Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

RSIT log +MBAM +SecurityProviders

Register FAQ Members List Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 6th September 2008   #1
WindowsBBS Team Member
Lifetime Subscription
 
Whiskeyman's Avatar
 
Profile:
Join Date: Sep 2005
Location: Central NY / Snow country
Posts: 1,305
Computer Experience:
Intermedienced
Whiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation Level

My System

RSIT log +MBAM +SecurityProviders
I am on a PC that was infected by Vista AntiVirus 2009. I had installed MBAM v 1.00 awhile back when cleaning this for previous infections for the owner. The only way to get back on the Internet was to run MBAM and AntiVir several times. After reading the warning about the issue about MBAM v 1.00 - 1.25 and SecurityProviders I decided to follow noahdfear's advice and post the RSIT log. I can see the commas are omitted. Should I run the tool from MBAM or edit the registry?

Logfile of random's system information tool (written by random/random)
Run by Buc at 2008-09-05 19:08:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 65 GB (85%) free of 76 GB
Total RAM: 759 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:10 PM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Buc\Desktop\RSIT.exe
C:\hjt\Buc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176029080890
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52636D2D-BA43-4A7C-8430-A7C24E9432AD}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{52636D2D-BA43-4A7C-8430-A7C24E9432AD}: NameServer = 166.102.165.11 166.102.165.13
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6180 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-16 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"lxcymon.exe"=C:\Program Files\Lexmark 3400 Series\lxcymon.exe [2007-06-25 291504]
"EzPrint"=C:\Program Files\Lexmark 3400 Series\ezprint.exe [2007-06-25 82608]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-06-25 295600]
"LXCYCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll []
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-12-04 36640]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssse rv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdssse rv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Upload Mgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabl ed:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\WINDOWS\system32\lxcycoms.exe"="C:\WINDOWS\system32\lxcycoms.exe:*:Enab led:Lexmark Communications System"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-05 19:08:02 ----D---- C:\rsit
2008-09-01 17:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-01 17:10:20 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-01 17:09:41 ----D---- C:\WINDOWS\Prefetch
2008-09-01 17:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-01 17:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-01 17:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-01 17:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-01 17:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-01 17:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-01 17:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-01 17:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-01 17:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-01 17:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-01 17:04:14 ----A---- C:\WINDOWS\setuplog.txt
2008-09-01 17:03:21 ----D---- C:\WINDOWS\system32\scripting
2008-09-01 17:03:20 ----D---- C:\WINDOWS\l2schemas
2008-09-01 17:03:19 ----D---- C:\WINDOWS\system32\en
2008-09-01 17:03:19 ----D---- C:\WINDOWS\system32\bits
2008-09-01 16:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-01 16:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-01 16:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-01 16:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-01 16:32:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-01 16:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-01 16:31:38 ----A---- C:\WINDOWS\imsins.BAK
2008-09-01 16:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-01 16:20:30 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-01 16:20:30 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-01 16:20:30 ----A---- C:\WINDOWS\system32\java.exe
2008-09-01 15:53:50 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-30 21:15:50 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2008-08-30 19:56:17 ----D---- C:\Documents and Settings\Buc\Application Data\Malwarebytes
2008-08-30 19:56:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 19:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 14:17:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-30 14:17:25 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-30 14:17:25 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-30 14:17:16 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-30 14:17:14 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-30 14:17:14 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-30 14:17:13 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-30 14:17:13 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-30 14:17:12 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-30 14:17:12 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-30 14:17:07 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-30 14:16:59 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-30 14:16:59 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-30 14:16:59 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-30 14:16:58 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-30 14:16:58 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-30 14:16:50 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-30 14:16:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-30 14:16:50 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-30 14:16:50 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-30 14:16:43 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-30 14:16:43 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-30 14:16:42 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-30 14:16:42 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-30 14:16:42 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-30 14:16:42 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-30 14:16:31 ----A---- C:\WINDOWS\005396_.tmp
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-30 14:16:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-30 14:16:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-30 14:16:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-30 14:16:26 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-30 14:16:22 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-30 14:16:22 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-30 14:16:18 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-07-09 17:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-23 03:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-15 09:48:07 ----D---- C:\Program Files\Java
2008-06-15 09:47:17 ----D---- C:\Program Files\Common Files\Java
2008-06-15 09:39:58 ----D---- C:\Program Files\SpywareBlaster
2008-06-14 22:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-14 22:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-14 22:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-14 22:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
2008-06-14 16:43:53 ----D---- C:\Program Files\Avira
2008-06-14 16:43:53 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-14 16:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7

List of drivers

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-17 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\system32\DRIVERS\enethusb.sys [2003-11-26 28857]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-07-17 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-30 149761]
R2 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2007-06-20 537264]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-09 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-22 208896]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Whiskeyman is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 6th September 2008   #2
Staff
Lifetime Subscription
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 3,843
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi Whiskeyman

OK follow Daves instructions. We posted at the same time.

Geri
Geri is online now   Reply With Quote
Old 6th September 2008   #3
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 10,960
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

First, update MBAM and run it again. I believe those values will be tagged and fixed. If not, create and merge the following reg file.

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
noahdfear is online now   Reply With Quote
Old 6th September 2008   #4
WindowsBBS Team Member
Lifetime Subscription
 
Whiskeyman's Avatar
 
Profile:
Join Date: Sep 2005
Location: Central NY / Snow country
Posts: 1,305
Computer Experience:
Intermedienced
Whiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation Level

My System

I'll hook the other PC up and try both methods. Let you know how it goes.
Whiskeyman is offline   Reply With Quote
Old 6th September 2008   #5
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 10,960
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Let me know also what the version # shows on MBAM after update.

Thanks!
noahdfear is online now   Reply With Quote
Old 6th September 2008   #6
WindowsBBS Team Member
Lifetime Subscription
 
Whiskeyman's Avatar
 
Profile:
Join Date: Sep 2005
Location: Central NY / Snow country
Posts: 1,305
Computer Experience:
Intermedienced
Whiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation LevelWhiskeyman Reputation Level

My System

I had updated MBAM once I ran v 1.00 and was able to access the Internet. When I checked it just awhile ago it still showed as v 1.00, so I uninstalled it in Add/Remove and transferred v 1.26 from my thumbdrive. After running a scan with v 1.26 there was no change to SecurityProviders in the new RSIT log. I then ran the .reg file and found that it fixed the problem when I opened regedit.

Thanks Dave, now I can return this to the owner and await a call that it is infected again. It seems no matter how many anti-malware apps I install, he can find the wrong things to click on. Next step will be Net Nanny to block all adult sites.
Whiskeyman is offline   Reply With Quote
Old 7th September 2008   #7
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 10,960
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Thanks for testing for us.
noahdfear is online now   Reply With Quote
Reply

« [Resolved] [Unable to connect to internet, use messenger or AVG, etc] | My computer is restarting automatically. »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Update will not install kesher General Security 6 23rd July 2007 18:33
Server log in is rejected anniets Networking 1 20th April 2007 21:52
Log on screen won't go away Panfly Windows XP 2 7th December 2004 05:09
Need some help with Hijackthis log BillB Malware and Virus Removal 7 28th October 2004 14:47
Start Dreck Log need help! HJT log posted Proudmoms Malware and Virus Removal 14 23rd September 2004 18:55


All times are GMT +1. The time now is 04:47.




Contact Us - Windows BBS - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0
Copyright © 2002 - 2008 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[
]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32