}

Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s

Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall

Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}

DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}

ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}

ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}

ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}

ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}

ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}

ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}

ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}

essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}

FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel

FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9

FinePixViewer Resource-->C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly

FinePixViewer Ver.5.5-->C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly

FinePixViewer YTUPL-->C:\Program Files\InstallShield Installation Information\{65EB09A3-993B-401E-8936-C9708CBFAB26}\Setup.exe -runfromtemp -l0x0009 -removeonly

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}

HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

HTC Driver-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}

HTC Sync-->MsiExec.exe /I{D5AF36E3-D72D-4E30-AB64-48A98BDDEE73}

Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"

Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572

Intel® PRO Network Adapters and Drivers-->Prounstl.exe

Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}

Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}

iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033

iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}

J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}

Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}

kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}

kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}

kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}

kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}

kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}

kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}

Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_68bc5f58\Setup.exe /APR-REMOVE

Lexmark 1300 Series-->C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe

Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"

LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"

Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9

Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst

netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}

OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}

OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}

QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}

RCA easyRip 2.1.7.0-->"C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\unins000.exe"

RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}

SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}

skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}

SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}

Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}

staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}

tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}

WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG

WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows PowerShell 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"

Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Zune Language Pack (DE)-->MsiExec.exe /X{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}

Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}

Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}

Zune Language Pack (IT)-->MsiExec.exe /X{40EC6323-497B-44DA-8A88-74578622D9B3}

Zune-->c:\Program Files\Zune\ZuneSetup.exe /x

Zune-->MsiExec.exe /X{888FFC82-688D-46AB-A776-B417885432B6}

 

Hosts File Missing

======Security center information======

 

AV: McAfee VirusScan

FW: McAfee Personal Firewall

 

======System event log======

 

Computer Name: THORNTON

Event Code: 7000

Message: The Network Monitor service failed to start due to the following error:

The system cannot find the file specified.

 

 

Record Number: 3283

Source Name: Service Control Manager

Time Written: 20100107072715.000000-360

Event Type: error

User:

 

Computer Name: THORNTON

Event Code: 1002

Message: The IP address lease 192.168.1.100 for the Network Card with network address 0011113E35A3 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

 

Record Number: 3282

Source Name: Dhcp

Time Written: 20100107072649.000000-360

Event Type: error

User:

 

Computer Name: THORNTON

Event Code: 4226

Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

 

Record Number: 3279

Source Name: Tcpip

Time Written: 20100106185512.000000-360

Event Type: warning

User:

 

Computer Name: THORNTON

Event Code: 7000

Message: The Windows CardSpace service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

 

Record Number: 3270

Source Name: Service Control Manager

Time Written: 20100106101809.000000-360

Event Type: error

User:

 

Computer Name: THORNTON

Event Code: 7009

Message: Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.

 

Record Number: 3269

Source Name: Service Control Manager

Time Written: 20100106101808.000000-360

Event Type: error

User:

 

=====Application event log=====

 

Computer Name: THORNTON

Event Code: 11

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

 

 

Record Number: 15845

Source Name: crypt32

Time Written: 20100209010114.000000-360

Event Type: error

User:

 

Computer Name: THORNTON

Event Code: 11

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

 

 

Record Number: 15842

Source Name: crypt32

Time Written: 20100209010112.000000-360

Event Type: error

User:

 

Computer Name: THORNTON

Event Code: 5051

Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

 

The process will be terminated.

Thread id : 5040 (0x13b0)

 

Thread address : 0x02274768

 

Thread message :

 

Build VSCORE.14.0.0.435 / 5301.4018

Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\rsvpsp.dll

by C:\Program Files\LimeWire\LimeWire.exe

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

 

 

Record Number: 15771

Source Name: McLogEvent

Time Written: 20100205042856.000000-360

Event Type: error

User: NT AUTHORITY\SYSTEM

 

Computer Name: THORNTON

Event Code: 5051

Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

 

The process will be terminated.

Thread id : 1868 (0x74c)

 

Thread address : 0x0228AAE6

 

Thread message :

 

Build VSCORE.14.0.0.435 / 5301.4018

Object being scanned = \Device\HarddiskVolume2\PROGRAM FILES\MCAFEE\VIRUSSCAN\MCINSUPD.EXE

by System

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

 

 

Record Number: 15758

Source Name: McLogEvent

Time Written: 20100204105522.000000-360

Event Type: error

User: NT AUTHORITY\SYSTEM

 

Computer Name: THORNTON

Event Code: 5051

Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

 

The process will be terminated.

Thread id : 392 (0x188)

 

Thread address : 0x021E1CB0

 

Thread message :

 

Build VSCORE.14.0.0.435 / 5301.4018

Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Kaitlyn\Application Data\uTorrent\resume.dat.new

by C:\Program Files\uTorrent\uTorrent.exe

4(3282)(0)

4(2953)(0)

7200(2032)(0)

7595(2032)(0)

7005(1875)(0)

7004(1875)(0)

5006(1875)(0)

5004(1875)(0)

 

 

Record Number: 15748

Source Name: McLogEvent

Time Written: 20100203211704.000000-360

Event Type: error

User: NT AUTHORITY\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared;C:\WINDOWS\system32\WindowsPowerShell\v1.0

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0304

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

 

-----------------EOF-----------------

===hjt.txt (2.03)===

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 10:09:31 PM, on 2/27/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxczcoms.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\lxdccoms.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\taskmgr.exe

c:\PROGRA~1\mcafee\msc\mcshell.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

O2 - BHO: (no name) - {015338AF-CE01-493C-AC6E-FBF3F2191E4E} - C:\Program Files\Messenger\home455101.dll (file missing)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {06A1B5C7-82A2-4721-BB0D-2444D43A0A8F} - C:\WINDOWS\system32\jkhfc.dll (file missing)

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: (no name) - {343BDC5B-04D3-4839-8D58-ECE722CCDF9B} - C:\WINDOWS\system32\vtsqq.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {60BE9701-10F2-4008-B05C-3DBE44A5B193} - C:\WINDOWS\system32\ssqpm.dll (file missing)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {9DD4168D-F6EE-463E-A9CE-6460CC83F882} - C:\WINDOWS\system32\pmkjg.dll (file missing)

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F750EC2B-D401-19C6-B1EF-78A40830DCEA} - C:\DOCUME~1\Kaitlyn\APPLIC~1\MEMOGP~1\store hold.exe (file missing)

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [F8FB01F8F9FEFD0] BFC2C7BFC0C5C.exe

O4 - HKLM\..\Run: [smgr] mgrs.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"

O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"

O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1267302751296

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/en/10/install/gtdownde.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)

O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)

O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll (file missing)

O20 - Winlogon Notify: mljjghf - mljjghf.dll (file missing)

O21 - SSODL: pemowopak - {c3c3e280-1866-4ed3-b4cc-e7a7ea04d9ea} - c:\windows\system32\zobomisi.dll (file missing)

O21 - SSODL: wojifinib - {1ea14c41-e4d2-49e9-a825-21062e23ab9a} - c:\windows\system32\tumudono.dll (file missing)

O21 - SSODL: vagivafam - {d77a1412-515c-492c-a240-6ef7f902f258} - c:\windows\system32\tumudono.dll (file missing)

O21 - SSODL: mawijovem - {e79d734a-e451-4d68-a4d2-21a9fc2436e1} - c:\windows\system32\dodasito.dll (file missing)

O21 - SSODL: jibeyezib - {f796e740-bcd7-4c9b-8954-64f3ba2dd9fd} - (no file)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: mujuzedij - {c3c3e280-1866-4ed3-b4cc-e7a7ea04d9ea} - c:\windows\system32\zobomisi.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {1ea14c41-e4d2-49e9-a825-21062e23ab9a} - c:\windows\system32\tumudono.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {d77a1412-515c-492c-a240-6ef7f902f258} - c:\windows\system32\tumudono.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {e79d734a-e451-4d68-a4d2-21a9fc2436e1} - c:\windows\system32\dodasito.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {f796e740-bcd7-4c9b-8954-64f3ba2dd9fd} - (no file)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

 

--

End of file - 15125 bytes

 

===hjt.txt (2.02)===

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:17:55 PM, on 2/27/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxczcoms.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\lxdccoms.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

Share this post


Link to post
Share on other sites

Hello, dbrown708

Welcome to the PCPitstop Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

 

 

 

Please take note of some guidelines for this fix:

  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.

    Click Start, open My Computer, select the Tools menu and click Folder Options.

    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

    Uncheck: Hide file extensions for known file types

    Uncheck the Hide protected operating system files (recommended) option.

    Click Yes to confirm.

 

 

 

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Share this post


Link to post
Share on other sites

here is the log file you have requested.

 

Thanks,

 

--dave

 

==start==

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit quick scan 2010-02-28 07:27:48

Windows 5.1.2600 Service Pack 3

Running: hsv6m031.exe; Driver: C:\DOCUME~1\Patricia\LOCALS~1\Temp\agrcipog.sys

 

 

---- System - GMER 1.0.15 ----

 

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEBF8778A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEBF87821]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEBF87738]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEBF8774C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEBF87835]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEBF87861]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEBF878CF]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEBF878B9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEBF877CA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEBF878FB]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEBF8780D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEBF87710]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEBF87724]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEBF8779E]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEBF87937]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEBF878A3]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEBF8788D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEBF8784B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEBF87923]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEBF8790F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEBF87776]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEBF87762]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEBF87877]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEBF877F9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEBF878E5]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEBF877E0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEBF877B4]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

 

Device -> \Driver\atapi \Device\Harddisk0\DR0 82AE5A9A

 

---- Files - GMER 1.0.15 ----

 

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

 

---- EOF - GMER 1.0.15 ----

==end==

Share this post


Link to post
Share on other sites

Hi,

 

 

Please go here and have a look how you can disable your security software.

 

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

 

Link 1

Link 2

 

 

 

--------------------------------------------------------------------

 

Double click on the renamed Combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

 

If you need help, see this link:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Share this post


Link to post
Share on other sites

The first time of running combofix the following error occured (BSOD)

BAR_POOL_CALLER

Stop:0x000000c2 (0x00000007,0x00000CD4,0x00000000,0x8056274E)

 

Second time thru produced this log file. Note: i used dab.exe instead of schrauber to rename combofix.

 

Thanks,

 

--dave

 

===start===

ComboFix 10-03-01.03 - Patricia 03/02/2010 7:42.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.116 [GMT -6:00]

Running from: c:\downloads\dab.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Documents\ebexiromyt.inf

c:\documents and settings\Kaitlyn\Application Data\anorinysir.vbs

c:\documents and settings\Kaitlyn\Application Data\iniasd.txt

c:\documents and settings\Kaitlyn\Application Data\sedeq.bat

c:\documents and settings\Kaitlyn\Application Data\ugiroj.bat

c:\documents and settings\Kaitlyn\Cookies\aganujihih.scr

c:\documents and settings\Kaitlyn\Cookies\atic.reg

c:\documents and settings\Kaitlyn\Cookies\ezebivyta.db

c:\documents and settings\Kaitlyn\Cookies\ireqyg.vbs

c:\documents and settings\Kaitlyn\Cookies\jyvefuzo.inf

c:\documents and settings\Kaitlyn\Cookies\nozaban.dll

c:\documents and settings\Kaitlyn\Cookies\tulaziji.vbs

c:\documents and settings\Kaitlyn\Cookies\ulynivoti.bin

c:\documents and settings\Kaitlyn\Cookies\zalypir.reg

c:\documents and settings\Kaitlyn\Local Settings\Application Data\genybuc.reg

c:\documents and settings\Kaitlyn\Local Settings\Application Data\jygeb.vbs

c:\documents and settings\Kaitlyn\Local Settings\Application Data\siwe.bat

c:\program files\Altnet

c:\program files\Altnet\Download Manager\altinst1.dll

c:\program files\Altnet\Download Manager\altinst2.dll

c:\program files\Common Files\ugoc.reg

c:\program files\iMeshBar

c:\program files\kernel

C:\WA6P

c:\windows\arohi.exe

c:\windows\gerybisok.scr

c:\windows\onipoxaqi.inf

c:\windows\osekiqygo.vbs

c:\windows\system32\amdeaous.ini

c:\windows\system32\atenmxtn.ini

c:\windows\system32\bomyz.vbs

c:\windows\system32\bqusyvti.ini

c:\windows\SYSTEM32\cfhkj.bak1

c:\windows\SYSTEM32\cfhkj.bak2

c:\windows\SYSTEM32\cfhkj.ini

c:\windows\system32\ehopwynw.ini

c:\windows\system32\fjvrtjaj.ini

c:\windows\system32\fuhurmwu.ini

c:\windows\system32\fvyslbxs.ini

c:\windows\system32\gbiogrvm.ini

c:\windows\SYSTEM32\ggjlm.bak1

c:\windows\SYSTEM32\ggjlm.bak2

c:\windows\system32\ggjlm.ini

c:\windows\SYSTEM32\gjkmp.bak1

c:\windows\system32\gjkmp.ini

c:\windows\system32\hbmclphw.ini

c:\windows\SYSTEM32\hgjlm.bak1

c:\windows\SYSTEM32\hgjlm.bak2

c:\windows\system32\hgjlm.ini

c:\windows\system32\iaewdibs.ini

c:\windows\system32\iiuugilc.ini

c:\windows\system32\iowafbqe.ini

c:\windows\system32\ipolghok.ini

c:\windows\system32\ismvlniy.ini

c:\windows\system32\itfwmqjo.ini

c:\windows\system32\jaasifsu.ini

c:\windows\system32\kkuamydr.ini

c:\windows\system32\kldyaxom.ini

c:\windows\system32\kngpxgul.ini

c:\windows\system32\kuyophhh.ini

c:\windows\system32\leddqqjx.ini

c:\windows\system32\lyyhvvrs.ini

c:\windows\SYSTEM32\mpqss.bak1

c:\windows\SYSTEM32\mpqss.bak2

c:\windows\SYSTEM32\mpqss.ini

c:\windows\system32\mvaqwair.ini

c:\windows\system32\nnwtmebi.ini

c:\windows\system32\okecclhd.ini

c:\windows\system32\ovlkdilx.ini

c:\windows\system32\owexvogn.ini

c:\windows\SYSTEM32\qqstv.bak1

c:\windows\system32\qqstv.ini

c:\windows\system32\sstanesi.ini

c:\windows\system32\suqwdiev.ini

c:\windows\system32\thavcdwo.ini

c:\windows\system32\tumudono.dll

c:\windows\system32\ufmxxrvy.ini

c:\windows\system32\uuuqbcxi.ini

c:\windows\system32\vcwqfkcp.ini

c:\windows\system32\wvpbsijq.ini

c:\windows\system32\xvqdgapg.ini

c:\windows\SYSTEM32\xyadd.bak1

c:\windows\SYSTEM32\xyadd.bak2

c:\windows\system32\xyadd.ini

c:\windows\SYSTEM32\xyadd.ini2

c:\windows\SYSTEM32\xyadd.tmp

c:\windows\system32\yxkuddop.ini

c:\windows\vucunaz.bat

c:\windows\ynyvifede.vbs

 

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it :P

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DOMAINSERVICE

-------\Legacy_FOPN

-------\Legacy_VSPF_HK

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Service_FWSvc

-------\Service_vspf

 

 

((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))

.

 

2010-02-28 16:33 . 2010-02-28 16:33 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Search

2010-02-28 04:34 . 2010-02-28 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-02-27 20:49 . 2010-02-27 20:49 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Desktop Search

2010-02-27 07:38 . 2010-02-27 07:39 -------- d-----w- c:\documents and settings\Jonathan\Application Data\FUJIFILM

2010-02-27 05:26 . 2010-02-27 05:26 -------- d-----w- c:\documents and settings\Patricia\Application Data\Musicmatch

2010-02-27 03:11 . 2010-02-27 03:11 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes

2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes

2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-26 23:35 . 2010-02-26 23:35 -------- d-----w- c:\documents and settings\Patricia\Application Data\Skinux

2010-02-26 23:30 . 2010-02-26 23:30 -------- d-----w- c:\documents and settings\Patricia\Application Data\Teleca

2010-02-21 16:30 . 2010-02-21 16:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\Facebook

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-02 12:54 . 2007-09-04 00:48 -------- d-----w- c:\program files\Lx_cats

2010-02-28 13:20 . 2010-02-28 04:34 -------- d-----w- c:\program files\PCPitstop

2010-02-28 04:17 . 2010-02-28 04:17 -------- d-----w- c:\program files\trend micro

2010-02-28 03:58 . 2010-02-28 03:58 -------- d-----w- c:\program files\TrendMicro

2010-02-28 02:13 . 2010-02-27 20:48 -------- d-----w- c:\program files\Windows Desktop Search

2010-02-28 01:33 . 2004-11-07 22:03 114672 -c--a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-28 00:28 . 2007-11-26 00:43 -------- d-----w- c:\program files\Zune

2010-02-28 00:18 . 2010-02-28 00:10 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-27 20:44 . 2010-02-27 20:44 -------- d-----w- c:\program files\Windows Media Connect 2

2010-02-27 20:20 . 2010-02-27 20:20 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2010-02-27 07:39 . 2009-12-26 17:34 -------- d-----w- c:\program files\FinePixViewer

2010-02-27 05:32 . 2004-10-15 20:23 -------- d-----w- c:\program files\Dell

2010-02-27 05:27 . 2004-10-15 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-27 03:56 . 2004-10-15 20:22 -------- d-----w- c:\program files\Java

2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 02:19 . 2010-02-27 02:19 444 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-25 18:31 . 2007-12-13 22:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\LimeWire

2010-02-25 18:09 . 2009-12-24 20:32 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\uTorrent

2010-02-24 16:47 . 2009-10-04 22:17 -------- d-----w- c:\program files\McAfee

2010-02-24 16:27 . 2010-02-24 16:27 229380 ----a-w- c:\documents and settings\All Users\SPL18F3.tmp

2010-02-24 16:25 . 2010-02-24 16:24 16932868 ----a-w- c:\documents and settings\All Users\SPL18F1.tmp

2010-01-22 16:53 . 2010-01-22 16:53 882 ----a-w- c:\windows\system32\ud-boot-time.cmd

2010-01-07 22:07 . 2010-02-27 02:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 22:07 . 2010-02-27 02:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-07 20:38 . 2010-01-07 20:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe

2010-01-07 20:38 . 2010-01-07 20:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe

2010-01-07 20:22 . 2009-09-02 05:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys

2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:14 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-16 18:43 . 2004-08-04 10:00 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 19:27 . 2004-08-04 10:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43 . 2004-08-04 10:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2006-05-05 09:41 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-10-04 13:03 . 2009-10-04 13:03 19627 -c--a-w- c:\program files\Common Files\iqebu.com

2009-10-04 13:03 . 2009-10-04 13:03 18138 -c--a-w- c:\program files\Common Files\ojezih.dat

2009-10-04 00:06 . 2009-10-04 00:06 16013 -c--a-w- c:\program files\Common Files\puxybyput.exe

2009-10-04 00:06 . 2009-10-04 00:06 18840 -c--a-w- c:\program files\Common Files\doragulupu.pif

2009-10-03 00:52 . 2009-10-03 00:52 19541 -c--a-w- c:\program files\Common Files\yrer._dl

2009-10-03 00:52 . 2009-10-03 00:52 10262 -c--a-w- c:\program files\Common Files\amoxypugu._sy

2009-10-03 00:26 . 2009-10-03 00:26 14154 -c--a-w- c:\program files\Common Files\tyfezunu.scr

2009-09-29 02:44 . 2009-09-29 02:44 19614 -c--a-w- c:\program files\Common Files\cihonusugu.dll

2009-09-29 02:44 . 2009-09-29 02:44 18545 -c--a-w- c:\program files\Common Files\juciritiko.dll

2009-09-29 02:44 . 2009-09-29 02:44 15605 -c--a-w- c:\program files\Common Files\ysuqywurok.com

2009-09-29 02:44 . 2009-09-29 02:44 15131 -c--a-w- c:\program files\Common Files\anuzob.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-15 26112]

"Anti bits phone mail"="c:\documents and settings\All Users\Application Data\meowamokantibits\sectregs.exe" [2005-10-22 0]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]

"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]

"Easy Dock"="c:\documents and settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe" [2009-04-03 573440]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]

 

c:\documents and settings\Kaitlyn\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-12-26 303104]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\MSMSGS.EXE"=

"c:\\WINDOWS\\system32"=

"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\lxdccoms.exe"=

"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=

 

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2009 4:24 PM 93320]

S0 qmyjpfrd;qmyjpfrd;c:\windows\system32\drivers\ttxmebrh.sys --> c:\windows\system32\drivers\ttxmebrh.sys [?]

S3 HTCAND32;HTC Device Driver;c:\windows\SYSTEM32\DRIVERS\ANDROIDUSB.sys [12/17/2009 5:34 PM 25728]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 10:49 PM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 10:49 PM 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 7:18 PM 23680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

 

2010-02-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

 

2010-03-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

 

2010-03-02 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 04:18]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

Trusted Zone: musicmatch.com\online

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{015338AF-CE01-493C-AC6E-FBF3F2191E4E} - c:\program files\Messenger\home455101.dll

BHO-{06A1B5C7-82A2-4721-BB0D-2444D43A0A8F} - c:\windows\system32\jkhfc.dll

BHO-{343BDC5B-04D3-4839-8D58-ECE722CCDF9B} - c:\windows\system32\vtsqq.dll

BHO-{60BE9701-10F2-4008-B05C-3DBE44A5B193} - c:\windows\system32\ssqpm.dll

BHO-{9DD4168D-F6EE-463E-A9CE-6460CC83F882} - c:\windows\system32\pmkjg.dll

BHO-{F750EC2B-D401-19C6-B1EF-78A40830DCEA} - c:\docume~1\Kaitlyn\APPLIC~1\MEMOGP~1\store hold.exe

Toolbar-Locked - (no file)

HKCU-Run-MessengerPlus3 - c:\program files\Messenger Plus! 3\MsgPlus.exe

HKLM-Run-F8FB01F8F9FEFD0 - BFC2C7BFC0C5C.exe

HKLM-Run-lxdcmon.exe - c:\program files\Lexmark 1300 Series\lxdcmon.exe

SharedTaskScheduler-{c3c3e280-1866-4ed3-b4cc-e7a7ea04d9ea} - c:\windows\system32\zobomisi.dll

SharedTaskScheduler-{1ea14c41-e4d2-49e9-a825-21062e23ab9a} - c:\windows\system32\tumudono.dll

SharedTaskScheduler-{d77a1412-515c-492c-a240-6ef7f902f258} - c:\windows\system32\tumudono.dll

SharedTaskScheduler-{e79d734a-e451-4d68-a4d2-21a9fc2436e1} - c:\windows\system32\dodasito.dll

SharedTaskScheduler-{f796e740-bcd7-4c9b-8954-64f3ba2dd9fd} - (no file)

ShellExecuteHooks-{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - (no file)

SSODL-pemowopak-{c3c3e280-1866-4ed3-b4cc-e7a7ea04d9ea} - c:\windows\system32\zobomisi.dll

SSODL-wojifinib-{1ea14c41-e4d2-49e9-a825-21062e23ab9a} - c:\windows\system32\tumudono.dll

SSODL-vagivafam-{d77a1412-515c-492c-a240-6ef7f902f258} - c:\windows\system32\tumudono.dll

SSODL-mawijovem-{e79d734a-e451-4d68-a4d2-21a9fc2436e1} - c:\windows\system32\dodasito.dll

SSODL-jibeyezib-{f796e740-bcd7-4c9b-8954-64f3ba2dd9fd} - (no file)

Notify-ddayx - c:\windows\system32\ddayx.dll

Notify-mljgh - c:\windows\system32\mljgh.dll

Notify-mljjghf - mljjghf.dll

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-02 08:05

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3556)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxczcoms.exe

c:\windows\system32\lxdccoms.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\ZuneBusEnum.exe

c:\windows\system32\fxssvc.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Zune\ZuneNss.exe

c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe

c:\program files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\Common Files\Teleca Shared\logger.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

.

**************************************************************************

.

Completion time: 2010-03-02 08:18:54 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-02 14:18

 

Pre-Run: 5,498,564,608 bytes free

Post-Run: 6,322,855,936 bytes free

 

- - End Of File - - 1D5055CA5209D690095D3D13F863D68A

===end===

Share this post


Link to post
Share on other sites

Hi,

 

Open notepad and copy/paste the text in the quotebox below into it:

 

http://forums.pcpitstop.com/index.php?act=...25&t=180757

 

Collect::

c:\program files\Common Files\iqebu.com

c:\program files\Common Files\ojezih.dat

c:\program files\Common Files\puxybyput.exe

c:\program files\Common Files\doragulupu.pif

c:\program files\Common Files\yrer._dl

c:\program files\Common Files\amoxypugu._sy

c:\program files\Common Files\tyfezunu.scr

c:\program files\Common Files\cihonusugu.dll

c:\program files\Common Files\juciritiko.dll

c:\program files\Common Files\ysuqywurok.com

c:\program files\Common Files\anuzob.exe

 

 

Save this as CFScript.txt

 

 

Posted Image

 

 

Refering to the picture above, drag CFScript.txt into ComboFix.exe

 

When finished, it shall produce a log for you. Post that log in your next reply.

 

**Note**

 

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Share this post


Link to post
Share on other sites

The bsod error had a type. the correct error is BAD_POOL_CALLER not BAR_POOL_CALLER.

 

FYI, combofix requested an update to a newer version during this run.

 

Here is the log file from combofix which was activated by the script you requested.

 

Thanks again.

 

--dave

==start==

ComboFix 10-03-01.04 - Patricia 03/02/2010 13:17:59.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.197 [GMT -6:00]

Running from: c:\documents and settings\Patricia\Desktop\dab.exe

Command switches used :: c:\documents and settings\Patricia\Desktop\CFScript.txt

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

 

file zipped: c:\program files\Common Files\amoxypugu._sy

file zipped: c:\program files\Common Files\anuzob.exe

file zipped: c:\program files\Common Files\cihonusugu.dll

file zipped: c:\program files\Common Files\doragulupu.pif

file zipped: c:\program files\Common Files\iqebu.com

file zipped: c:\program files\Common Files\juciritiko.dll

file zipped: c:\program files\Common Files\ojezih.dat

file zipped: c:\program files\Common Files\puxybyput.exe

file zipped: c:\program files\Common Files\tyfezunu.scr

file zipped: c:\program files\Common Files\yrer._dl

file zipped: c:\program files\Common Files\ysuqywurok.com

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Common Files\amoxypugu._sy

c:\program files\Common Files\anuzob.exe

c:\program files\Common Files\cihonusugu.dll

c:\program files\Common Files\doragulupu.pif

c:\program files\Common Files\iqebu.com

c:\program files\Common Files\juciritiko.dll

c:\program files\Common Files\ojezih.dat

c:\program files\Common Files\puxybyput.exe

c:\program files\Common Files\tyfezunu.scr

c:\program files\Common Files\yrer._dl

c:\program files\Common Files\ysuqywurok.com

 

.

((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))

.

 

2010-03-02 13:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

2010-03-02 13:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

2010-03-01 05:06 . 2010-03-01 05:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-02-28 16:33 . 2010-02-28 16:33 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Search

2010-02-28 04:34 . 2010-02-28 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-02-28 04:34 . 2010-02-28 13:20 -------- d-----w- c:\program files\PCPitstop

2010-02-28 04:17 . 2010-02-28 04:17 -------- d-----w- c:\program files\trend micro

2010-02-28 04:17 . 2010-02-28 04:18 -------- d-----w- C:\rsit

2010-02-28 03:58 . 2010-02-28 03:58 -------- d-----w- c:\program files\TrendMicro

2010-02-28 02:01 . 2010-02-28 03:26 -------- d-----w- c:\windows\UltraDefrag

2010-02-28 00:46 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-02-28 00:10 . 2010-02-28 00:18 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-27 20:49 . 2010-02-27 20:49 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Desktop Search

2010-02-27 20:48 . 2010-02-28 02:13 -------- d-----w- c:\program files\Windows Desktop Search

2010-02-27 20:44 . 2010-02-27 20:44 -------- d-----w- c:\program files\Windows Media Connect 2

2010-02-27 20:20 . 2010-02-27 20:20 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2010-02-27 07:38 . 2010-02-27 07:39 -------- d-----w- c:\documents and settings\Jonathan\Application Data\FUJIFILM

2010-02-27 05:26 . 2010-02-27 05:26 -------- d-----w- c:\documents and settings\Patricia\Application Data\Musicmatch

2010-02-27 05:22 . 2010-02-27 16:43 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\Musicmatch

2010-02-27 03:36 . 2010-02-27 03:36 -------- d--h--w- c:\windows\system32\GroupPolicy

2010-02-27 03:23 . 2010-02-27 03:24 -------- d-sh--w- c:\documents and settings\Patricia\PrivacIE

2010-02-27 03:11 . 2010-02-27 03:11 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes

2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes

2010-02-27 02:20 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-27 02:20 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 02:19 . 2010-02-27 02:19 444 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-26 23:35 . 2010-02-26 23:35 -------- d-----w- c:\documents and settings\Patricia\Application Data\Skinux

2010-02-26 23:30 . 2010-02-26 23:30 -------- d-----w- c:\documents and settings\Patricia\Application Data\Teleca

2010-02-26 23:29 . 2010-02-26 23:29 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\Apple Computer

2010-02-26 23:23 . 2010-02-26 23:23 -------- d-sh--w- c:\documents and settings\Patricia\IETldCache

2010-02-25 17:19 . 2010-02-25 17:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-02-23 01:19 . 2010-02-23 01:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-02-21 16:30 . 2010-02-21 16:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\Facebook

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-02 12:54 . 2007-09-04 00:48 -------- d-----w- c:\program files\Lx_cats

2010-02-28 03:59 . 2010-02-28 03:59 388096 ----a-r- c:\documents and settings\Patricia\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-02-28 01:33 . 2004-11-07 22:03 114672 -c--a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-28 00:28 . 2007-11-26 00:43 -------- d-----w- c:\program files\Zune

2010-02-27 07:39 . 2009-12-26 17:34 -------- d-----w- c:\program files\FinePixViewer

2010-02-27 05:32 . 2004-10-15 20:23 -------- d-----w- c:\program files\Dell

2010-02-27 05:27 . 2004-10-15 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-27 03:56 . 2004-10-15 20:22 -------- d-----w- c:\program files\Java

2010-02-27 03:22 . 2010-02-27 03:22 152576 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-02-27 03:21 . 2010-02-27 03:17 79488 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-25 18:31 . 2007-12-13 22:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\LimeWire

2010-02-25 18:09 . 2009-12-24 20:32 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\uTorrent

2010-02-24 17:09 . 2009-05-15 01:04 1 ----a-w- c:\documents and settings\Kaitlyn\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-02-24 16:47 . 2009-10-04 22:17 -------- d-----w- c:\program files\McAfee

2010-02-24 16:27 . 2010-02-24 16:27 229380 ----a-w- c:\documents and settings\All Users\SPL18F3.tmp

2010-02-24 16:25 . 2010-02-24 16:24 16932868 ----a-w- c:\documents and settings\All Users\SPL18F1.tmp

2010-02-22 12:32 . 2009-11-12 12:40 79488 ----a-w- c:\documents and settings\Kaitlyn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-21 16:31 . 2010-02-21 16:31 50354 ----a-w- c:\documents and settings\Kaitlyn\Application Data\Facebook\uninstall.exe

2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Kaitlyn\Application Data\Facebook\axfbootloader.dll

2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Kaitlyn\Application Data\Facebook\npfbplugin_1_0_1.dll

2010-01-22 16:53 . 2010-01-22 16:53 882 ----a-w- c:\windows\system32\ud-boot-time.cmd

2010-01-07 20:38 . 2010-01-07 20:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe

2010-01-07 20:38 . 2010-01-07 20:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe

2010-01-07 20:22 . 2009-09-02 05:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys

2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:14 . 2004-08-04 10:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-16 18:43 . 2004-08-04 10:00 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-11 20:33 . 2009-12-11 20:33 20480 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll

2009-12-11 20:33 . 2009-12-11 20:33 18944 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll

2009-12-11 20:33 . 2009-12-11 20:33 17408 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\components\auth.dll

2009-12-11 20:33 . 2009-12-11 20:33 20480 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll

2009-12-11 20:33 . 2009-12-11 20:33 8192 -c--a-w- c:\documents and settings\Kaitlyn\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll

2009-12-08 19:27 . 2004-08-04 10:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43 . 2004-08-04 10:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2006-05-05 09:41 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-15 26112]

"Anti bits phone mail"="c:\documents and settings\All Users\Application Data\meowamokantibits\sectregs.exe" [2005-10-22 0]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]

"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]

"Easy Dock"="c:\documents and settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe" [2009-04-03 573440]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]

 

c:\documents and settings\Kaitlyn\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-12-26 303104]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\MSMSGS.EXE"=

"c:\\WINDOWS\\system32"=

"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\lxdccoms.exe"=

"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=

 

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2009 4:24 PM 93320]

S0 qmyjpfrd;qmyjpfrd;c:\windows\system32\drivers\ttxmebrh.sys --> c:\windows\system32\drivers\ttxmebrh.sys [?]

S3 HTCAND32;HTC Device Driver;c:\windows\SYSTEM32\DRIVERS\ANDROIDUSB.sys [12/17/2009 5:34 PM 25728]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 10:49 PM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 10:49 PM 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 7:18 PM 23680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

 

2010-02-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

 

2010-03-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

 

2010-03-02 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 04:18]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

Trusted Zone: musicmatch.com\online

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-02 13:30

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\igfxdev.dll

.

Completion time: 2010-03-02 13:37:50

ComboFix-quarantined-files.txt 2010-03-02 19:37

ComboFix2.txt 2010-03-02 14:18

 

Pre-Run: 6,225,948,672 bytes free

Post-Run: 6,174,814,208 bytes free

 

- - End Of File - - BDC9DE8E34A3167F4513F4D85E7B8A85

Upload was successful

==end==

Share this post


Link to post
Share on other sites

Looks much better :)

 

 

1. Close any open browsers.

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

3. Open notepad and copy/paste the text in the quotebox below into it:

 

File::

c:\windows\system32\drivers\ttxmebrh.sys

Driver::

qmyjpfrd

 

 

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

 

Posted Image

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

 

Posted Image Please download Malwarebytes' Anti-Malware from Here.

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

 

 

 

 

 

Also please post back with a fresh RSIT logfile.

Share this post


Link to post
Share on other sites

Here is the latest combofix log file. FYI combofix again requested an update.

 

Thanks,

 

--dave

ComboFix 10-03-04.02 - Patricia 03/04/2010 20:20:28.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.235 [GMT -6:00]

Running from: c:\documents and settings\Patricia\Desktop\dab.exe

Command switches used :: c:\documents and settings\Patricia\Desktop\cfscript.txt

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

 

FILE ::

"c:\windows\system32\drivers\ttxmebrh.sys"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_qmyjpfrd

 

 

((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))

.

 

2010-03-05 00:04 . 2010-03-05 00:04 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\Windows Desktop Search

2010-03-03 14:10 . 2010-03-03 14:10 -------- d-----w- c:\documents and settings\Patricia\Application Data\OpenOffice.org

2010-02-28 16:33 . 2010-02-28 16:33 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Search

2010-02-28 04:34 . 2010-02-28 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-02-27 20:49 . 2010-02-27 20:49 -------- d-----w- c:\documents and settings\Patricia\Application Data\Windows Desktop Search

2010-02-27 07:38 . 2010-02-27 07:39 -------- d-----w- c:\documents and settings\Jonathan\Application Data\FUJIFILM

2010-02-27 05:26 . 2010-02-27 05:26 -------- d-----w- c:\documents and settings\Patricia\Application Data\Musicmatch

2010-02-27 03:11 . 2010-02-27 03:11 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes

2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes

2010-02-27 02:20 . 2010-02-27 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-26 23:35 . 2010-02-26 23:35 -------- d-----w- c:\documents and settings\Patricia\Application Data\Skinux

2010-02-26 23:30 . 2010-02-26 23:30 -------- d-----w- c:\documents and settings\Patricia\Application Data\Teleca

2010-02-21 16:30 . 2010-02-21 16:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\Facebook

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-05 02:15 . 2010-03-05 02:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-05 00:23 . 2009-12-24 20:32 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\uTorrent

2010-03-05 00:06 . 2007-12-13 22:31 -------- d-----w- c:\documents and settings\Kaitlyn\Application Data\LimeWire

2010-03-02 12:54 . 2007-09-04 00:48 -------- d-----w- c:\program files\Lx_cats

2010-02-28 13:20 . 2010-02-28 04:34 -------- d-----w- c:\program files\PCPitstop

2010-02-28 04:17 . 2010-02-28 04:17 -------- d-----w- c:\program files\trend micro

2010-02-28 03:58 . 2010-02-28 03:58 -------- d-----w- c:\program files\TrendMicro

2010-02-28 02:13 . 2010-02-27 20:48 -------- d-----w- c:\program files\Windows Desktop Search

2010-02-28 01:33 . 2004-11-07 22:03 114672 -c--a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-28 00:28 . 2007-11-26 00:43 -------- d-----w- c:\program files\Zune

2010-02-28 00:18 . 2010-02-28 00:10 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-27 20:44 . 2010-02-27 20:44 -------- d-----w- c:\program files\Windows Media Connect 2

2010-02-27 20:20 . 2010-02-27 20:20 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2010-02-27 07:39 . 2009-12-26 17:34 -------- d-----w- c:\program files\FinePixViewer

2010-02-27 05:32 . 2004-10-15 20:23 -------- d-----w- c:\program files\Dell

2010-02-27 05:27 . 2004-10-15 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-27 03:56 . 2004-10-15 20:22 -------- d-----w- c:\program files\Java

2010-02-27 02:19 . 2010-02-27 02:19 444 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-24 16:47 . 2009-10-04 22:17 -------- d-----w- c:\program files\McAfee

2010-02-24 16:27 . 2010-02-24 16:27 229380 ----a-w- c:\documents and settings\All Users\SPL18F3.tmp

2010-02-24 16:25 . 2010-02-24 16:24 16932868 ----a-w- c:\documents and settings\All Users\SPL18F1.tmp

2010-01-22 16:53 . 2010-01-22 16:53 882 ----a-w- c:\windows\system32\ud-boot-time.cmd

2010-01-07 22:07 . 2010-03-05 02:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 22:07 . 2010-03-05 02:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-07 20:38 . 2010-01-07 20:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe

2010-01-07 20:38 . 2010-01-07 20:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe

2010-01-07 20:22 . 2009-09-02 05:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys

2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:14 . 2004-08-04 10:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-16 18:43 . 2004-08-04 10:00 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 19:27 . 2004-08-04 10:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43 . 2004-08-04 10:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-15 26112]

"Anti bits phone mail"="c:\documents and settings\All Users\Application Data\meowamokantibits\sectregs.exe" [2005-10-22 0]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]

"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]

"Easy Dock"="c:\documents and settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe" [2009-04-03 573440]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]

 

c:\documents and settings\Kaitlyn\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-12-26 303104]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\MSMSGS.EXE"=

"c:\\WINDOWS\\system32"=

"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\lxdccoms.exe"=

"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=

 

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2009 4:24 PM 93320]

S3 HTCAND32;HTC Device Driver;c:\windows\SYSTEM32\DRIVERS\ANDROIDUSB.sys [12/17/2009 5:34 PM 25728]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 10:49 PM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 10:49 PM 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 7:18 PM 23680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

 

2010-02-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

 

2010-03-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 17:22]

 

2010-03-05 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 04:18]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

Trusted Zone: musicmatch.com\online

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-04 20:40

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(4904)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxczcoms.exe

c:\windows\system32\lxdccoms.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\ZuneBusEnum.exe

c:\program files\Zune\ZuneNss.exe

c:\windows\system32\fxssvc.exe

c:\windows\system32\rundll32.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe

c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\Common Files\Teleca Shared\logger.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

.

**************************************************************************

.

Completion time: 2010-03-04 20:52:30 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-05 02:52

ComboFix2.txt 2010-03-02 19:38

ComboFix3.txt 2010-03-02 14:18

 

Pre-Run: 6,079,791,104 bytes free

Post-Run: 6,046,769,152 bytes free

 

- - End Of File - - BFB2ABE807261DD5E5EB83AFAEE95726

Share this post


Link to post
Share on other sites

Here is the hijackthis log file.

 

--dave

 

Malwarebytes' Anti-Malware 1.44

Database version: 3825

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

3/4/2010 9:05:55 PM

mbam-log-2010-03-04 (21-05-54).txt

 

Scan type: Quick Scan

Objects scanned: 153235

Time elapsed: 10 minute(s), 13 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

And finally the rsit.exe log file.

 

--dave

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Patricia at 2010-03-04 21:08:26

Microsoft Windows XP Professional Service Pack 3

System drive C: has 6 GB (17%) free of 35 GB

Total RAM: 510 MB (31% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:08:32 PM, on 3/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxczcoms.exe

C:\WINDOWS\system32\lxdccoms.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\SYSTEM32\notepad.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\downloads\RSIT.exe

C:\Program Files\trend micro\Patricia.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"

O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1267302751296

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/en/10/install/gtdownde.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

 

--

End of file - 12232 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

C:\WINDOWS\tasks\WGASetup.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]

Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-10-15 26112]

"Anti bits phone mail"=C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe []

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-02-05 20480]

"LXDCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 []

"Easy Dock"=C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe [2009-04-03 573440]

"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]

"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-05-27 598016]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [2006-01-19 11776]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"

"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"

"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\WINDOWS\SYSTEM32\lxczcoms.exe"="C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:1200 Series Server"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\SYSTEM32\lxdccoms.exe"="C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:1300 Series Server"

"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Disabled:Device Monitor Appliaction"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener"

"C:\WINDOWS\system32\printer.exe"="C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\spoolvs.exe"="C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

"%windir%\system32\winav.exe"="%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\Documents and Settings\Kaitlyn\Application Data\mcrupdate.exe"="C:\Documents and Settings\Kaitlyn\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\Documents and Settings\Kaitlyn\Application Data\pcpriv.exe"="C:\Documents and Settings\Kaitlyn\Application Data\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\Documents and Settings\Kaitlyn\Application Data\syscleaner.exe"="C:\Documents and Settings\Kaitlyn\Application Data\syscleaner.exe:*:Enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2010-03-04 20:52:31 ----A---- C:\ComboFix.txt

2010-03-04 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-03 08:10:24 ----D---- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org

2010-03-02 07:55:43 ----A---- C:\WINDOWS\system32\proquota.exe

2010-03-02 06:57:37 ----A---- C:\Boot.bak

2010-03-02 06:57:18 ----RASHD---- C:\cmdcons

2010-03-02 06:54:51 ----A---- C:\WINDOWS\zip.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWSC.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWREG.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\sed.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\PEV.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\NIRCMD.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\MBR.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\grep.exe

2010-03-02 06:54:21 ----D---- C:\WINDOWS\ERDNT

2010-03-02 06:53:49 ----D---- C:\Qoobox

2010-02-28 10:33:08 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Search

2010-02-27 22:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop

2010-02-27 22:34:29 ----D---- C:\Program Files\PCPitstop

2010-02-27 22:17:20 ----D---- C:\Program Files\trend micro

2010-02-27 22:17:10 ----D---- C:\rsit

2010-02-27 21:58:34 ----D---- C:\Program Files\TrendMicro

2010-02-27 20:01:48 ----D---- C:\WINDOWS\UltraDefrag

2010-02-27 19:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2010-02-27 19:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$

2010-02-27 19:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2010-02-27 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll

2010-02-27 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$

2010-02-27 18:10:46 ----D---- C:\Program Files\Microsoft Silverlight

2010-02-27 14:51:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$

2010-02-27 14:49:55 ----D---- C:\WINDOWS\system32\windowspowershell

2010-02-27 14:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$

2010-02-27 14:49:45 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search

2010-02-27 14:48:58 ----D---- C:\Program Files\Windows Desktop Search

2010-02-27 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2010-02-27 14:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2010-02-27 14:46:00 ----N---- C:\WINDOWS\system32\spmsg.dll

2010-02-27 14:44:35 ----D---- C:\Program Files\Windows Media Connect 2

2010-02-27 14:43:59 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2010-02-27 14:20:28 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe

2010-02-26 23:26:27 ----D---- C:\Documents and Settings\Patricia\Application Data\Musicmatch

2010-02-26 21:59:13 ----A---- C:\WINDOWS\system32\javaws.exe

2010-02-26 21:59:12 ----A---- C:\WINDOWS\system32\javaw.exe

2010-02-26 21:59:11 ----A---- C:\WINDOWS\system32\java.exe

2010-02-26 21:36:01 ----HD---- C:\WINDOWS\system32\GroupPolicy

2010-02-26 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

2010-02-26 21:11:14 ----D---- C:\Documents and Settings\Patricia\Application Data\Malwarebytes

2010-02-26 20:20:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-02-26 17:35:24 ----D---- C:\Documents and Settings\Patricia\Application Data\Skinux

2010-02-26 17:30:52 ----D---- C:\Documents and Settings\Patricia\Application Data\Teleca

2010-02-25 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-12 03:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-12 03:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-12 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-02-12 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-12 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-12 03:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-11 07:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

 

======List of files/folders modified in the last 1 months======

 

2010-03-04 21:06:50 ----D---- C:\WINDOWS\Temp

2010-03-04 20:52:38 ----D---- C:\WINDOWS\system32\DRIVERS

2010-03-04 20:52:26 ----D---- C:\WINDOWS\Prefetch

2010-03-04 20:40:41 ----D---- C:\WINDOWS

2010-03-04 20:40:28 ----A---- C:\WINDOWS\system.ini

2010-03-04 20:36:29 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt

2010-03-04 20:36:24 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt

2010-03-04 20:36:23 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem #2.txt

2010-03-04 20:36:19 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-04 20:32:50 ----D---- C:\WINDOWS\system32\CONFIG

2010-03-04 20:28:23 ----D---- C:\WINDOWS\SYSTEM32

2010-03-04 20:28:23 ----D---- C:\WINDOWS\AppPatch

2010-03-04 20:28:18 ----D---- C:\Program Files\Common Files

2010-03-04 20:19:13 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-04 20:15:34 ----D---- C:\Program Files

2010-03-04 18:39:44 ----D---- C:\downloads

2010-03-04 18:02:10 ----HD---- C:\WINDOWS\INF

2010-03-02 08:17:27 ----SD---- C:\WINDOWS\Tasks

2010-03-02 07:55:49 ----RSHD---- C:\WINDOWS\system32\DLLCACHE

2010-03-02 06:57:39 ----RASH---- C:\BOOT.INI

2010-03-02 06:54:42 ----D---- C:\Program Files\Lx_cats

2010-02-28 07:22:00 ----SD---- C:\Documents and Settings\Patricia\Application Data\Microsoft

2010-02-27 22:37:54 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-02-27 21:59:10 ----SHD---- C:\WINDOWS\Installer

2010-02-27 19:47:08 ----A---- C:\WINDOWS\imsins.BAK

2010-02-27 19:46:06 ----D---- C:\WINDOWS\system32\CatRoot

2010-02-27 19:02:00 ----D---- C:\Program Files\Windows Media Player

2010-02-27 18:58:32 ----D---- C:\WINDOWS\SECURITY

2010-02-27 18:55:14 ----D---- C:\WINDOWS\Microsoft.NET

2010-02-27 18:54:57 ----RSD---- C:\WINDOWS\ASSEMBLY

2010-02-27 18:49:42 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-27 18:37:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-02-27 18:36:39 ----D---- C:\WINDOWS\WinSxS

2010-02-27 18:28:56 ----D---- C:\Program Files\Zune

2010-02-27 18:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-02-27 18:19:17 ----D---- C:\Program Files\Internet Explorer

2010-02-27 18:19:13 ----D---- C:\WINDOWS\ie8updates

2010-02-27 18:06:42 ----D---- C:\Program Files\Common Files\Microsoft Shared

2010-02-27 18:05:53 ----RSD---- C:\WINDOWS\Fonts

2010-02-27 14:49:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-02-27 14:49:02 ----D---- C:\WINDOWS\system32\en-US

2010-02-27 14:48:57 ----D---- C:\WINDOWS\system32\WBEM

2010-02-27 14:45:05 ----A---- C:\WINDOWS\WIN.INI

2010-02-27 14:44:29 ----D---- C:\WINDOWS\Help

2010-02-27 07:23:05 ----AC---- C:\WINDOWS\ntbtlog.txt

2010-02-27 01:39:12 ----D---- C:\Program Files\FinePixViewer

2010-02-27 01:15:57 ----D---- C:\WINDOWS\Sun

2010-02-26 23:32:11 ----D---- C:\Program Files\Dell

2010-02-26 23:27:57 ----HD---- C:\Program Files\InstallShield Installation Information

2010-02-26 23:18:57 ----D---- C:\temp

2010-02-26 23:09:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2010-02-26 21:56:23 ----D---- C:\Program Files\Java

2010-02-26 21:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$

2010-02-26 17:25:06 ----AC---- C:\WINDOWS\OEWABLog.txt

2010-02-24 10:47:46 ----D---- C:\Program Files\McAfee

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-15 8552]

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]

R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]

R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 catchme;catchme; \??\C:\dab\catchme.sys []

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]

R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]

R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]

R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []

S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-07-02 25728]

S3 mbr;mbr; \??\C:\DOCUME~1\Patricia\LOCALS~1\Temp\mbr.sys []

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]

S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]

S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]

S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]

S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]

R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520]

R2 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-12 537520]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592]

R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]

S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]

S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Hi,

 

How is it running now?

 

 

Please copy and paste the content of the codebox below into notepad and save it as fix.reg to your desktop. Be sure to set Save As to all files.

 

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\winav.exe"=-
"C:\\Documents and Settings\\Kaitlyn\\Application Data\\mcrupdate.exe"=-
"C:\\Documents and Settings\\Kaitlyn\\Application Data\\pcpriv.exe"=-
"C:\\Documents and Settings\\Kaitlyn\\Application Data\\syscleaner.exe"=-

Doubleclick the fix.reg and allow it to merge the info to the registry.

 

 

 

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

 

 

Please post back with a fresh RSIT logfile.

Edited by schrauber

Share this post


Link to post
Share on other sites

the search engine redirects have been negated. the computer feels faster once a program has been loaded. It still seem slow during the loading and the start up process. FYI this could be because the hard drive is almost full and the page file is spread over 381 fragements. I have tried to defrag the hard drive to no avail.

 

--dave

 

Here is the esetscan log file:

 

==start of esetscan log===

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\5\58ba5ec5-286904c7 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\5\58ba5ec5-526daf8b Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\54\390e62b6-1407550b Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\54\390e62b6-350f3756 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\6.0\9\9c58f09-6284c850 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-2dfb3e1f-2032876d.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-2dfb3e1f-638c6f88.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-2dfb3e1f-6aebf6ed.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-2dfb3e1f-6ef1355b.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-3677b51f-33688f72.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Kaitlyn\Shared\Dave Koz - Together again - 4_14.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

C:\Documents and Settings\Kaitlyn\Shared\umbrella taylor swift pre-release version.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\40\42123aa8-42c70422 OSX/Exploit.Smid.B trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\40\42123aa8-45ad8b05 OSX/Exploit.Smid.B trojan deleted - quarantined

C:\Program Files\Common Files\mrfw\mrfwd\vocabulary Win32/TrojanDownloader.TSUpdate.J trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\amdeaous.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atenmxtn.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\bqusyvti.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cfhkj.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cfhkj.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cfhkj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ehopwynw.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fjvrtjaj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fuhurmwu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fvyslbxs.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gbiogrvm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ggjlm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ggjlm.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ggjlm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gjkmp.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gjkmp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hbmclphw.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hgjlm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hgjlm.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hgjlm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iaewdibs.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iiuugilc.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iowafbqe.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipolghok.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ismvlniy.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\itfwmqjo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\jaasifsu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kkuamydr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kldyaxom.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kngpxgul.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kuyophhh.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\leddqqjx.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\lyyhvvrs.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mpqss.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mpqss.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mpqss.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mvaqwair.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nnwtmebi.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\okecclhd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ovlkdilx.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\owexvogn.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\qqstv.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\qqstv.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sstanesi.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\suqwdiev.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\thavcdwo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ufmxxrvy.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\uuuqbcxi.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vcwqfkcp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wvpbsijq.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xvqdgapg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yxkuddop.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0250999.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251000.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251002.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251003.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251004.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251005.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251006.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251007.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251008.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251009.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251010.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251011.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251012.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251013.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251014.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251015.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251016.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251017.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251018.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251019.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251020.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251021.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251022.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251023.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251024.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251025.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251026.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251027.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251028.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251029.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251030.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251031.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251032.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251033.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251034.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251035.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251036.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251037.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251038.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251039.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251040.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251041.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1908\A0251042.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\SYSTEM32\qdiagdwc.ocx probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined

==end of esetscan log file==

==start of rsit log file==

Logfile of random's system information tool 1.06 (written by random/random)

Run by Patricia at 2010-03-05 19:11:35

Microsoft Windows XP Professional Service Pack 3

System drive C: has 6 GB (17%) free of 35 GB

Total RAM: 510 MB (31% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:11:49 PM, on 3/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxczcoms.exe

C:\WINDOWS\system32\lxdccoms.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\Program Files\Zune\ZuneLauncher.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\downloads\RSIT.exe

C:\Program Files\trend micro\Patricia.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"

O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1267302751296

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/en/10/install/gtdownde.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

 

--

End of file - 12385 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

C:\WINDOWS\tasks\WGASetup.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]

Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-10-15 26112]

"Anti bits phone mail"=C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe []

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-02-05 20480]

"LXDCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 []

"Easy Dock"=C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe [2009-04-03 573440]

"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]

"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-05-27 598016]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [2006-01-19 11776]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"

"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"

"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\WINDOWS\SYSTEM32\lxczcoms.exe"="C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:1200 Series Server"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\SYSTEM32\lxdccoms.exe"="C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:1300 Series Server"

"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Disabled:Device Monitor Appliaction"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener"

"C:\WINDOWS\system32\printer.exe"="C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\spoolvs.exe"="C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2010-03-05 17:23:21 ----D---- C:\Program Files\ESET

2010-03-05 06:33:52 ----SHD---- C:\RECYCLER

2010-03-04 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-03 08:10:24 ----D---- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org

2010-03-02 07:55:43 ----A---- C:\WINDOWS\system32\proquota.exe

2010-03-02 06:57:37 ----A---- C:\Boot.bak

2010-03-02 06:57:18 ----RASHD---- C:\cmdcons

2010-03-02 06:54:51 ----A---- C:\WINDOWS\zip.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWSC.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWREG.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\sed.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\PEV.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\NIRCMD.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\MBR.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\grep.exe

2010-03-02 06:54:21 ----D---- C:\WINDOWS\ERDNT

2010-03-02 06:53:49 ----D---- C:\Qoobox

2010-02-28 10:33:08 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Search

2010-02-27 22:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop

2010-02-27 22:34:29 ----D---- C:\Program Files\PCPitstop

2010-02-27 22:17:20 ----D---- C:\Program Files\trend micro

2010-02-27 22:17:10 ----D---- C:\rsit

2010-02-27 21:58:34 ----D---- C:\Program Files\TrendMicro

2010-02-27 19:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2010-02-27 19:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$

2010-02-27 19:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2010-02-27 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll

2010-02-27 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$

2010-02-27 18:10:46 ----D---- C:\Program Files\Microsoft Silverlight

2010-02-27 14:51:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$

2010-02-27 14:49:55 ----D---- C:\WINDOWS\system32\windowspowershell

2010-02-27 14:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$

2010-02-27 14:49:45 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search

2010-02-27 14:48:58 ----D---- C:\Program Files\Windows Desktop Search

2010-02-27 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2010-02-27 14:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2010-02-27 14:46:00 ----N---- C:\WINDOWS\system32\spmsg.dll

2010-02-27 14:44:35 ----D---- C:\Program Files\Windows Media Connect 2

2010-02-27 14:43:59 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2010-02-27 14:20:28 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe

2010-02-26 23:26:27 ----D---- C:\Documents and Settings\Patricia\Application Data\Musicmatch

2010-02-26 21:59:13 ----A---- C:\WINDOWS\system32\javaws.exe

2010-02-26 21:59:12 ----A---- C:\WINDOWS\system32\javaw.exe

2010-02-26 21:59:11 ----A---- C:\WINDOWS\system32\java.exe

2010-02-26 21:36:01 ----HD---- C:\WINDOWS\system32\GroupPolicy

2010-02-26 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

2010-02-26 21:11:14 ----D---- C:\Documents and Settings\Patricia\Application Data\Malwarebytes

2010-02-26 20:20:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-02-26 17:35:24 ----D---- C:\Documents and Settings\Patricia\Application Data\Skinux

2010-02-26 17:30:52 ----D---- C:\Documents and Settings\Patricia\Application Data\Teleca

2010-02-25 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-12 03:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-12 03:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-12 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-02-12 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-12 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-12 03:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-11 07:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

 

======List of files/folders modified in the last 1 months======

 

2010-03-05 19:11:40 ----D---- C:\WINDOWS\Prefetch

2010-03-05 19:10:48 ----D---- C:\downloads

2010-03-05 19:05:17 ----D---- C:\WINDOWS\SYSTEM32

2010-03-05 18:47:30 ----D---- C:\WINDOWS\Temp

2010-03-05 17:23:37 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-03-05 17:23:21 ----D---- C:\Program Files

2010-03-05 17:12:20 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt

2010-03-05 17:12:03 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt

2010-03-05 17:12:02 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem #2.txt

2010-03-05 17:11:21 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-05 17:11:11 ----D---- C:\WINDOWS

2010-03-05 07:15:12 ----AC---- C:\WINDOWS\ntbtlog.txt

2010-03-05 07:13:49 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-04 20:52:38 ----D---- C:\WINDOWS\system32\DRIVERS

2010-03-04 20:40:28 ----A---- C:\WINDOWS\system.ini

2010-03-04 20:32:50 ----D---- C:\WINDOWS\system32\CONFIG

2010-03-04 20:28:23 ----D---- C:\WINDOWS\AppPatch

2010-03-04 20:28:18 ----D---- C:\Program Files\Common Files

2010-03-04 18:02:10 ----HD---- C:\WINDOWS\INF

2010-03-02 08:17:27 ----SD---- C:\WINDOWS\Tasks

2010-03-02 07:55:49 ----RSHD---- C:\WINDOWS\system32\DLLCACHE

2010-03-02 06:57:39 ----RASH---- C:\BOOT.INI

2010-03-02 06:54:42 ----D---- C:\Program Files\Lx_cats

2010-02-28 07:22:00 ----SD---- C:\Documents and Settings\Patricia\Application Data\Microsoft

2010-02-27 21:59:10 ----SHD---- C:\WINDOWS\Installer

2010-02-27 19:47:08 ----A---- C:\WINDOWS\imsins.BAK

2010-02-27 19:46:06 ----D---- C:\WINDOWS\system32\CatRoot

2010-02-27 19:02:00 ----D---- C:\Program Files\Windows Media Player

2010-02-27 18:58:32 ----D---- C:\WINDOWS\SECURITY

2010-02-27 18:55:14 ----D---- C:\WINDOWS\Microsoft.NET

2010-02-27 18:54:57 ----RSD---- C:\WINDOWS\ASSEMBLY

2010-02-27 18:49:42 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-27 18:37:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-02-27 18:36:39 ----D---- C:\WINDOWS\WinSxS

2010-02-27 18:28:56 ----D---- C:\Program Files\Zune

2010-02-27 18:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-02-27 18:19:17 ----D---- C:\Program Files\Internet Explorer

2010-02-27 18:19:13 ----D---- C:\WINDOWS\ie8updates

2010-02-27 18:06:42 ----D---- C:\Program Files\Common Files\Microsoft Shared

2010-02-27 18:05:53 ----RSD---- C:\WINDOWS\Fonts

2010-02-27 14:49:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-02-27 14:49:02 ----D---- C:\WINDOWS\system32\en-US

2010-02-27 14:48:57 ----D---- C:\WINDOWS\system32\WBEM

2010-02-27 14:45:05 ----A---- C:\WINDOWS\WIN.INI

2010-02-27 14:44:29 ----D---- C:\WINDOWS\Help

2010-02-27 01:39:12 ----D---- C:\Program Files\FinePixViewer

2010-02-27 01:15:57 ----D---- C:\WINDOWS\Sun

2010-02-26 23:32:11 ----D---- C:\Program Files\Dell

2010-02-26 23:27:57 ----HD---- C:\Program Files\InstallShield Installation Information

2010-02-26 23:18:57 ----D---- C:\temp

2010-02-26 23:09:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2010-02-26 21:56:23 ----D---- C:\Program Files\Java

2010-02-26 21:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$

2010-02-26 17:25:06 ----AC---- C:\WINDOWS\OEWABLog.txt

2010-02-24 10:47:46 ----D---- C:\Program Files\McAfee

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-15 8552]

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]

R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]

R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Microsoft HID Class Driv

Share this post


Link to post
Share on other sites

here is the remainder of the rsit log file.

 

--dave

 

==continuation===

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 catchme;catchme; \??\C:\dab\catchme.sys []

S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []

S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-07-02 25728]

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]

S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]

S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]

S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]

S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]

R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520]

R2 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-12 537520]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592]

R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]

S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]

S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

==end of rsit log file.

Share this post


Link to post
Share on other sites

Hi,

 

Please copy and paste the content of the codebox below into notepad and save it as fix.reg to your desktop. Be sure to set Save as to all files.

 

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32"=-

Doubleclick on fix.reg and allow it to merge the info to the registry.

 

 

 

 

 

 

 

Download and Run StartupLite

 

This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.

  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of unecessary startup entries will be compiled.
  • Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
  • Leave all the items as Disabled and click Continue.
  • Restart your computer once it's done.
Please download TFC by Old Timer and save it to your desktop.

alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

 

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

 

 

 

 

 

Please post back with a fresh RSIT logfile and tell me how your system is running.

Edited by schrauber

Share this post


Link to post
Share on other sites

During the reboot process, two of the three times a window for the shelliconhiddenwindow popped up asking to be shut down.

 

The window defragger will only get to approx 25% complete. it stopw and states that some files can not be defragged. I manually defrag the one listed in the log file with systeminternals contig to no avail.

 

The computer still takes a while to be ready after activating a user. Once started, the programs seem to operate with reasonalbe response time.

 

Thanks,

 

--dave

 

the rsit log file you requested.

 

==start===

Logfile of random's system information tool 1.06 (written by random/random)

Run by Patricia at 2010-03-07 00:14:16

Microsoft Windows XP Professional Service Pack 3

System drive C: has 7 GB (21%) free of 35 GB

Total RAM: 510 MB (26% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:14:21 AM, on 3/7/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxczcoms.exe

C:\WINDOWS\system32\lxdccoms.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\SYSTEM32\cmd.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\downloads\RSIT.exe

C:\Program Files\trend micro\Patricia.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"

O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1267302751296

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/en/10/install/gtdownde.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

 

--

End of file - 11625 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

C:\WINDOWS\tasks\WGASetup.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]

Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

"Anti bits phone mail"=C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe []

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-02-05 20480]

"LXDCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 []

"Easy Dock"=C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe [2009-04-03 573440]

"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]

"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-05-27 598016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"

"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\WINDOWS\SYSTEM32\lxczcoms.exe"="C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:1200 Series Server"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\SYSTEM32\lxdccoms.exe"="C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:1300 Series Server"

"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Disabled:Device Monitor Appliaction"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener"

"C:\WINDOWS\system32\printer.exe"="C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\spoolvs.exe"="C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2010-03-06 21:35:19 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt

2010-03-05 17:23:21 ----D---- C:\Program Files\ESET

2010-03-05 06:33:52 ----SHD---- C:\RECYCLER

2010-03-04 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-03 08:10:24 ----D---- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org

2010-03-02 07:55:43 ----A---- C:\WINDOWS\system32\proquota.exe

2010-03-02 06:57:37 ----A---- C:\Boot.bak

2010-03-02 06:57:18 ----RASHD---- C:\cmdcons

2010-03-02 06:54:51 ----A---- C:\WINDOWS\zip.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWSC.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWREG.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\sed.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\PEV.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\NIRCMD.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\MBR.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\grep.exe

2010-03-02 06:54:21 ----D---- C:\WINDOWS\ERDNT

2010-03-02 06:53:49 ----D---- C:\Qoobox

2010-02-28 10:33:08 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Search

2010-02-27 22:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop

2010-02-27 22:34:29 ----D---- C:\Program Files\PCPitstop

2010-02-27 22:17:20 ----D---- C:\Program Files\trend micro

2010-02-27 22:17:10 ----D---- C:\rsit

2010-02-27 21:58:34 ----D---- C:\Program Files\TrendMicro

2010-02-27 19:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2010-02-27 19:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$

2010-02-27 19:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2010-02-27 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll

2010-02-27 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$

2010-02-27 18:10:46 ----D---- C:\Program Files\Microsoft Silverlight

2010-02-27 14:51:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$

2010-02-27 14:49:55 ----D---- C:\WINDOWS\system32\windowspowershell

2010-02-27 14:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$

2010-02-27 14:49:45 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search

2010-02-27 14:48:58 ----D---- C:\Program Files\Windows Desktop Search

2010-02-27 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2010-02-27 14:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2010-02-27 14:46:00 ----N---- C:\WINDOWS\system32\spmsg.dll

2010-02-27 14:44:35 ----D---- C:\Program Files\Windows Media Connect 2

2010-02-27 14:43:59 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2010-02-27 14:20:28 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe

2010-02-26 23:26:27 ----D---- C:\Documents and Settings\Patricia\Application Data\Musicmatch

2010-02-26 21:59:13 ----A---- C:\WINDOWS\system32\javaws.exe

2010-02-26 21:59:12 ----A---- C:\WINDOWS\system32\javaw.exe

2010-02-26 21:59:11 ----A---- C:\WINDOWS\system32\java.exe

2010-02-26 21:36:01 ----HD---- C:\WINDOWS\system32\GroupPolicy

2010-02-26 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

2010-02-26 21:11:14 ----D---- C:\Documents and Settings\Patricia\Application Data\Malwarebytes

2010-02-26 20:20:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-02-26 17:35:24 ----D---- C:\Documents and Settings\Patricia\Application Data\Skinux

2010-02-26 17:30:52 ----D---- C:\Documents and Settings\Patricia\Application Data\Teleca

2010-02-25 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-12 03:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-12 03:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-12 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-02-12 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-12 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-12 03:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-11 07:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

 

======List of files/folders modified in the last 1 months======

 

2010-03-07 00:13:02 ----D---- C:\downloads

2010-03-07 00:07:05 ----D---- C:\WINDOWS\Temp

2010-03-06 21:57:43 ----D---- C:\WINDOWS\Prefetch

2010-03-06 21:52:02 ----D---- C:\WINDOWS

2010-03-06 21:50:33 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt

2010-03-06 21:50:27 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt

2010-03-06 21:50:26 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem #2.txt

2010-03-06 21:50:14 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-06 21:48:58 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-06 21:38:19 ----D---- C:\WINDOWS\SYSTEM32

2010-03-06 01:03:38 ----D---- C:\WINDOWS\system32\DRIVERS

2010-03-05 22:39:34 ----AC---- C:\WINDOWS\ntbtlog.txt

2010-03-05 19:50:35 ----D---- C:\WINDOWS\Debug

2010-03-05 19:50:35 ----D---- C:\Program Files\LimeWire

2010-03-05 19:46:29 ----D---- C:\WINDOWS\system32\BWKDLogs

2010-03-05 19:45:38 ----D---- C:\WINDOWS\system32\MsDtc

2010-03-05 19:43:12 ----D---- C:\I386

2010-03-05 17:23:37 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-03-05 17:23:21 ----D---- C:\Program Files

2010-03-04 20:40:28 ----A---- C:\WINDOWS\system.ini

2010-03-04 20:32:50 ----D---- C:\WINDOWS\system32\CONFIG

2010-03-04 20:28:23 ----D---- C:\WINDOWS\AppPatch

2010-03-04 20:28:18 ----D---- C:\Program Files\Common Files

2010-03-04 18:02:10 ----HD---- C:\WINDOWS\INF

2010-03-02 08:17:27 ----SD---- C:\WINDOWS\Tasks

2010-03-02 07:55:49 ----RSHD---- C:\WINDOWS\system32\DLLCACHE

2010-03-02 06:57:39 ----RASH---- C:\BOOT.INI

2010-03-02 06:54:42 ----D---- C:\Program Files\Lx_cats

2010-02-28 07:22:00 ----SD---- C:\Documents and Settings\Patricia\Application Data\Microsoft

2010-02-27 21:59:10 ----SHD---- C:\WINDOWS\Installer

2010-02-27 19:47:08 ----A---- C:\WINDOWS\imsins.BAK

2010-02-27 19:46:06 ----D---- C:\WINDOWS\system32\CatRoot

2010-02-27 19:02:00 ----D---- C:\Program Files\Windows Media Player

2010-02-27 18:58:32 ----D---- C:\WINDOWS\SECURITY

2010-02-27 18:55:14 ----D---- C:\WINDOWS\Microsoft.NET

2010-02-27 18:54:57 ----RSD---- C:\WINDOWS\ASSEMBLY

2010-02-27 18:49:42 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-27 18:37:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-02-27 18:36:39 ----D---- C:\WINDOWS\WinSxS

2010-02-27 18:28:56 ----D---- C:\Program Files\Zune

2010-02-27 18:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-02-27 18:19:17 ----D---- C:\Program Files\Internet Explorer

2010-02-27 18:19:13 ----D---- C:\WINDOWS\ie8updates

2010-02-27 18:06:42 ----D---- C:\Program Files\Common Files\Microsoft Shared

2010-02-27 18:05:53 ----RSD---- C:\WINDOWS\Fonts

2010-02-27 14:49:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-02-27 14:49:02 ----D---- C:\WINDOWS\system32\en-US

2010-02-27 14:48:57 ----D---- C:\WINDOWS\system32\WBEM

2010-02-27 14:45:05 ----A---- C:\WINDOWS\WIN.INI

2010-02-27 14:44:29 ----D---- C:\WINDOWS\Help

2010-02-27 01:39:12 ----D---- C:\Program Files\FinePixViewer

2010-02-27 01:15:57 ----D---- C:\WINDOWS\Sun

2010-02-26 23:32:11 ----D---- C:\Program Files\Dell

2010-02-26 23:27:57 ----HD---- C:\Program Files\InstallShield Installation Information

2010-02-26 23:18:57 ----D---- C:\temp

2010-02-26 23:09:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2010-02-26 21:56:23 ----D---- C:\Program Files\Java

2010-02-26 21:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$

2010-02-26 17:25:06 ----AC---- C:\WINDOWS\OEWABLog.txt

2010-02-24 10:47:46 ----D---- C:\Program Files\McAfee

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-15 8552]

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]

R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]

R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]

R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]

R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]

R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 catchme;catchme; \??\C:\dab\catchme.sys []

S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []

S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-07-02 25728]

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]

S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]

S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]

S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]

S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]

R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520]

R2 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-12 537520]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592]

R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]

S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]

S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

==end==

Share this post


Link to post
Share on other sites

Hi,

 

Download Lop S&D by Eric_71 and save it to your desktop.

Lop S&D will only run on Windows XP and Windows Vista

 

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.

To see how to disable security programs visit this tutorial:

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Double-click LopSD.exe

    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Share this post


Link to post
Share on other sites

Here is the lop s&d log file

 

--dave

 

==start==

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A01

USER : Patricia ( Administrator )

BOOT : Normal boot

Antivirus : McAfee VirusScan (Not Activated)

Firewall : McAfee Personal Firewall (Not Activated)

C:\ (Local Disk) - NTFS - Total:33 Go (Free:6 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( Sun 03/07/2010|10:54 )

 

--------------------\\ Listing folders in APPLIC~1

 

[10/15/2004|02:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities

[10/15/2004|02:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Jasc Software Inc

[03/05/2010|10:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[10/15/2004|02:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sonic

[10/15/2004|02:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

 

[01/05/2009|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[07/26/2007|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe

[12/30/2009|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL

[07/08/2007|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads

[07/08/2007|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP

[07/08/2007|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple

[12/25/2006|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer

[12/30/2009|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software

[10/15/2004|02:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink

[02/28/2008|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell

[02/26/2010|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google

[02/16/2008|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek

[12/17/2009|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HTC

[06/05/2009|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak

[02/26/2010|08:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes

[12/01/2009|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee

[02/16/2008|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com

[10/21/2005|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> meowamokantibits

[02/27/2010|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[06/22/2008|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Musicnotes

[03/07/2010|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS

[02/28/2010|07:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PCPitstop

[10/15/2004|02:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime

[10/15/2004|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI

[10/04/2009|04:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor

[02/16/2008|02:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft

[12/17/2009|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Teleca

[12/30/2009|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint

[06/08/2006|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

 

[01/10/2007|04:33] C:\DOCUME~1\APPLIC~1\APPLIC~1\<DIR> Microsoft

 

[10/15/2004|02:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities

[10/15/2004|02:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Jasc Software Inc

[10/15/2004|02:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[10/15/2004|02:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sonic

[10/15/2004|02:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

 

[04/13/2006|06:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Adobe

[10/04/2009|12:38] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> AdobeUM

[12/05/2004|05:43] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Aim

[11/24/2004|10:24] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> AOL

[06/26/2005|11:03] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> CyberLink

[04/12/2006|06:55] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> FilmLoop

[02/27/2010|01:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> FUJIFILM

[02/16/2008|08:34] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Google

[02/16/2008|08:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Gtek

[03/05/2010|10:29] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Help

[10/15/2004|02:00] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Identities

[12/19/2005|10:30] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> iMesh

[10/15/2004|02:28] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Jasc Software Inc

[11/04/2004|07:14] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Macromedia

[02/26/2010|08:20] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Malwarebytes

[11/04/2004|07:07] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> McAfee.com Personal Firewall

[10/22/2005|12:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> memo gpl move

[02/27/2010|01:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Microsoft

[02/16/2008|08:31] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> MySpace

[10/21/2005|10:08] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Show Fast Debug

[10/04/2009|12:44] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Skinux

[08/01/2005|11:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sonic

[10/15/2004|02:22] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sun

 

[11/30/2009|06:20] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Adobe

[07/26/2007|06:31] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> AdobeAUM

[12/21/2004|08:51] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> AdobeUM

[08/23/2009|06:18] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Aim

[11/07/2004|11:58] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> AOL

[06/22/2006|08:35] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Apple Computer

[02/20/2007|08:51] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Corel

[02/07/2005|12:09] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> CyberLink

[02/21/2010|10:31] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Facebook

[12/26/2009|12:32] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> FUJIFILM

[06/23/2007|02:08] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Google

[02/16/2008|03:05] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Gtek

[05/14/2005|11:58] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Help

[10/15/2004|02:00] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Identities

[01/27/2008|05:44] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> iMesh

[12/26/2009|11:25] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> InstallShield

[08/19/2005|08:38] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Jasc

[10/15/2004|02:28] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Jasc Software Inc

[06/24/2009|07:10] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> KodakCredentialStore

[04/04/2005|07:06] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Leadertech

[03/02/2009|08:23] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Lexmark Imaging Studio

[03/04/2010|06:06] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> LimeWire

[03/05/2006|08:13] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Macromedia

[01/08/2005|10:07] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> McAfee.com

[10/20/2004|04:41] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> McAfee.com Personal Firewall

[10/22/2005|03:15] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> memo gpl move

[12/30/2009|12:59] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Microsoft

[12/30/2009|12:52] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Mozilla

[07/18/2009|09:23] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Musicmatch

[01/05/2007|11:51] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> MySpace

[05/14/2009|07:02] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> OpenOffice.org

[10/22/2005|03:15] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Show Fast Debug

[02/16/2008|01:54] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> SiteAdvisor

[06/05/2009|05:50] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Skinux

[04/04/2005|07:07] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Sonic

[10/15/2004|02:22] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Sun

[12/17/2009|05:54] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Teleca

[03/04/2010|06:23] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> uTorrent

[03/09/2007|07:39] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Viewpoint

[12/31/2008|08:47] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> WeatherBug

[03/04/2010|06:04] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Windows Desktop Search

[03/22/2009|07:17] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Yahoo!

[10/15/2005|09:54] C:\DOCUME~1\Kaitlyn\APPLIC~1\<DIR> Yahoo! Messenger

 

[02/28/2010|11:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe

[08/24/2007|02:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google

[08/30/2006|04:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> GTek

[02/03/2005|04:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia

[12/06/2009|01:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee

[10/20/2004|04:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall

[02/27/2010|02:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[12/05/2009|06:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore

[10/21/2005|10:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Show Fast Debug

[02/28/2010|08:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Sun

 

[02/25/2010|11:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe

[02/22/2010|07:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia

[09/20/2009|11:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[02/24/2010|10:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Sun

 

[03/07/2010|12:59] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Adobe

[10/26/2004|04:59] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> AdobeUM

[12/07/2004|06:07] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Aim

[09/08/2005|06:48] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> AOL

[03/07/2010|12:51] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Apple Computer

[09/08/2005|05:36] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Corel

[04/29/2006|08:42] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> FilmLoop

[02/17/2008|03:17] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Google

[07/06/2008|10:01] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Gtek

[12/28/2004|08:10] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Help

[10/15/2004|02:00] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Identities

[10/15/2004|02:28] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Jasc Software Inc

[10/26/2004|05:36] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Leadertech

[10/26/2004|06:12] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Macromedia

[02/26/2010|09:11] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Malwarebytes

[01/04/2005|05:01] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> McAfee.com

[10/23/2004|09:01] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> McAfee.com Personal Firewall

[02/28/2010|07:22] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Microsoft

[02/26/2010|11:26] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Musicmatch

[02/17/2008|03:08] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> MySpace

[03/03/2010|08:10] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> OpenOffice.org

[02/26/2010|05:35] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Skinux

[10/15/2004|02:28] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Sonic

[10/15/2004|02:22] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Sun

[02/26/2010|05:30] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Teleca

[02/27/2010|02:49] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Windows Desktop Search

[02/28/2010|10:33] C:\DOCUME~1\Patricia\APPLIC~1\<DIR> Windows Search

 

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

 

[03/07/2010 12:55 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[02/15/2010 01:00 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job

[03/01/2010 01:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job

[03/07/2010 10:09 AM][--a------] C:\WINDOWS\tasks\WGASetup.job

[03/07/2010 10:09 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT

[08/04/2004 04:00 AM][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

 

--------------------\\ Listing Folders in C:\Program Files

 

[01/29/2007|06:21] C:\Program Files\<DIR> ABBYY FineReader 6.0

[12/30/2009|08:14] C:\Program Files\<DIR> Adobe

[08/21/2005|04:58] C:\Program Files\<DIR> AOD

[03/07/2010|12:55] C:\Program Files\<DIR> Apple Software Update

[11/14/2004|07:00] C:\Program Files\<DIR> AWS

[06/18/2005|07:07] C:\Program Files\<DIR> C2Media

[09/29/2009|04:00] C:\Program Files\<DIR> Citrix

[03/04/2010|08:28] C:\Program Files\<DIR> Common Files

[10/15/2004|02:01] C:\Program Files\<DIR> ComPlus Applications

[12/30/2009|01:02] C:\Program Files\<DIR> CyberLink

[11/02/2004|05:47] C:\Program Files\<DIR> DATA BECKER

[02/26/2010|11:32] C:\Program Files\<DIR> Dell

[02/16/2008|02:29] C:\Program Files\<DIR> Dell Support Center

[04/13/2007|06:42] C:\Program Files\<DIR> DellSupport

[01/13/2007|12:28] C:\Program Files\<DIR> DIFX

[04/29/2005|11:09] C:\Program Files\<DIR> directx

[03/05/2010|05:23] C:\Program Files\<DIR> ESET

[01/29/2007|06:20] C:\Program Files\<DIR> FaxTools

[02/27/2010|01:39] C:\Program Files\<DIR> FinePixViewer

[12/17/2009|05:38] C:\Program Files\<DIR> HTC

[01/05/2009|07:53] C:\Program Files\<DIR> iMesh

[12/16/2005|01:11] C:\Program Files\<DIR> iMesh Applications

[02/26/2010|11:27] C:\Program Files\<DIR> InstallShield Installation Information

[10/15/2004|02:23] C:\Program Files\<DIR> Intel

[02/27/2010|06:19] C:\Program Files\<DIR> Internet Explorer

[01/05/2009|07:00] C:\Program Files\<DIR> iPod

[01/05/2009|07:01] C:\Program Files\<DIR> iTunes

[12/30/2009|08:20] C:\Program Files\<DIR> Jasc Software Inc

[02/26/2010|09:56] C:\Program Files\<DIR> Java

[05/14/2009|06:45] C:\Program Files\<DIR> JRE

[08/08/2009|02:04] C:\Program Files\<DIR> Kodak

[06/08/2006|05:52] C:\Program Files\<DIR> KWCX

[03/02/2009|08:20] C:\Program Files\<DIR> Lexmark 1300 Series

[03/02/2009|08:22] C:\Program Files\<DIR> Lexmark Toolbar

[03/05/2010|07:50] C:\Program Files\<DIR> LimeWire

[03/02/2010|06:54] C:\Program Files\<DIR> Lx_cats

[03/04/2010|08:15] C:\Program Files\<DIR> Malwarebytes' Anti-Malware

[02/24/2010|10:47] C:\Program Files\<DIR> McAfee

[06/26/2005|09:00] C:\Program Files\<DIR> McAfee AntiSpyware 1.00 Install

[10/04/2009|04:19] C:\Program Files\<DIR> McAfee.com

[01/20/2009|03:07] C:\Program Files\<DIR> Messenger

[09/26/2008|03:02] C:\Program Files\<DIR> Messenger Plus! 3

[10/15/2004|02:01] C:\Program Files\<DIR> microsoft frontpage

[02/27/2010|06:18] C:\Program Files\<DIR> Microsoft Silverlight

[10/15/2004|02:23] C:\Program Files\<DIR> Modem Helper

[01/19/2009|09:46] C:\Program Files\<DIR> Movie Maker

[08/19/2009|08:17] C:\Program Files\<DIR> Mozilla Firefox

[08/08/2009|02:20] C:\Program Files\<DIR> MSBuild

[06/07/2005|12:58] C:\Program Files\<DIR> MSN

[10/15/2004|02:01] C:\Program Files\<DIR> MSN Gaming Zone

[11/16/2006|03:01] C:\Program Files\<DIR> MSXML 4.0

[08/15/2007|02:05] C:\Program Files\<DIR> MSXML 6.0

[07/18/2009|09:23] C:\Program Files\<DIR> MUSICMATCH

[09/25/2005|08:34] C:\Program Files\<DIR> My Love

[12/30/2009|12:36] C:\Program Files\<DIR> MySpace

[04/29/2005|11:09] C:\Program Files\<DIR> Nancy Drew

[01/19/2009|09:40] C:\Program Files\<DIR> NetMeeting

[10/15/2004|02:01] C:\Program Files\<DIR> Online Services

[05/14/2009|06:44] C:\Program Files\<DIR> OpenOffice.org 3

[08/12/2009|02:06] C:\Program Files\<DIR> Outlook Express

[02/28/2010|07:20] C:\Program Files\<DIR> PCPitstop

[02/23/2009|10:08] C:\Program Files\<DIR> PokerStars

[03/07/2010|01:04] C:\Program Files\<DIR> QuickTime

[12/30/2009|12:59] C:\Program Files\<DIR> Real

[08/08/2009|02:19] C:\Program Files\<DIR> Reference Assemblies

[10/12/2005|07:01] C:\Program Files\<DIR> Show Fast Debug

[02/16/2008|01:54] C:\Program Files\<DIR> SiteAdvisor

[10/15/2004|02:25] C:\Program Files\<DIR> Sonic

[03/07/2010|12:14] C:\Program Files\<DIR> trend micro

[02/27/2010|09:58] C:\Program Files\<DIR> TrendMicro

[11/02/2004|05:46] C:\Program Files\<DIR> Uninstall Information

[12/24/2009|02:34] C:\Program Files\<DIR> uTorrent

[12/30/2009|08:28] C:\Program Files\<DIR> Viewpoint

[02/16/2008|03:05] C:\Program Files\<DIR> WebCyberCoach

[12/30/2009|12:57] C:\Program Files\<DIR> WildTangent

[02/27/2010|08:13] C:\Program Files\<DIR> Windows Desktop Search

[02/27/2010|02:44] C:\Program Files\<DIR> Windows Media Connect 2

[02/27/2010|07:02] C:\Program Files\<DIR> Windows Media Player

[01/19/2009|09:39] C:\Program Files\<DIR> Windows NT

[10/15/2004|02:01] C:\Program Files\<DIR> WindowsUpdate

[10/15/2004|02:32] C:\Program Files\<DIR> WordPerfect Office 12

[10/15/2004|02:01] C:\Program Files\<DIR> XEROX

[12/30/2009|08:29] C:\Program Files\<DIR> Yahoo!

[02/27/2010|06:28] C:\Program Files\<DIR> Zune

 

--------------------\\ Listing Folders in C:\Program Files\Common Files

 

[12/30/2009|12:44] C:\Program Files\Common Files\<DIR> Adobe

[12/30/2009|12:30] C:\Program Files\Common Files\<DIR> AOL

[03/07/2010|12:56] C:\Program Files\Common Files\<DIR> Apple

[10/15/2004|02:32] C:\Program Files\Common Files\<DIR> Borland Shared

[01/13/2007|12:28] C:\Program Files\Common Files\<DIR> ComponentOne

[10/15/2004|02:32] C:\Program Files\Common Files\<DIR> Corel

[06/08/2006|05:50] C:\Program Files\Common Files\<DIR> InstallShield

[10/15/2004|02:22] C:\Program Files\Common Files\<DIR> Java

[06/05/2009|04:34] C:\Program Files\Common Files\<DIR> Kodak

[10/04/2009|04:19] C:\Program Files\Common Files\<DIR> McAfee

[02/27/2010|06:06] C:\Program Files\Common Files\<DIR> Microsoft Shared

[01/04/2008|03:49] C:\Program Files\Common Files\<DIR> mrfw

[10/15/2004|02:00] C:\Program Files\Common Files\<DIR> MSSoap

[01/16/2005|10:01] C:\Program Files\Common Files\<DIR> NSV

[10/15/2004|02:26] C:\Program Files\Common Files\<DIR> Nullsoft

[10/15/2004|02:00] C:\Program Files\Common Files\<DIR> ODBC

[10/15/2004|02:26] C:\Program Files\Common Files\<DIR> Real

[10/15/2004|02:00] C:\Program Files\Common Files\<DIR> Services

[10/15/2004|02:25] C:\Program Files\Common Files\<DIR> Sonic

[10/15/2004|02:00] C:\Program Files\Common Files\<DIR> SpeechEngines

[02/16/2008|02:28] C:\Program Files\Common Files\<DIR> supportsoft

[01/19/2009|09:39] C:\Program Files\Common Files\<DIR> System

[12/17/2009|05:40] C:\Program Files\Common Files\<DIR> Teleca Shared

[12/26/2009|12:26] C:\Program Files\Common Files\<DIR> Windows Live

[08/31/2008|03:43] C:\Program Files\Common Files\<DIR> WinFixer 2005

[07/05/2007|08:09] C:\Program Files\Common Files\<DIR> YGP

 

--------------------\\ Process

 

( 66 Processes )

 

iexplore.exe ~ [PID:4276]

iexplore.exe ~ [PID:2060]

 

--------------------\\ Searching with S_Lop

 

No Lop folder found !

 

--------------------\\ Searching for Lop Files - Folders

 

C:\Program Files\C2Media

C:\DOCUME~1\Patricia\Cookies\patricia@advertising[2].txt

 

--------------------\\ Searching within the Registry

 

..... OK !

 

--------------------\\ Checking the Hosts file

 

Hosts file CLEAN

 

 

--------------------\\ Searching for hidden files with Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-07 10:55:40

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Searching for other infections

 

 

No other infections found !

 

[F:14][D:2]-> C:\DOCUME~1\Patricia\LOCALS~1\Temp

[F:120][D:0]-> C:\DOCUME~1\Patricia\Cookies

[F:889][D:4]-> C:\DOCUME~1\Patricia\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - Sun 03/07/2010|10:57 - Option : [1]

 

--------------------\\ Scan completed at 10:57:20

 

==end==

Share this post


Link to post
Share on other sites

Here is the rsit file you asked for. mafee was disabled.

 

--dave

 

==start==

Logfile of random's system information tool 1.06 (written by random/random)

Run by Patricia at 2010-03-09 07:09:30

Microsoft Windows XP Professional Service Pack 3

System drive C: has 7 GB (20%) free of 35 GB

Total RAM: 510 MB (16% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:10:39 AM, on 3/9/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxczcoms.exe

C:\WINDOWS\system32\lxdccoms.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\downloads\RSIT.exe

C:\Program Files\trend micro\Patricia.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"

O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1267302751296

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/en/10/install/gtdownde.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

 

--

End of file - 11896 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

C:\WINDOWS\tasks\WGASetup.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]

Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

"Anti bits phone mail"=C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe []

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-02-05 20480]

"LXDCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 []

"Easy Dock"=C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe [2009-04-03 573440]

"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]

"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-05-27 598016]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"

"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\WINDOWS\SYSTEM32\lxczcoms.exe"="C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:1200 Series Server"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\SYSTEM32\lxdccoms.exe"="C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:1300 Series Server"

"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Disabled:Device Monitor Appliaction"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener"

"C:\WINDOWS\system32\printer.exe"="C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\spoolvs.exe"="C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2010-03-07 10:54:02 ----A---- C:\lopR.txt

2010-03-07 10:53:19 ----D---- C:\Lop SD

2010-03-07 01:01:46 ----D---- C:\Program Files\QuickTime

2010-03-07 00:59:40 ----SHD---- C:\Config.Msi

2010-03-07 00:55:21 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

2010-03-07 00:51:31 ----D---- C:\Documents and Settings\Patricia\Application Data\Apple Computer

2010-03-06 21:35:19 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt

2010-03-05 17:23:21 ----D---- C:\Program Files\ESET

2010-03-05 06:33:52 ----SHD---- C:\RECYCLER

2010-03-04 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-03 08:10:24 ----D---- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org

2010-03-02 07:55:43 ----A---- C:\WINDOWS\system32\proquota.exe

2010-03-02 06:57:37 ----A---- C:\Boot.bak

2010-03-02 06:57:18 ----RASHD---- C:\cmdcons

2010-03-02 06:54:51 ----A---- C:\WINDOWS\zip.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWSC.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\SWREG.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\sed.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\PEV.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\NIRCMD.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\MBR.exe

2010-03-02 06:54:51 ----A---- C:\WINDOWS\grep.exe

2010-03-02 06:54:21 ----D---- C:\WINDOWS\ERDNT

2010-03-02 06:53:49 ----D---- C:\Qoobox

2010-02-28 10:33:08 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Search

2010-02-27 22:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop

2010-02-27 22:34:29 ----D---- C:\Program Files\PCPitstop

2010-02-27 22:17:20 ----D---- C:\Program Files\trend micro

2010-02-27 22:17:10 ----D---- C:\rsit

2010-02-27 21:58:34 ----D---- C:\Program Files\TrendMicro

2010-02-27 19:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2010-02-27 19:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$

2010-02-27 19:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2010-02-27 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2010-02-27 18:46:05 ----A---- C:\WINDOWS\system32\mucltui.dll

2010-02-27 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$

2010-02-27 18:10:46 ----D---- C:\Program Files\Microsoft Silverlight

2010-02-27 14:51:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$

2010-02-27 14:49:55 ----D---- C:\WINDOWS\system32\windowspowershell

2010-02-27 14:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$

2010-02-27 14:49:45 ----D---- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search

2010-02-27 14:48:58 ----D---- C:\Program Files\Windows Desktop Search

2010-02-27 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2010-02-27 14:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2010-02-27 14:46:00 ----N---- C:\WINDOWS\system32\spmsg.dll

2010-02-27 14:44:35 ----D---- C:\Program Files\Windows Media Connect 2

2010-02-27 14:43:59 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2010-02-27 14:20:28 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe

2010-02-26 23:26:27 ----D---- C:\Documents and Settings\Patricia\Application Data\Musicmatch

2010-02-26 21:59:13 ----A---- C:\WINDOWS\system32\javaws.exe

2010-02-26 21:59:12 ----A---- C:\WINDOWS\system32\javaw.exe

2010-02-26 21:59:11 ----A---- C:\WINDOWS\system32\java.exe

2010-02-26 21:36:01 ----HD---- C:\WINDOWS\system32\GroupPolicy

2010-02-26 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

2010-02-26 21:11:14 ----D---- C:\Documents and Settings\Patricia\Application Data\Malwarebytes

2010-02-26 20:20:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-02-26 17:35:24 ----D---- C:\Documents and Settings\Patricia\Application Data\Skinux

2010-02-26 17:30:52 ----D---- C:\Documents and Settings\Patricia\Application Data\Teleca

2010-02-25 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-12 03:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-12 03:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-12 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-02-12 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-12 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-12 03:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-11 07:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

 

======List of files/folders modified in the last 1 months======

 

2010-03-09 07:09:52 ----D---- C:\WINDOWS\Prefetch

2010-03-09 07:07:07 ----D---- C:\WINDOWS\Temp

2010-03-09 06:59:33 ----D---- C:\Program Files\Lx_cats

2010-03-09 06:59:00 ----D---- C:\WINDOWS

2010-03-09 06:58:54 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt

2010-03-09 06:58:24 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt

2010-03-09 06:58:23 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem #2.txt

2010-03-09 06:58:12 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-07 11:22:08 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-07 10:53:15 ----D---- C:\downloads

2010-03-07 10:10:27 ----D---- C:\Program Files

2010-03-07 10:10:13 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-03-07 01:05:08 ----SHD---- C:\WINDOWS\Installer

2010-03-07 01:01:49 ----D---- C:\WINDOWS\SYSTEM32

2010-03-07 00:59:18 ----D---- C:\Documents and Settings\Patricia\Application Data\Adobe

2010-03-07 00:57:10 ----D---- C:\WINDOWS\WinSxS

2010-03-07 00:56:55 ----D---- C:\Program Files\Common Files\Apple

2010-03-07 00:55:58 ----SD---- C:\WINDOWS\Tasks

2010-03-07 00:55:30 ----D---- C:\Program Files\Apple Software Update

2010-03-06 01:03:38 ----D---- C:\WINDOWS\system32\DRIVERS

2010-03-05 22:39:34 ----AC---- C:\WINDOWS\ntbtlog.txt

2010-03-05 19:50:35 ----D---- C:\WINDOWS\Debug

2010-03-05 19:50:35 ----D---- C:\Program Files\LimeWire

2010-03-05 19:46:29 ----D---- C:\WINDOWS\system32\BWKDLogs

2010-03-05 19:45:38 ----D---- C:\WINDOWS\system32\MsDtc

2010-03-05 19:43:12 ----D---- C:\I386

2010-03-04 20:40:28 ----A---- C:\WINDOWS\system.ini

2010-03-04 20:32:50 ----D---- C:\WINDOWS\system32\CONFIG

2010-03-04 20:28:23 ----D---- C:\WINDOWS\AppPatch

2010-03-04 20:28:18 ----D---- C:\Program Files\Common Files

2010-03-04 18:02:10 ----HD---- C:\WINDOWS\INF

2010-03-02 07:55:49 ----RSHD---- C:\WINDOWS\system32\DLLCACHE

2010-03-02 06:57:39 ----RASH---- C:\BOOT.INI

2010-02-28 07:22:00 ----SD---- C:\Documents and Settings\Patricia\Application Data\Microsoft

2010-02-27 19:47:08 ----A---- C:\WINDOWS\imsins.BAK

2010-02-27 19:46:06 ----D---- C:\WINDOWS\system32\CatRoot

2010-02-27 19:02:00 ----D---- C:\Program Files\Windows Media Player

2010-02-27 18:58:32 ----D---- C:\WINDOWS\SECURITY

2010-02-27 18:55:14 ----D---- C:\WINDOWS\Microsoft.NET

2010-02-27 18:54:57 ----RSD---- C:\WINDOWS\ASSEMBLY

2010-02-27 18:49:42 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-27 18:37:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-02-27 18:28:56 ----D---- C:\Program Files\Zune

2010-02-27 18:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-02-27 18:19:17 ----D---- C:\Program Files\Internet Explorer

2010-02-27 18:19:13 ----D---- C:\WINDOWS\ie8updates

2010-02-27 18:06:42 ----D---- C:\Program Files\Common Files\Microsoft Shared

2010-02-27 18:05:53 ----RSD---- C:\WINDOWS\Fonts

2010-02-27 14:49:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-02-27 14:49:02 ----D---- C:\WINDOWS\system32\en-US

2010-02-27 14:48:57 ----D---- C:\WINDOWS\system32\WBEM

2010-02-27 14:45:05 ----A---- C:\WINDOWS\WIN.INI

2010-02-27 14:44:29 ----D---- C:\WINDOWS\Help

2010-02-27 01:39:12 ----D---- C:\Program Files\FinePixViewer

2010-02-27 01:15:57 ----D---- C:\WINDOWS\Sun

2010-02-26 23:32:11 ----D---- C:\Program Files\Dell

2010-02-26 23:27:57 ----HD---- C:\Program Files\InstallShield Installation Information

2010-02-26 23:18:57 ----D---- C:\temp

2010-02-26 23:09:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2010-02-26 21:56:23 ----D---- C:\Program Files\Java

2010-02-26 21:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$

2010-02-26 17:25:06 ----AC---- C:\WINDOWS\OEWABLog.txt

2010-02-24 10:47:46 ----D---- C:\Program Files\McAfee

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-15 8552]

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]

R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]

R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]

R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]

R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]

R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 catchme;catchme; \??\C:\dab\catchme.sys []

S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []

S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-07-02 25728]

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]

S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]

S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]

S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]

S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]

R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520]

R2 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-12 537520]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592]

R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]

S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]

S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

==end==

Share this post


Link to post
Share on other sites

Hi,

 

 

 

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

 

How to see hidden files in Windows

 

Please click this link-->Jotti

 

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

 

C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe

 

Please post back the results of the scan in your next post.

 

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Share this post


Link to post
Share on other sites

Good.

 

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Under the Custom Scan box paste this in

    netsvcs

    %SYSTEMDRIVE%\*.exe

    safebootminimal

    safebootnetwork

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Share this post


Link to post
Share on other sites

Tom,

 

here is the olt.txt log

 

==start==

 

OTL logfile created on: 3/11/2010 8:21:39 PM - Run 1

OTL by OldTimer - Version 3.1.37.0 Folder = C:\downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

510.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 22.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.70 Gb Total Space | 6.64 Gb Free Space | 19.72% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: THORNTON

Current User Name: Patricia

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - [2010/03/11 20:21:00 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe

PRC - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe

PRC - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe

PRC - [2010/01/07 14:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe

PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/09/29 15:21:08 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe

PRC - [2009/09/29 15:15:44 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

PRC - [2009/09/29 13:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe

PRC - [2009/09/29 13:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

PRC - [2009/09/29 13:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

PRC - [2009/09/29 13:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/06/03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe

PRC - [2009/05/27 15:46:52 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

PRC - [2008/10/30 13:16:42 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe

PRC - [2007/02/12 17:56:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxdccoms.exe

PRC - [2007/02/05 17:32:16 | 000,020,480 | ---- | M] (Lexmark) -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

PRC - [2007/01/29 17:11:36 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxczcoms.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/03/11 20:21:00 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe -- (ZuneBusEnum)

SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2007/02/12 17:56:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device)

SRV - [2007/01/29 17:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A A7 69 8B BD BD CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/18 17:40:39 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2010/03/04 20:40:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O4 - HKLM..\Run: [Anti bits phone mail] C:\Documents and Settings\All Users\Application Data\meowamokantibits\sectregs.exe ()

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [Easy Dock] C:\Documents and Settings\Kaitlyn\My Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)

O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe (Lexmark)

O4 - HKLM..\Run: [LXDCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.DLL (Lexmark International, Inc.)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1

O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found

O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (Reg Error: Key error.)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1267302751296 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab (Reg Error: Key error.)

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/en/10/install/gtdownde.cab (Dell PC Checkup Installer Control)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (stera) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/10/15 13:58:48 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (56016913389584384)

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/03/10 03:02:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010/03/07 10:53:19 | 000,000,000 | ---D | C] -- C:\Lop SD

[2010/03/07 01:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/03/07 01:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer

[2010/03/07 00:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\Apple

[2010/03/07 00:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/03/07 00:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Apple Computer

[2010/03/05 17:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/03/05 06:33:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/03/04 20:15:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/04 20:15:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/03/04 20:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/03 08:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org

[2010/03/02 06:57:18 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/03/02 06:54:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/03/02 06:54:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/03/02 06:54:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/03/02 06:54:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/03/02 06:54:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/03/02 06:53:49 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/02/28 23:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/02/28 23:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/02/28 20:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun

[2010/02/28 10:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Windows Search

[2010/02/27 22:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2010/02/27 22:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop

[2010/02/27 22:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2010/02/27 22:17:10 | 000,000,000 | ---D | C] -- C:\rsit

[2010/02/27 21:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro

[2010/02/27 18:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/02/27 14:53:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2010/02/27 14:49:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[2010/02/27 14:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search

[2010/02/27 14:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search

[2010/02/27 14:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2

[2010/02/27 14:20:28 | 000,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe

[2010/02/26 23:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Musicmatch

[2010/02/26 23:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\Musicmatch

[2010/02/26 21:36:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2010/02/26 21:23:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\PrivacIE

[2010/02/26 21:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Malwarebytes

[2010/02/26 20:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/02/26 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Skinux

[2010/02/26 17:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Teleca

[2010/02/26 17:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\Apple Computer

[2010/02/26 17:23:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\IETldCache

[2010/02/25 11:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/02/25 11:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/02/24 10:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/02/23 20:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010/02/22 19:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2009/12/06 13:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2009/12/05 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2009/09/20 11:16:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/03/02 20:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/03/02 20:16:43 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll

[2007/08/24 14:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2007/08/24 14:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google

[2007/01/10 18:02:06 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll

[2007/01/10 18:00:42 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll

[2007/01/10 17:54:42 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll

[2007/01/10 17:53:10 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll

[2007/01/10 17:51:52 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll

[2007/01/10 17:49:44 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll

[2007/01/10 17:49:00 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll

[2007/01/10 17:48:30 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll

[2007/01/10 17:42:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll

[2007/01/10 17:41:44 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll

[2007/01/10 17:37:42 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll

[2006/12/20 22:08:24 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll

[2006/12/20 22:06:58 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll

[2006/12/20 22:01:04 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll

[2006/12/20 21:59:24 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll

[2006/12/20 21:58:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll

[2006/12/20 21:55:40 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll

[2006/12/20 21:54:54 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll

[2006/12/20 21:54:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll

[2006/12/20 21:47:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll

[2006/12/20 21:46:50 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll

[2006/12/20 21:42:36 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll

[2006/08/30 16:12:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek

[2005/10/21 22:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Show Fast Debug

[2005/02/03 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2004/10/20 16:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall

 

========== Files - Modified Within 14 Days ==========

 

[2010/03/11 08:39:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/03/09 20:28:48 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010/03/09 20:28:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/09 20:28:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/03/09 20:28:22 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/09 20:27:13 | 000,018,849 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2010/03/09 20:27:05 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Patricia\NTUSER.DAT

[2010/03/09 20:27:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Patricia\NTUSER.INI

[2010/03/07 01:03:49 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/03/07 00:55:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/03/06 01:03:59 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe

[2010/03/04 20:40:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/03/04 20:40:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2010/03/04 20:17:43 | 004,120,159 | R--- | M] () -- C:\Documents and Settings\Patricia\Desktop\dab.exe

[2010/03/04 20:15:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/02 06:57:39 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI

[2010/03/01 01:00:00 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

[2010/02/27 22:06:04 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk

[2010/02/27 19:47:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/02/27 19:33:11 | 000,114,672 | ---- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/02/27 19:23:39 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/02/27 19:23:38 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/02/27 19:02:03 | 000,429,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/02/27 18:37:37 | 000,532,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/02/27 18:37:37 | 000,463,510 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2010/02/27 18:37:37 | 000,078,786 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2010/02/27 18:24:26 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk

[2010/02/27 18:10:27 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\Patricia\My Documents\My Sharing Folders.lnk

[2010/02/27 14:49:15 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2010/02/27 14:45:05 | 000,000,522 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2010/02/26 23:30:34 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Jukebox by musicmatch.lnk

[2010/02/26 21:39:54 | 000,001,008 | RHS- | M] () -- C:\Documents and Settings\Patricia\ntuser.pol

[2010/02/26 20:19:59 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

 

========== Files Created - No Company Name ==========

 

[2010/03/07 01:03:48 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/03/07 00:55:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/03/05 22:43:33 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/04 20:15:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/02 06:57:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/03/02 06:57:24 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/03/02 06:54:51 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/03/02 06:54:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/03/02 06:54:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/03/02 06:54:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/03/02 06:54:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/03/02 06:49:30 | 004,120,159 | R--- | C] () -- C:\Documents and Settings\Patricia\Desktop\dab.exe

[2010/02/27 21:58:59 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk

[2010/02/27 18:10:27 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\Patricia\My Documents\My Sharing Folders.lnk

[2010/02/27 14:49:15 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2010/02/26 21:38:19 | 000,001,008 | RHS- | C] () -- C:\Documents and Settings\Patricia\ntuser.pol

[2010/02/26 20:19:59 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2009/10/04 07:03:08 | 000,013,991 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ikuhiha.bin

[2009/10/03 18:06:21 | 000,010,187 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zuhilut._sy

[2009/10/02 18:52:51 | 000,014,468 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xine.sys

[2009/10/02 18:26:30 | 000,017,423 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lepihed.dll

[2009/10/02 18:26:29 | 000,012,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ovovotuq.sys

[2009/10/02 18:26:24 | 000,013,134 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\umab.bin

[2009/05/28 11:21:58 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Kaitlyn.ini

[2009/03/02 20:16:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini

[2009/03/02 20:16:44 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll

[2009/03/02 20:13:53 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxdccoin.dll

[2007/11/15 03:02:36 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/02/21 10:05:16 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini

[2007/02/12 04:46:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll

[2007/01/29 18:11:45 | 000,000,253 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2007/01/29 18:11:43 | 000,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2006/11/29 18:14:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2006/06/22 20:35:32 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/05/18 08:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll

[2006/03/29 19:59:10 | 000,029,919 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini

[2006/03/27 16:19:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll

[2006/01/10 22:11:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll

[2006/01/10 22:11:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll

[2005/12/30 13:43:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/12/29 16:44:04 | 000,000,048 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini

[2005/09/08 05:36:50 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\PFP120JPR.{PB

[2005/09/08 05:36:50 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\PFP120JCM.{PB

[2005/04/29 23:49:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI

[2004/12/19 19:21:17 | 000,017,761 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2004/11/02 17:47:30 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/11/02 17:47:17 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[2004/10/26 17:25:28 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSONC86.ini

[2004/10/26 17:24:53 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

[2004/10/15 14:35:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/10/15 14:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/08/11 16:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/08/04 04:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004/08/04 04:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004/08/04 04:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004/08/04 04:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004/08/04 04:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

[2004/03/26 15:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

 

========== LOP Check ==========

 

[2009/12/30 08:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2009/12/17 17:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC

[2005/10/21 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\meowamokantibits

[2008/06/22 19:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2010/02/28 07:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2008/02/16 14:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/12/17 17:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca

[2009/12/30 08:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/01/05 19:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2004/12/07 18:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Aim

[2006/04/29 08:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\FilmLoop

[2004/10/26 17:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Leadertech

[2010/02/26 23:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Musicmatch

[2010/03/03 08:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org

[2010/02/26 17:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Skinux

[2010/02/26 17:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Teleca

[2010/02/27 14:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Windows Desktop Search

[2010/02/28 10:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Windows Search

[2010/02/15 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

[2010/03/01 01:00:00 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

[2010/03/09 20:28:48 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

[2005/10/31 09:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

 

 

< MD5 for: AGP440.SYS >

[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys

[2009/01/19 09:12:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys

[2009/01/19 09:12:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys

[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS

[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys

[2009/01/19 09:12:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys

[2009/01/19 09:12:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 12:40:30 | 000,096,512 | ---- | M] () MD5=8B91850420E7C598818F69C727149FB4 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys

[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL

[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2004/08/04 16:30:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2004/08/04 16:30:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\eventlog.dll

 

< MD5 for: LOGEVENT.DLL >

[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\logevent.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL

[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2004/08/04 16:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2004/08/04 16:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL

[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2004/08/04 16:30:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2004/08/04 16:30:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\scecli.dll

[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

 

< %systemroot%\*. /mp /s >

 

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP11A6.tmp\ZAP11A6.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP122.tmp\ZAP122.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP3BB.tmp\ZAP3BB.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAPFC2.tmp\ZAPFC2.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\ASSEMBLY\TMP\TMP] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Config\Config] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Connection Wizard\Connection Wizard] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\IME\CHTIME\Applets\Applets] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\IME\IMEJP98\IMEJP98] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\IME\SHARED\RES\RES] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\{efc1d30a-a03f-4815-9a77-3b1c4690129a}\{efc1d30a-a03f-4815-9a77-3b1c4690129a}] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\JAVA\CLASSES\CLASSES] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\MSAPPS\MSINFO\MSINFO] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\UserDumps] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS

Share this post


Link to post
Share on other sites

Tom,

 

Here is the rest.

 

--dave

==rermainder of otl.txt===

[C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\cadf7c8240793a561791dc3bd3e91a5e\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Sun\Java\Deployment\Deployment] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SxsCaPendDel\SxsCaPendDel] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\UGF0cmljaWEg\UGF0cmljaWEg] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\WinSxS\InstallTemp\InstallTemp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2] -> \Device\__max++>\^ -> Mount Point

< End of report >

==end of olt.txt==

 

==start of extras.txt===

OTL Extras logfile created on: 3/11/2010 8:21:39 PM - Run 1

OTL by OldTimer - Version 3.1.37.0 Folder = C:\downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

510.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 22.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.70 Gb Total Space | 6.64 Gb Free Space | 19.72% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: THORNTON

Current User Name: Patricia

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service

"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service

"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found

"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener -- ()

"C:\WINDOWS\system32\printer.exe" = C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found

"C:\WINDOWS\system32\spoolvs.exe" = C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found

"C:\WINDOWS\shell.exe" = C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE" = C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing -- (Microsoft Corporation)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)

"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\WINDOWS\SYSTEM32\lxczcoms.exe" = C:\WINDOWS\SYSTEM32\lxczcoms.exe:*:Enabled:1200 Series Server -- ( )

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:1300 Series Server -- ( )

"C:\Program Files\McAfee\VirusScan\mcvsmap.exe" = C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap -- (McAfee, Inc.)

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Disabled:Device Monitor Appliaction -- (Lexmark)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections

"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 17

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{65EB09A3-993B-401E-8936-C9708CBFAB26}" = FinePixViewer YTUPL

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox

"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D5AF36E3-D72D-4E30-AB64-48A98BDDEE73}" = HTC Sync

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby

"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)

"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"ESET Online Scanner" = ESET Online Scanner v3

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"Lexmark 1300 Series" = Lexmark 1300 Series

"LimeWire" = LimeWire 5.3.6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSC" = McAfee SecurityCenter

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PROSet" = Intel® PRO Network Adapters and Drivers

"RCA easyRip_is1" = RCA easyRip 2.1.7.0

"RealPlayer 6.0" = RealPlayer Basic

"uTorrent" = µTorrent

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WeatherBug" = WeatherBug

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"winusb0100" = Microsoft WinUsb 1.0

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

"Yahoo! Internet Mail" = Yahoo! Internet Mail

"Zune" = Zune

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 3/6/2010 12:38:18 AM | Computer Name = THORNTON | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 3/6/2010 12:38:26 AM | Computer Name = THORNTON | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 3/6/2010 12:38:27 AM | Computer Name = THORNTON | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 3/6/2010 12:40:44 AM | Computer Name = THORNTON | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The server name or address could not be resolved

 

Error - 3/6/2010 12:40:44 AM | Computer Name = THORNTON | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 3/6/2010 12:40:44 AM | Computer Name = THORNTON | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 3/6/2010 12:40:44 AM | Computer Name = THORNTON | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 3/7/2010 2:49:35 AM | Computer Name = THORNTON | Source = Application Hang | ID = 1002

Description = Hanging application QuickTimePlayer.exe, version 7.55.90.70, hang

module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 3/7/2010 12:18:24 PM | Computer Name = THORNTON | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 3/7/2010 12:19:10 PM | Computer Name = THORNTON | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

[ System Events ]

Error - 3/7/2010 12:13:16 PM | Computer Name = THORNTON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM

Service service to connect.

 

Error - 3/7/2010 12:13:16 PM | Computer Name = THORNTON | Source = Service Control Manager | ID = 7000

Description = The IMAPI CD-Burning COM Service service failed to start due to the

following error: %%1053

 

Error - 3/7/2010 12:13:16 PM | Computer Name = THORNTON | Source = Service Control Manager | ID = 7023

Description = The Security Center service terminated with the following error: %%16389

 

Error - 3/10/2010 6:49:36 PM | Computer Name = THORNTON | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}

as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe

-Embedding

 

Error - 3/10/2010 6:49:44 PM | Computer Name = THORNTON | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}

as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe

-Embedding

 

Error - 3/10/2010 6:49:55 PM | Computer Name = THORNTON | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}

as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe

-Embedding

 

Error - 3/10/2010 6:50:06 PM | Computer Name = THORNTON | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}

as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe

-Embedding

 

Error - 3/10/2010 6:50:17 PM | Computer Name = THORNTON | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}

as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe

-Embedding

 

Error - 3/10/2010 6:52:28 PM | Computer Name = THORNTON | Source = DCOM | ID = 10010

Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register

with DCOM within the required timeout.

 

Error - 3/10/2010 6:52:53 PM | Computer Name = THORNTON | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {6A972E27-93E2-4F98-8367-4101B2073814}

as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe

-Embedding

 

 

< End of report >

==end of extras.txt======

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×