The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

My computer has a worm

Posted 12/21/2009 5:20 PM
#81213
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
Yesterday when I was working on my computer I had noticed that it said that something called "Security Tool" was downloaded but I did not download anything. Now my computer is slow and I keep getting these pop ups about this Security Tool Warning and for me to buy it to remove the virus. But I can not download ANY thing not even the CCleaner and ANY antivirus downloads. Can someone please help?
Posted 12/22/2009 2:50 AM
#81234
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Hello reecee2606,

Going to need some info to work from here, so see what you can do to get the scans done. You may want to try booting into Safe Mode (tap the F8 key at startup about once per half-second, then select Safe Mode with Networking from the startup menu). Infection would be less active that way. But see what you can get done.

The latest rogue security softwares also run some hidden rootkits, that load early in the bootup and in part block repair progress. Assuming you have XP there, one way to get the upper hand on these is to reboot into the Recovery Console, and disable them before Windows starts. This would require an actual XP CD though, so let me know in your next reply if you have one, or can borrow one.



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Posted 12/24/2009 5:29 PM
#81307
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
Logfile of random's system information tool 1.06 (written by random/random)
Run by New User at 2009-12-24 08:49:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (42%) free of 19 GB
Total RAM: 511 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:03 AM, on 12/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\CarMD\CarMD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\New User\My Documents\Downloads\RSIT(2).exe
C:\Program Files\trend micro\New User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 78.159.110.41 www.google.com
O1 - Hosts: 78.159.110.41 www.google.de
O1 - Hosts: 78.159.110.41 www.google.fr
O1 - Hosts: 78.159.110.41 www.google.co.uk
O1 - Hosts: 78.159.110.41 www.google.com.br
O1 - Hosts: 78.159.110.41 www.google.it
O1 - Hosts: 78.159.110.41 www.google.es
O1 - Hosts: 78.159.110.41 www.google.co.jp
O1 - Hosts: 78.159.110.41 www.google.com.mx
O1 - Hosts: 78.159.110.41 www.google.ca
O1 - Hosts: 78.159.110.41 www.google.com.au
O1 - Hosts: 78.159.110.41 www.google.nl
O1 - Hosts: 78.159.110.41 www.google.co.za
O1 - Hosts: 78.159.110.41 www.google.be
O1 - Hosts: 78.159.110.41 www.google.gr
O1 - Hosts: 78.159.110.41 www.google.at
O1 - Hosts: 78.159.110.41 www.google.se
O1 - Hosts: 78.159.110.41 www.google.ch
O1 - Hosts: 78.159.110.41 www.google.pt
O1 - Hosts: 78.159.110.41 www.google.dk
O1 - Hosts: 78.159.110.41 www.google.fi
O1 - Hosts: 78.159.110.41 www.google.ie
O1 - Hosts: 78.159.110.41 www.google.no
O1 - Hosts: 78.159.110.41 search.yahoo.com
O1 - Hosts: 78.159.110.41 us.search.yahoo.com
O1 - Hosts: 78.159.110.41 uk.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Matrox PC-VCR Scheduler] "C:\Program Files\Matrox Video Tools\PC-VCRScheduler.exe"
O4 - HKLM\..\Run: [CarMD] C:\Program Files\CarMD\CarMD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\New User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 7593 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-08-06 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-04 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-08-06 77824]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe [2002-02-14 651264]
"Matrox PC-VCR Scheduler"=C:\Program Files\Matrox Video Tools\PC-VCRScheduler.exe [2001-12-18 286720]
"CarMD"=C:\Program Files\CarMD\CarMD.exe [2007-12-11 1318912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster\launcher.exe delay 20000 []

C:\Documents and Settings\New User\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-12-24 08:49:27 ----D---- C:\Program Files\trend micro
2009-12-24 08:49:24 ----D---- C:\rsit
2009-12-24 08:38:22 ----D---- C:\Documents and Settings\New User\Application Data\Uniblue
2009-12-23 19:07:55 ----SHD---- C:\Config.Msi
2009-12-23 14:50:23 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-23 14:49:29 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-23 14:49:29 ----D---- C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
2009-12-23 12:20:42 ----D---- C:\WINDOWS\CSC
2009-12-23 11:30:07 ----D---- C:\Documents and Settings\New User\Application Data\Opera
2009-12-23 11:29:32 ----D---- C:\Program Files\Opera
2009-12-22 14:16:20 ----A---- C:\resetlog.txt
2009-12-22 13:57:47 ----D---- C:\Documents and Settings\New User\Application Data\McAfee
2009-12-21 12:24:57 ----D---- C:\Program Files\Common Files\McAfee
2009-12-21 12:24:51 ----D---- C:\Program Files\McAfee.com
2009-12-21 12:24:24 ----D---- C:\Program Files\McAfee
2009-12-21 10:45:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-09 11:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 11:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 11:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 11:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 11:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-25 08:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 08:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

======List of files/folders modified in the last 1 months======

2009-12-24 08:49:35 ----D---- C:\WINDOWS\Temp
2009-12-24 08:49:27 ----D---- C:\Program Files
2009-12-24 08:35:02 ----D---- C:\Documents and Settings\New User\Application Data\LimeWire
2009-12-24 08:26:28 ----D---- C:\Program Files\Mozilla Firefox
2009-12-24 08:24:57 ----D---- C:\WINDOWS
2009-12-23 19:10:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-23 19:08:07 ----SHD---- C:\WINDOWS\Installer
2009-12-23 19:08:06 ----D---- C:\Program Files\Common Files
2009-12-23 14:51:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-23 14:13:36 ----SHD---- C:\System Volume Information
2009-12-23 14:13:36 ----D---- C:\WINDOWS\system32\Restore
2009-12-23 14:02:44 ----SH---- C:\boot.ini
2009-12-23 14:02:44 ----A---- C:\WINDOWS\win.ini
2009-12-23 14:02:44 ----A---- C:\WINDOWS\system.ini
2009-12-23 13:54:41 ----D---- C:\WINDOWS\pss
2009-12-23 13:05:51 ----D---- C:\Program Files\Citrix
2009-12-23 13:05:41 ----D---- C:\WINDOWS\system32
2009-12-23 13:05:40 ----D---- C:\WINDOWS\system32\drivers
2009-12-23 13:05:39 ----HD---- C:\WINDOWS\inf
2009-12-23 13:04:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-23 13:04:11 ----D---- C:\Program Files\Internet Explorer
2009-12-23 12:28:58 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-12-23 10:18:32 ----D---- C:\WINDOWS\network diagnostic
2009-12-21 14:13:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-21 12:53:00 ----A---- C:\WINDOWS\imsins.BAK
2009-12-21 12:33:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-21 12:25:49 ----SD---- C:\WINDOWS\Tasks
2009-12-21 11:59:46 ----D---- C:\WINDOWS\system32\config
2009-12-21 11:59:03 ----D---- C:\WINDOWS\system32\wbem
2009-12-21 11:59:01 ----D---- C:\WINDOWS\Registration
2009-12-21 11:45:25 ----D---- C:\Documents and Settings
2009-12-20 13:21:30 ----D---- C:\WINDOWS\Prefetch
2009-12-09 11:10:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-09 10:19:03 ----D---- C:\WINDOWS\Minidump
2009-12-01 12:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-25 08:26:50 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R2 RR2Ctrl;RR2Ctrl; C:\WINDOWS\system32\drivers\RR2Ctrl.sys [2001-12-18 64520]
R2 RR2IOMod;RR2IOMod; C:\WINDOWS\system32\drivers\RR2IOMod.sys [2001-12-18 7449]
R2 RR2Mjpeg;RR2Mjpeg; C:\WINDOWS\system32\drivers\RR2Mjpeg.sys [2001-12-18 85449]
R2 RR2Vbi;RR2Vbi; C:\WINDOWS\system32\drivers\RR2Vbi.sys [2001-12-18 20215]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 G400DH;G400DH; C:\WINDOWS\system32\DRIVERS\g400dhm.sys [2002-02-14 316416]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 MtxVideo;Matrox WDM capture/crossbar driver; C:\WINDOWS\system32\DRIVERS\MtxVideo.sys [2001-08-17 103296]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-17 322432]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-12-22 259584]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CSHelper;CopySafe Helper Service; C:\WINDOWS\system32\CSHelper.exe [2009-02-19 266240]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-29 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2002-01-16 81920]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-28 365072]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-12-24 08:50:10

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DVIA player 5.0-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Acrobat.com-->MsiExec.exe /X{27F00C63-449B-2FAB-CBE8-24AB80E17449}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
CarMD-->MsiExec.exe /X{A628FE9D-F6FA-4DB5-8817-A3617CD11A74}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Matrox Graphics Software (remove only)-->C:\WINDOWS\system32\PDesk\PDUninst.exe
Matrox Video Tools-->MsiExec.exe /I{65F78553-0FA6-423E-82D1-83CD80897995}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Virtual Technician-->MsiExec.exe /I{49FA793C-785E-47E9-93DF-BD442B0B45D1}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Opera 10.10-->MsiExec.exe /X{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Zoo Tycoon 2 - Extinct Animals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{15292416-A464-4FBA-BB96-7298EAACFC07}

======Hosts File======

78.159.110.41 www.google.com
78.159.110.41 www.google.de
78.159.110.41 www.google.fr
78.159.110.41 www.google.co.uk
78.159.110.41 www.google.com.br
78.159.110.41 www.google.it
78.159.110.41 www.google.es
78.159.110.41 www.google.co.jp
78.159.110.41 www.google.com.mx
78.159.110.41 www.google.ca

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: RAQUELCOMPUTER
Event Code: 10010
Message: The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register with DCOM within the required timeout.

Record Number: 21410
Source Name: DCOM
Time Written: 20091019162432.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RAQUELCOMPUTER
Event Code: 10010
Message: The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register with DCOM within the required timeout.

Record Number: 21409
Source Name: DCOM
Time Written: 20091019162401.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RAQUELCOMPUTER
Event Code: 10010
Message: The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.

Record Number: 21408
Source Name: DCOM
Time Written: 20091019162336.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RAQUELCOMPUTER
Event Code: 10010
Message: The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register with DCOM within the required timeout.

Record Number: 21407
Source Name: DCOM
Time Written: 20091019162330.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RAQUELCOMPUTER
Event Code: 10010
Message: The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register with DCOM within the required timeout.

Record Number: 21405
Source Name: DCOM
Time Written: 20091019162258.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: RAQUELCOMPUTER
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.


Record Number: 4092
Source Name: crypt32
Time Written: 20091010151412.000000-420
Event Type: error
User:

Computer Name: RAQUELCOMPUTER
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.


Record Number: 4090
Source Name: crypt32
Time Written: 20091010151411.000000-420
Event Type: error
User:

Computer Name: RAQUELCOMPUTER
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.


Record Number: 4086
Source Name: crypt32
Time Written: 20091010151409.000000-420
Event Type: error
User:

Computer Name: RAQUELCOMPUTER
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.


Record Number: 4085
Source Name: crypt32
Time Written: 20091010151409.000000-420
Event Type: error
User:

Computer Name: RAQUELCOMPUTER
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: with error: The server name or address could not be resolved


Record Number: 4078
Source Name: crypt32
Time Written: 20091010151155.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0806
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by New User at 2009-12-24 08:49:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (42%) free of 19 GB
Total RAM: 511 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:03 AM, on 12/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\CarMD\CarMD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\New User\My Documents\Downloads\RSIT(2).exe
C:\Program Files\trend micro\New User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 78.159.110.41 www.google.com
O1 - Hosts: 78.159.110.41 www.google.de
O1 - Hosts: 78.159.110.41 www.google.fr
O1 - Hosts: 78.159.110.41 www.google.co.uk
O1 - Hosts: 78.159.110.41 www.google.com.br
O1 - Hosts: 78.159.110.41 www.google.it
O1 - Hosts: 78.159.110.41 www.google.es
O1 - Hosts: 78.159.110.41 www.google.co.jp
O1 - Hosts: 78.159.110.41 www.google.com.mx
O1 - Hosts: 78.159.110.41 www.google.ca
O1 - Hosts: 78.159.110.41 www.google.com.au
O1 - Hosts: 78.159.110.41 www.google.nl
O1 - Hosts: 78.159.110.41 www.google.co.za
O1 - Hosts: 78.159.110.41 www.google.be
O1 - Hosts: 78.159.110.41 www.google.gr
O1 - Hosts: 78.159.110.41 www.google.at
O1 - Hosts: 78.159.110.41 www.google.se
O1 - Hosts: 78.159.110.41 www.google.ch
O1 - Hosts: 78.159.110.41 www.google.pt
O1 - Hosts: 78.159.110.41 www.google.dk
O1 - Hosts: 78.159.110.41 www.google.fi
O1 - Hosts: 78.159.110.41 www.google.ie
O1 - Hosts: 78.159.110.41 www.google.no
O1 - Hosts: 78.159.110.41 search.yahoo.com
O1 - Hosts: 78.159.110.41 us.search.yahoo.com
O1 - Hosts: 78.159.110.41 uk.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Matrox PC-VCR Scheduler] "C:\Program Files\Matrox Video Tools\PC-VCRScheduler.exe"
O4 - HKLM\..\Run: [CarMD] C:\Program Files\CarMD\CarMD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\New User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 7593 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-08-06 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-04 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-08-06 77824]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe [2002-02-14 651264]
"Matrox PC-VCR Scheduler"=C:\Program Files\Matrox Video Tools\PC-VCRScheduler.exe [2001-12-18 286720]
"CarMD"=C:\Program Files\CarMD\CarMD.exe [2007-12-11 1318912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster\launcher.exe delay 20000 []

C:\Documents and Settings\New User\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-12-24 08:49:27 ----D---- C:\Program Files\trend micro
2009-12-24 08:49:24 ----D---- C:\rsit
2009-12-24 08:38:22 ----D---- C:\Documents and Settings\New User\Application Data\Uniblue
2009-12-23 19:07:55 ----SHD---- C:\Config.Msi
2009-12-23 14:50:23 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-23 14:49:29 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-23 14:49:29 ----D---- C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
2009-12-23 12:20:42 ----D---- C:\WINDOWS\CSC
2009-12-23 11:30:07 ----D---- C:\Documents and Settings\New User\Application Data\Opera
2009-12-23 11:29:32 ----D---- C:\Program Files\Opera
2009-12-22 14:16:20 ----A---- C:\resetlog.txt
2009-12-22 13:57:47 ----D---- C:\Documents and Settings\New User\Application Data\McAfee
2009-12-21 12:24:57 ----D---- C:\Program Files\Common Files\McAfee
2009-12-21 12:24:51 ----D---- C:\Program Files\McAfee.com
2009-12-21 12:24:24 ----D---- C:\Program Files\McAfee
2009-12-21 10:45:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-09 11:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 11:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 11:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 11:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 11:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-25 08:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 08:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

======List of files/folders modified in the last 1 months======

2009-12-24 08:49:35 ----D---- C:\WINDOWS\Temp
2009-12-24 08:49:27 ----D---- C:\Program Files
2009-12-24 08:35:02 ----D---- C:\Documents and Settings\New User\Application Data\LimeWire
2009-12-24 08:26:28 ----D---- C:\Program Files\Mozilla Firefox
2009-12-24 08:24:57 ----D---- C:\WINDOWS
2009-12-23 19:10:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-23 19:08:07 ----SHD---- C:\WINDOWS\Installer
2009-12-23 19:08:06 ----D---- C:\Program Files\Common Files
2009-12-23 14:51:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-23 14:13:36 ----SHD---- C:\System Volume Information
2009-12-23 14:13:36 ----D---- C:\WINDOWS\system32\Restore
2009-12-23 14:02:44 ----SH---- C:\boot.ini
2009-12-23 14:02:44 ----A---- C:\WINDOWS\win.ini
2009-12-23 14:02:44 ----A---- C:\WINDOWS\system.ini
2009-12-23 13:54:41 ----D---- C:\WINDOWS\pss
2009-12-23 13:05:51 ----D---- C:\Program Files\Citrix
2009-12-23 13:05:41 ----D---- C:\WINDOWS\system32
2009-12-23 13:05:40 ----D---- C:\WINDOWS\system32\drivers
2009-12-23 13:05:39 ----HD---- C:\WINDOWS\inf
2009-12-23 13:04:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-23 13:04:11 ----D---- C:\Program Files\Internet Explorer
2009-12-23 12:28:58 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-12-23 10:18:32 ----D---- C:\WINDOWS\network diagnostic
2009-12-21 14:13:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-21 12:53:00 ----A---- C:\WINDOWS\imsins.BAK
2009-12-21 12:33:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-21 12:25:49 ----SD---- C:\WINDOWS\Tasks
2009-12-21 11:59:46 ----D---- C:\WINDOWS\system32\config
2009-12-21 11:59:03 ----D---- C:\WINDOWS\system32\wbem
2009-12-21 11:59:01 ----D---- C:\WINDOWS\Registration
2009-12-21 11:45:25 ----D---- C:\Documents and Settings
2009-12-20 13:21:30 ----D---- C:\WINDOWS\Prefetch
2009-12-09 11:10:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-09 10:19:03 ----D---- C:\WINDOWS\Minidump
2009-12-01 12:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-25 08:26:50 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R2 RR2Ctrl;RR2Ctrl; C:\WINDOWS\system32\drivers\RR2Ctrl.sys [2001-12-18 64520]
R2 RR2IOMod;RR2IOMod; C:\WINDOWS\system32\drivers\RR2IOMod.sys [2001-12-18 7449]
R2 RR2Mjpeg;RR2Mjpeg; C:\WINDOWS\system32\drivers\RR2Mjpeg.sys [2001-12-18 85449]
R2 RR2Vbi;RR2Vbi; C:\WINDOWS\system32\drivers\RR2Vbi.sys [2001-12-18 20215]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 G400DH;G400DH; C:\WINDOWS\system32\DRIVERS\g400dhm.sys [2002-02-14 316416]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 MtxVideo;Matrox WDM capture/crossbar driver; C:\WINDOWS\system32\DRIVERS\MtxVideo.sys [2001-08-17 103296]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-17 322432]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-12-22 259584]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CSHelper;CopySafe Helper Service; C:\WINDOWS\system32\CSHelper.exe [2009-02-19 266240]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-29 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2002-01-16 81920]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-28 365072]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Posted 12/24/2009 7:26 PM
#81310
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Ended up posting the RSIT log twice. To save yourself some effort, before you Submit the post check the "Preview before posting" option, so you can double-check what you are posting. The malware Hosts file didn't change either. See if you can download the next tool to a different system, then perhaps send it to the problem computer as an email attachment.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Posted 12/24/2009 8:17 PM
#81311
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
I currently have Mcafee and when I right click the icon it does not give me the option to disable. Please help.
Posted 12/24/2009 11:36 PM
#81318
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Try these steps, taken from a post in McAfee's forum:

Double-click the taskbar icon to open Security Center
Click Advanced Menu (bottom left)
Click Configure (left)
Click Computer & Files (top left)
You can disable VirusScan in the right-hand module and tell it for how long.

If those match what you have there, do whatever option disables McAfee for the longest time period. Preferred choice is to be disabled until you yourself chose to enable it.

Either way go ahead and run the ComboFix step.
Posted 12/27/2009 1:15 AM
#81352
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
Well I downloaded that combofix and did not get a listing of anything. What do I do next?
Posted 12/27/2009 2:26 AM
#81354
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Make sure ComboFix.exe is directly on your desktop. If you had renamed it as suggested earlier, then change the file name back to ComboFix.exe, or download a new copy to your desktop.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

[code]KillAll::[/code]

Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Posted 12/27/2009 2:45 AM
#81357
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
I've downloaded Combofix.exe a couple of times and still there is no icon on my desktop. What am I doing wrong?
Posted 12/27/2009 3:16 AM
#81358
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
ComboFix 09-12-26.01 - New User 12/26/2009 18:57:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.204 [GMT -8:00]
Running from: c:\documents and settings\New User\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\New User\Desktop\CFScript.txt.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\New User\Application Data\avdrn.dat
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-24 18:40 . 2009-12-24 18:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-24 18:40 . 2009-12-24 18:40 -------- d-----w- c:\program files\SmartPCTools
2009-12-24 16:49 . 2009-12-24 16:50 -------- d-----w- c:\program files\trend micro
2009-12-24 16:49 . 2009-12-24 16:50 -------- d-----w- C:\rsit
2009-12-24 16:38 . 2009-12-24 16:38 -------- d-----w- c:\documents and settings\New User\Application Data\Uniblue
2009-12-23 22:50 . 2009-12-23 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-23 22:49 . 2009-12-27 02:41 -------- d-----w- c:\documents and settings\New User\Application Data\SUPERAntiSpyware.com
2009-12-23 22:49 . 2009-12-27 02:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-23 19:30 . 2009-12-23 19:30 -------- d-----w- c:\documents and settings\New User\Local Settings\Application Data\Opera
2009-12-23 19:29 . 2009-12-23 21:00 -------- d-----w- c:\program files\Opera
2009-12-22 21:57 . 2009-12-22 21:57 -------- d-----w- c:\documents and settings\New User\Application Data\McAfee
2009-12-21 20:24 . 2009-12-27 02:26 -------- d-----w- c:\program files\McAfee
2009-12-21 19:59 . 2009-12-21 19:59 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-21 19:54 . 2009-12-21 19:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{1D4A789A-D505-47F8-AE71-855EDF790775}
2009-12-21 19:48 . 2009-12-21 19:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-21 19:46 . 2009-12-21 19:46 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2009-12-21 19:45 . 2009-12-21 19:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-12-21 19:45 . 2009-12-21 19:55 -------- d-s---w- c:\documents and settings\Administrator
2009-12-21 18:46 . 2009-12-21 19:55 -------- d-----w- c:\documents and settings\New User\Local Settings\Application Data\{6B6D35A2-082C-4917-82EF-D58FE4305ED6}
2009-12-20 20:55 . 2009-12-21 16:55 0 ----a-w- c:\windows\Tqozutez.bin
2009-12-20 20:55 . 2009-12-21 16:55 120 ----a-w- c:\windows\Qyenakef.dat
2009-12-20 20:51 . 2009-12-21 19:59 734208 ----a-w- c:\windows\system32\drivers\ezkpgqc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 03:06 . 2008-08-12 19:17 -------- d-----w- c:\documents and settings\New User\Application Data\LimeWire
2009-12-27 02:27 . 2008-12-22 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-24 16:31 . 2009-12-24 16:31 152576 ----a-w- c:\documents and settings\New User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-23 21:05 . 2009-11-13 16:54 -------- d-----w- c:\program files\Citrix
2009-12-21 18:50 . 2008-08-02 00:23 3044 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-20 20:50 . 2009-12-20 20:50 28 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-14 23:50 . 2008-08-05 05:10 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-13 16:54 . 2009-11-13 16:54 70984 ----a-w- c:\documents and settings\New User\g2mdlhlpx.exe
2009-11-04 20:08 . 2009-08-03 19:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-30 20:11 . 2009-12-22 22:00 288096 ----a-r- c:\documents and settings\New User\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-08-07 77824]
"Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2002-02-14 651264]
"Matrox PC-VCR Scheduler"="c:\program files\Matrox Video Tools\PC-VCRScheduler.exe" [2001-12-18 286720]
"CarMD"="c:\program files\CarMD\CarMD.exe" [2007-12-11 1318912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\New User\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-6-18 147456]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/19/2009 7:01 AM 266240]
S2 MtxVideo;Matrox WDM capture/crossbar driver;c:\windows\system32\drivers\mtxvideo.sys [7/21/2008 2:00 PM 103296]
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\New User\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\New User\Application Data\Mozilla\Firefox\Profiles\aq6utwa9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - swagbucks.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1<mpl=default<mplcache=2
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\New User\Application Data\Mozilla\Firefox\Profiles\aq6utwa9.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\New User\Application Data\Mozilla\Firefox\Profiles\aq6utwa9.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-9A9E-3AF287E2699B} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-12-26 19:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\PDesk\PDKERNEL.DLL
c:\windows\system32\PDesk\PDTOOLS.DLL
c:\windows\system32\PDesk\PDRESENG.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\mgabg.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-26 19:14:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 03:13

Pre-Run: 8,382,582,784 bytes free
Post-Run: 8,808,763,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 55A86615E9C5B016F6B9497A7E2F67FB
Posted 12/27/2009 3:17 AM
#81359
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
Guess what!!! I just tried to log into my gmail account and now I can.
Posted 12/27/2009 4:42 PM
#81368
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Very good. That ComboFix method is not without risks, so not really one to use very often. You should minimize logging into any secure sites at this time, at least until we have removed all the infection. Then you will need to change all secure passwords and logins to make sure nothing is compromised.

There is a malware driver file now showing but no indication of a service tied to it. Instead of using these more aggressive measures let's rely on a scan to check things right now.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.



Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

Run a new RSIT scan and post that main log along with the Malwarebytes log please.
Posted 12/28/2009 6:27 PM
#81394
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
Malwarebytes' Anti-Malware 1.42
Database version: 3444
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2009 10:25:08 AM
mbam-log-2009-12-28 (10-25-08).txt

Scan type: Quick Scan
Objects scanned: 103699
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\ezkpgqc.sys (Rootkit.Agent) -> Quarantined and deleted successfully.




Logfile of random's system information tool 1.06 (written by random/random)
Run by New User at 2009-12-28 10:26:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (44%) free of 19 GB
Total RAM: 511 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:46 AM, on 12/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\CarMD\CarMD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\New User\My Documents\Downloads\RSIT(3).exe
C:\Program Files\trend micro\New User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Matrox PC-VCR Scheduler] "C:\Program Files\Matrox Video Tools\PC-VCRScheduler.exe"
O4 - HKLM\..\Run: [CarMD] C:\Program Files\CarMD\CarMD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\New User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

--
End of file - 4514 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-08-06 501384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-08-06 77824]
"Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe [2002-02-14 651264]
"Matrox PC-VCR Scheduler"=C:\Program Files\Matrox Video Tools\PC-VCRScheduler.exe [2001-12-18 286720]
"CarMD"=C:\Program Files\CarMD\CarMD.exe [2007-12-11 1318912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\New User\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-12-28 10:11:20 ----D---- C:\Documents and Settings\New User\Application Data\Malwarebytes
2009-12-28 10:11:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-28 10:11:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-26 19:28:02 ----SD---- C:\ComboFix
2009-12-26 19:14:14 ----D---- C:\WINDOWS\temp
2009-12-26 18:56:17 ----A---- C:\Boot.bak
2009-12-26 18:56:11 ----RASHD---- C:\cmdcons
2009-12-26 18:54:28 ----A---- C:\WINDOWS\zip.exe
2009-12-26 18:54:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-26 18:54:28 ----A---- C:\WINDOWS\SWSC.exe
2009-12-26 18:54:28 ----A---- C:\WINDOWS\SWREG.exe
2009-12-26 18:54:28 ----A---- C:\WINDOWS\sed.exe
2009-12-26 18:54:28 ----A---- C:\WINDOWS\PEV.exe
2009-12-26 18:54:28 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-26 18:54:28 ----A---- C:\WINDOWS\MBR.exe
2009-12-26 18:54:28 ----A---- C:\WINDOWS\grep.exe
2009-12-26 18:53:15 ----D---- C:\WINDOWS\ERDNT
2009-12-26 18:41:02 ----D---- C:\Config.Msi
2009-12-24 12:08:06 ----D---- C:\Qoobox
2009-12-24 10:40:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-24 10:40:27 ----D---- C:\Program Files\SmartPCTools
2009-12-24 08:49:27 ----D---- C:\Program Files\trend micro
2009-12-24 08:49:24 ----D---- C:\rsit
2009-12-24 08:38:22 ----D---- C:\Documents and Settings\New User\Application Data\Uniblue
2009-12-23 14:50:23 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-23 14:49:29 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-23 14:49:29 ----D---- C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
2009-12-23 12:20:42 ----D---- C:\WINDOWS\CSC
2009-12-23 11:30:07 ----D---- C:\Documents and Settings\New User\Application Data\Opera
2009-12-23 11:29:32 ----D---- C:\Program Files\Opera
2009-12-22 14:16:20 ----A---- C:\resetlog.txt
2009-12-22 13:57:47 ----D---- C:\Documents and Settings\New User\Application Data\McAfee
2009-12-21 12:24:24 ----D---- C:\Program Files\McAfee
2009-12-21 10:45:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-09 11:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 11:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 11:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 11:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 11:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2009-12-28 10:26:44 ----D---- C:\WINDOWS\Prefetch
2009-12-28 10:25:08 ----D---- C:\WINDOWS\system32\drivers
2009-12-28 10:11:11 ----D---- C:\Program Files
2009-12-28 10:06:58 ----D---- C:\Documents and Settings\New User\Application Data\LimeWire
2009-12-28 09:58:17 ----D---- C:\Program Files\Mozilla Firefox
2009-12-26 19:29:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-26 19:14:14 ----D---- C:\WINDOWS
2009-12-26 19:12:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-26 19:06:16 ----A---- C:\WINDOWS\system.ini
2009-12-26 19:03:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-26 19:01:07 ----D---- C:\WINDOWS\AppPatch
2009-12-26 19:01:06 ----D---- C:\WINDOWS\system32
2009-12-26 19:01:02 ----D---- C:\Program Files\Common Files
2009-12-26 18:56:17 ----RASH---- C:\boot.ini
2009-12-26 18:41:10 ----SHD---- C:\WINDOWS\Installer
2009-12-26 18:27:15 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-12-26 17:34:17 ----SD---- C:\WINDOWS\Tasks
2009-12-26 14:06:39 ----D---- C:\Documents and Settings\New User\Application Data\Adobe
2009-12-24 12:52:52 ----A---- C:\WINDOWS\win.ini
2009-12-24 09:57:52 ----D---- C:\WINDOWS\Minidump
2009-12-23 14:13:36 ----SHD---- C:\System Volume Information
2009-12-23 14:13:36 ----D---- C:\WINDOWS\system32\Restore
2009-12-23 13:54:41 ----D---- C:\WINDOWS\pss
2009-12-23 13:05:51 ----D---- C:\Program Files\Citrix
2009-12-23 13:05:39 ----HD---- C:\WINDOWS\inf
2009-12-23 13:04:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-23 13:04:11 ----D---- C:\Program Files\Internet Explorer
2009-12-23 10:18:32 ----D---- C:\WINDOWS\network diagnostic
2009-12-21 14:13:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-21 12:53:00 ----A---- C:\WINDOWS\imsins.BAK
2009-12-21 12:33:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-21 11:59:46 ----D---- C:\WINDOWS\system32\config
2009-12-21 11:59:03 ----D---- C:\WINDOWS\system32\wbem
2009-12-21 11:59:01 ----D---- C:\WINDOWS\Registration
2009-12-21 11:45:25 ----D---- C:\Documents and Settings
2009-12-09 11:10:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-01 12:06:19 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R2 RR2Ctrl;RR2Ctrl; C:\WINDOWS\system32\drivers\RR2Ctrl.sys [2001-12-18 64520]
R2 RR2IOMod;RR2IOMod; C:\WINDOWS\system32\drivers\RR2IOMod.sys [2001-12-18 7449]
R2 RR2Mjpeg;RR2Mjpeg; C:\WINDOWS\system32\drivers\RR2Mjpeg.sys [2001-12-18 85449]
R2 RR2Vbi;RR2Vbi; C:\WINDOWS\system32\drivers\RR2Vbi.sys [2001-12-18 20215]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 G400DH;G400DH; C:\WINDOWS\system32\DRIVERS\g400dhm.sys [2002-02-14 316416]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 MtxVideo;Matrox WDM capture/crossbar driver; C:\WINDOWS\system32\DRIVERS\MtxVideo.sys [2001-08-17 103296]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-17 322432]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-12-22 259584]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CSHelper;CopySafe Helper Service; C:\WINDOWS\system32\CSHelper.exe [2009-02-19 266240]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2002-01-16 81920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Posted 12/29/2009 1:22 AM
#81400
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Good, looking cleaned up right now. Let's do one additional scan to make sure nothing remains.


Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
Posted 12/29/2009 9:38 PM
#81422
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
I downloaded the ESET Online Scanner but I did not receive a log to post. I did get any of this



****Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).****

And when I whe to the C:\Program Files\EsetOnlineScanner\ and tried to open the file log.txt I got Windows could not find this file.



But I did have 2 of the same items quarintend.
Posted 12/30/2009 12:17 AM
#81423
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
What you quoted in the last post are items that show when settings up the scan. This part:

"A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please."


I would have liked to have seen what it located, but if it removed those items we will have to assume that verifies no malware there now. Before we start doing some final steps here to clean up what our work added to your system, post back how things are running now please.
Posted 12/30/2009 4:54 PM
#81457
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
Oh wait I think I found it could it be this??

C:\Documents and Settings\New User\My Documents\LimeWire\Incomplete\T-3397325-relax.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\New User\My Documents\LimeWire\Incomplete\T-5078290-heatwave.wav a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
Posted 12/30/2009 11:48 PM
#81462
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Those appear to be from an Eset log. And also often answer the question, "How did I get infected?" Torrent use/file swapping is the number one answer, and these Wimad variant infected music files (see here) match that.

C:\Documents and Settings\New User\My Documents\LimeWire\Incomplete\T-3397325-relax.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\New User\My Documents\LimeWire\Incomplete\T-5078290-heatwave.wav a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

But looking clean at this time. You did well there. Before we do some final cleaning up steps, post back how things are running please.
Posted 12/31/2009 1:24 AM
#81463
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
My computer is running just fine.
Posted 12/31/2009 11:40 PM
#81471
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Very good - just some last steps now and we complete our work here.


You have older and more vulnerable Java version(s) installed there, so need to remove those and update to the latest version of that.


Go here and download the latest version of Sun Java Java Runtime Environment (JRE) JRE 6 Update 17. The current file name for that is jre-6u17-windows-i586.exe. I recommend you choose to download the "Windows Offline Installation" by clicking on that file to download it.

When you have done that, Go to Add/Remove Programs in Control Panel and uninstall all versions Java/JRE (Sun Java Runtime Environment/J2SE Runtime Environment) showing below, and reboot after.

Java(TM) SE Runtime Environment 6

Then be sure to disable all security software, and click that downloaded jre-6u17-windows-i586.exe to install the latest Java version there, being sure to reboot after.


Then be sure to disable all security software, and click that downloaded jre-6u14-windows-i586.exe to install the latest Java version there, being sure to reboot after.

------------------

Then you can also delete any files/folders we created there.

Installed softwares, like Eset, if you don't plan to use it again, uninstall through Add/Remove Programs.


You can also at this time delete the files/folders of the tools we used. To assist with some of that download OTC.exe by OldTimer to your desktop. This will help by automatically removing some of the tools we used.

Just click OTC.exe, then click CleanUp, and select Yes. When it finishes removing some of the tools and files we used there just agree to the reboot, and OTC should self-delete once the system has rebooted (if not just delete the OTC.exe file).

-------------------------

Then a good idea is to reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.

You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.

When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.


In addition, I like to recommend reviewing the information Here to make sure you stay malware free.
Posted 1/3/2010 10:03 PM
#81575
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
OK all is done.
Posted 1/3/2010 11:50 PM
#81578
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
You should be back on track there now. :smile:
Posted 1/4/2010 12:19 AM
#81582
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
Is there anywhere on here that I send you a donation??
Posted 1/4/2010 3:55 AM
#81587
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Your thanks is good enough. :smile:
Posted 1/4/2010 4:17 AM
#81590
User avatar

reecee2606 Valued member

Date Joined Nov 2016
Total Posts: 14
Thank you for assistance through all this.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, August 18, 2022, 6:24 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
32 Guest(s), 0 Registered Member(s) are currently online.