1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Connected to LAN, but will not connect to Internet or update

Discussion in 'Malware and Virus Removal Archive' started by Ryman, 2009/02/14.

  1. 2009/02/14
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    [Active] Connected to LAN, but will not connect to Internet or update

    Hello, I have recently started having problems with my Dell M1210 laptop. Within the past week, it quick connecting to the Internet and will not update any programs. However, strangely, Azures will still continue my downloads. Outlook will also retreive mail. However, I can not get on the Internet via IE 7 or Firefox 3.0. I have run Malwarebytes, McAfee virus scan, and Microsoft Windows Malicious Software Removal Tool. I also managed to run Spybot S&D. However, none of these have resolved my issue. Therefore, I have included the following information: my ipconfig results, hijackthis.log, and DDS.txt files. Please let me know if you figure something out!! Thank you very much for your help ahead of time.

    ****RESULTS OF ipconfig /all

    Windows IP Configuration



    Host Name . . . . . . . . . . . . : BREED_BOOK

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Peer-Peer

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

    Physical Address. . . . . . . . . : 00-15-C5-3E-B6-D8



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

    Physical Address. . . . . . . . . : 00-13-02-BB-8D-1D

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.101

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    IP Address. . . . . . . . . . . . : fe80::213:2ff:febb:8d1d%5

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 192.168.1.1

    fec0:0:0:ffff::1%2

    fec0:0:0:ffff::2%2

    fec0:0:0:ffff::3%2

    Lease Obtained. . . . . . . . . . : Saturday, February 14, 2009 12:09:47 PM

    Lease Expires . . . . . . . . . . : Saturday, February 14, 2009 1:09:47 PM



    Tunnel adapter Teredo Tunneling Pseudo-Interface:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

    Physical Address. . . . . . . . . : 00-00-C1-10-BE-E8-A5-F9

    Dhcp Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 2001:0:4137:9e50:0:c110:bee8:a5f9

    IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

    Default Gateway . . . . . . . . . : ::

    NetBIOS over Tcpip. . . . . . . . : Disabled



    Tunnel adapter Automatic Tunneling Pseudo-Interface:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

    Physical Address. . . . . . . . . : C0-A8-01-65

    Dhcp Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.101%2

    Default Gateway . . . . . . . . . :

    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

    fec0:0:0:ffff::2%2

    fec0:0:0:ffff::3%2

    NetBIOS over Tcpip. . . . . . . . : Disabled

    ****RESULTS OF hijackthis.log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:10:32 PM, on 2/14/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\stacsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\RMClock\RMClock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/e...=force&dtag=2fqkcb1&langid=1&systempopup=true
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.hyosungmotorsusa.com/CAB/smsx.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1185245057390
    O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8501C6-8308-42F1-AA80-55267AADE9B7}: NameServer = 10.254.1.253,4.2.2.2
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ASTSRV - Unknown owner - C:\Windows\System32\ASTSRV.exe (file missing)
    O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 10815 bytes

    ***Results of DDS.scr saved as DDS.txt

    DDS (Ver_09-02-01.01) - NTFSx86
    Run by Ryan at 15:39:38.73 on Sat 02/14/2009
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1359 [GMT -5:00]

    AV: McAfee VirusScan *On-access scanning enabled* (Updated)
    FW: McAfee Personal Firewall *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    svchost.exe
    C:\WINDOWS\system32\stacsv.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\RMClock\RMClock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    E:\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/mpfplus/en-us/redir.asp?affid=105-79&installtype=force&dtag=2fqkcb1&langid=1&systempopup=true
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    uRun: [RMClock] "c:\program files\rmclock\RMClockLauncher.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [nwiz] nwiz.exe /install
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    uPolicies-explorer: NoStrCmpLogical = 1 (0x1)
    uPolicies-explorer: NoSMHelp = 01000000
    uPolicies-explorer: NoNetworkConnections = 00000000
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    uPolicies-explorer: HideClock = 0 (0x0)
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    mPolicies-explorer: NoChangeAnimation = 1 (0x1)
    mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
    mPolicies-explorer: NoResolveTrack = 0 (0x0)
    mPolicies-explorer: NoFileAssociate = 0 (0x0)
    mPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.hyosungmotorsusa.com/CAB/smsx.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185245057390
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: {5E8501C6-8308-42F1-AA80-55267AADE9B7} = 10.254.1.253,4.2.2.2
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ryan\applic~1\mozilla\firefox\profiles\nwr6pfng.default\
    FF - prefs.js: browser.startup.homepage - www.msn.com
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

    ============= SERVICES / DRIVERS ===============

    R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-7-11 14912]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-18 201320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-18 359248]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-9-18 144704]
    R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-9-18 695624]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-18 79304]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-18 35240]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-18 40488]
    R3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2008-12-12 4608]
    S2 ASTSRV;ASTSRV;c:\windows\system32\astsrv.exe --> c:\windows\system32\ASTSRV.exe [?]
    S2 BBDemon;Backbone Service;c:\program files\dassault systemes\b16\intel_a\code\bin\CATSysDemon.exe [2005-9-6 35840]
    S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-4-10 62794]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-18 33832]

    =============== Created Last 30 ================

    2009-02-14 15:06 <DIR> --d----- c:\program files\Trend Micro
    2009-02-12 11:15 <DIR> --d----- c:\docume~1\ryan\applic~1\Malwarebytes
    2009-02-12 11:15 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-02-12 11:15 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-12 11:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-02-12 11:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-02-12 00:40 <DIR> --d----- c:\program files\Cisco Systems
    2009-02-03 19:57 171 a------- c:\windows\_vmtxp.ini
    2009-02-03 19:24 <DIR> --d----- C:\Intel
    2009-02-03 18:24 <DIR> --d----- c:\docume~1\ryan\applic~1\IObit
    2009-02-03 18:16 <DIR> --d----- c:\program files\DAP
    2009-02-03 18:06 1,584 a------- c:\windows\VPNUnInstall.MIF
    2009-02-03 11:01 4 a------- c:\windows\system32\gaopdxcounter
    2009-02-01 12:22 <DIR> --d----- C:\33122c8b0c1f3ae7570b6d11
    2009-01-24 13:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\myitlab
    2009-01-19 15:46 <DIR> --d----- c:\program files\Total Video Converter

    ==================== Find3M ====================

    2009-02-14 12:19 256,372 a------- c:\windows\system32\nvModes.dat
    2008-12-11 15:00 87,608 a------- c:\docume~1\ryan\applic~1\inst.exe
    2008-12-11 15:00 47,360 a------- c:\docume~1\ryan\applic~1\pcouffin.sys
    2008-02-26 00:31 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
    2008-01-18 16:02 1 a------- c:\documents and settings\ryan\SI.bin
    2007-07-24 19:00 251 a------- c:\program files\wt3d.ini
    2008-06-02 17:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060220080603\index.dat

    ============= FINISH: 15:40:07.05 ===============

    Thank you!!!
     
  2. 2009/02/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Ryman :)


    Please visit the following webpage for instructions for downloading and running ComboFix

    How to use ComboFix


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
     

  3. to hide this advert.

  4. 2009/02/17
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    Cannot run ComboFix since the laptop does not have internet connection. I am currently using my desktop to post on here. I attempted to run ComboFix from my flash drive with no success. Furthermore, I am not able to copy anything from my flash drive to my laptop.

    Edit: I also just tried to copy something from C:/ to somewhere else on C:/ and it would not work. It will allow me to cut/copy, but it is as if paste is disabled.
     
    Last edited: 2009/02/17
  5. 2009/02/18
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    With ComboFix.exe on the flash drive plugged in, open a command window and type the following command, replacing the x with the appropriate drive letter for your flash drive, then Hit Enter.

    copy x:\combofix.exe c:\runthis.exe
     
  6. 2009/02/18
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    I tried doing this and successfully copied the file over to my C:\ drive. However, it is giving me the same error that it gave me before when I attempted to run it from the flash drive.

    Error box:
    Some installation files are corrupt. Please download a fresh copy and retry the installation.
     
  7. 2009/02/18
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    ComboFix results

    I went directly to the source to redownload ComboFix and managed to successfully run it on my laptop from my flash drive. Attached below is the log file from the ComboFix run. I could not manage to deactivate my McAfee anti-virus or the McAfee firewall since I do not have a task bar or start menu. I also cannot connect to the internet so the Recovery Console could not be installed either.

    ComboFix 09-02-17.02 - Ryan 2009-02-18 16:12:25.1 - NTFSx86
    Running from: E:\ComboFix.exe
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Ryan\Application Data\inst.exe
    c:\windows\system32\gaopdxcounter
    c:\windows\system32\uuddc32.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
    .

    2009-02-18 15:39 . 2009-02-17 23:47 1,481,760 --a------ C:\runthis.exe
    2009-02-14 21:17 . 2009-02-14 21:17 <DIR> d-------- c:\program files\IObit
    2009-02-14 21:17 . 2009-02-14 21:17 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-02-14 15:06 . 2009-02-14 15:06 <DIR> d-------- c:\program files\Trend Micro
    2009-02-12 11:15 . 2009-02-12 11:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-12 11:15 . 2009-02-12 11:15 <DIR> d-------- c:\documents and settings\Ryan\Application Data\Malwarebytes
    2009-02-12 11:15 . 2009-02-12 11:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-12 11:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-12 11:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-12 00:40 . 2009-02-12 00:40 <DIR> d-------- c:\program files\Cisco Systems
    2009-02-03 19:57 . 2009-02-12 00:00 171 --a------ c:\windows\_vmtxp.ini
    2009-02-03 19:24 . 2009-02-03 19:24 <DIR> d-------- C:\Intel
    2009-02-03 18:24 . 2009-02-03 19:21 <DIR> d-------- c:\documents and settings\Ryan\Application Data\IObit
    2009-02-03 18:17 . 2009-02-13 20:23 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-02-03 18:16 . 2009-02-13 20:31 <DIR> d-------- c:\program files\DAP
    2009-02-03 18:06 . 2009-02-12 11:12 1,584 --a------ c:\windows\VPNUnInstall.MIF
    2009-02-01 12:22 . 2009-02-01 12:23 <DIR> d-------- C:\33122c8b0c1f3ae7570b6d11
    2009-01-31 18:20 . 2009-02-05 10:53 <DIR> d-------- c:\documents and settings\Ryan\Application Data\vlc
    2009-01-24 13:26 . 2009-02-07 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\myitlab
    2009-01-19 15:46 . 2009-01-19 15:46 <DIR> d-------- c:\program files\Total Video Converter

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-15 00:33 --------- d-----w c:\documents and settings\Ryan\Application Data\Azureus
    2009-02-14 18:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-07 23:50 --------- d-----w c:\documents and settings\Ryan\Application Data\HPAppData
    2009-02-04 00:34 --------- d-----w c:\program files\NVIDIA nTune Performance Application
    2009-01-27 04:49 --------- d-----w c:\program files\Azureus
    2009-01-26 03:37 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-01-24 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2009-01-20 16:27 --------- d-----w c:\program files\AIM6
    2009-01-15 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-04 22:14 --------- d-----w c:\program files\nLite
    2009-01-03 20:23 --------- d-----w c:\documents and settings\Ryan\Application Data\Vso
    2008-12-26 18:16 --------- d-----w c:\program files\CCleaner
    2008-12-20 04:01 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-11 20:00 47,360 ----a-w c:\documents and settings\Ryan\Application Data\pcouffin.sys
    2008-02-26 05:31 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2008-01-18 21:02 1 ----a-w c:\documents and settings\Ryan\SI.bin
    2007-07-25 00:00 251 ----a-w c:\program files\wt3d.ini
    2008-06-02 22:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008060220080603\index.dat
    .

    ------- Sigcheck -------

    2004-08-10 06:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\$NtServicePackUninstall$\svchost.exe
    2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\ServicePackFiles\i386\svchost.exe
    2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\system32\svchost.exe

    2005-03-02 13:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\$NtServicePackUninstall$\user32.dll
    2008-04-13 19:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\ServicePackFiles\i386\user32.dll
    2008-04-13 19:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\user32.dll

    2004-08-10 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
    2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\ServicePackFiles\i386\ws2_32.dll
    2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\system32\ws2_32.dll

    2006-03-03 22:58 663552 c0845ecbf4f9164e618ee381b79c9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
    2007-04-25 04:08 823808 431defbb4a3d7b0dc062c1b064623a2f c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
    2007-06-27 09:40 824320 d6ed5e042c5207553e7f5e842918137f c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
    2007-08-20 05:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    2007-10-10 18:47 825344 0e5d918f87efa7d2424d66b499c7eb04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    2007-12-06 21:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    2008-03-01 08:03 827392 6316c2f0c61271c8abdff7429174879e c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    2008-04-22 22:35 827392 41546b396a526918da7995a02ea04e51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    2008-06-23 11:01 827904 c66402a06b83b036c195242c0c8cf83c c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    2008-08-26 04:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    2008-10-16 15:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
    2006-03-03 22:58 663552 c0845ecbf4f9164e618ee381b79c9032 c:\windows\ie7\wininet.dll
    2006-11-07 20:03 818688 92995334f993e6e49c25c6d02ec04401 c:\windows\ie7updates\KB933566-IE7\wininet.dll
    2007-04-25 03:41 822784 0586a7f0b2fdb94d624f399d4728e7c8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
    2007-06-27 09:34 823808 8068cbb58fe60cc95aeb2cff70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
    2007-08-20 05:04 824832 774435e499d8e9643ec961a6103c361f c:\windows\ie7updates\KB942615-IE7\wininet.dll
    2007-10-10 18:56 824832 30c1e0f34ad2972c72a01db5c74ab065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
    2007-12-06 21:21 824832 806d274c9a6c3aaea5eae8e4af841e04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
    2008-03-01 08:06 826368 ad21461aef8244edec2ef18e55e1dcf3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
    2008-04-22 23:16 826368 f6589be784647cfdbc22ea51ccb1a57a c:\windows\ie7updates\KB953838-IE7\wininet.dll
    2008-06-23 11:57 826368 8c13d4a7479fa0a026eda8abce82c0ed c:\windows\ie7updates\KB956390-IE7\wininet.dll
    2008-08-26 02:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
    2008-04-13 19:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\ServicePackFiles\i386\wininet.dll
    2007-04-18 07:46 665600 4261ba03afd659de04f0a17dfbdd454d c:\windows\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\wininet.dll
    2007-02-20 04:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll
    2007-02-20 04:52 665600 b258c922d22deec880b60720531d7627 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll
    2008-10-16 15:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\system32\wininet.dll

    2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtServicePackUninstall$\tcpip.sys
    2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
    2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

    2004-08-10 06:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe
    2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\ServicePackFiles\i386\winlogon.exe
    2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\system32\winlogon.exe

    2004-08-10 06:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
    2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
    2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

    2004-08-10 06:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
    2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
    2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

    2005-03-01 19:36 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    2008-08-14 14:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    2007-02-28 04:15 2017280 2dfb215e291e3d9b1cf9a6739b3bf16c c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    2008-08-14 04:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    2008-04-13 13:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    2008-08-14 04:33 2023936 8206b5f94a6a9450e934029420c1693f c:\windows\system32\ntkrnlpa.exe

    2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    2008-08-14 15:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    2007-02-28 04:53 2137600 e6679c3023b17d8b78946bc5df53fa20 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    2008-08-14 05:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\Driver Cache\i386\ntoskrnl.exe
    2008-04-13 14:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    2008-08-14 05:09 2145280 f6f8245b3a2e9ca834dd318e7ae0c6d0 c:\windows\system32\ntoskrnl.exe

    2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\explorer.exe
    2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\$NtServicePackUninstall$\explorer.exe
    2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\ServicePackFiles\i386\explorer.exe

    2004-08-10 06:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\$NtServicePackUninstall$\services.exe
    2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\ServicePackFiles\i386\services.exe
    2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\system32\services.exe

    2004-08-10 06:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\$NtServicePackUninstall$\lsass.exe
    2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\ServicePackFiles\i386\lsass.exe
    2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\system32\lsass.exe

    2004-08-10 06:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
    2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\ServicePackFiles\i386\ctfmon.exe
    2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\system32\ctfmon.exe

    2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
    2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\ServicePackFiles\i386\spoolsv.exe
    2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\system32\spoolsv.exe

    2004-08-10 06:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
    2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
    2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

    2005-03-10 02:49 295424 c29a5286e64d97385178452d5f307b98 c:\windows\$NtServicePackUninstall$\termsrv.dll
    2008-04-13 19:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\ServicePackFiles\i386\termsrv.dll
    2008-04-13 19:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\termsrv.dll

    2007-04-16 11:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    2007-04-16 10:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\$NtServicePackUninstall$\kernel32.dll
    2008-04-13 19:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\ServicePackFiles\i386\kernel32.dll
    2008-04-13 19:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\system32\kernel32.dll

    2004-08-10 06:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\$NtServicePackUninstall$\powrprof.dll
    2008-04-13 19:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\ServicePackFiles\i386\powrprof.dll
    2008-04-13 19:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\system32\powrprof.dll

    2004-08-10 06:00 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\$NtServicePackUninstall$\imm32.dll
    2008-04-13 19:11 110080 0da85218e92526972a821587e6a8bf8f c:\windows\ServicePackFiles\i386\imm32.dll
    2008-04-13 19:11 110080 0da85218e92526972a821587e6a8bf8f c:\windows\system32\imm32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RMClock "= "c:\program files\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-09-19 8491008]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
    "IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
    "ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "CoolSwitch "= "c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "ISUSPM Startup "= "c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
    "SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
    "nwiz "= "nwiz.exe" [2007-09-19 c:\windows\system32\nwiz.exe]
    "NVHotkey "= "nvHotkey.dll" [2007-09-19 c:\windows\system32\nvhotkey.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoChangeAnimation "= 1 (0x1)
    "NoStrCmpLogical "= 1 (0x1)
    "NoResolveTrack "= 0 (0x0)
    "NoFileAssociate "= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg "= 1 (0x1)
    "NoStrCmpLogical "= 1 (0x1)
    "NoSMHelp "= 01000000
    "NoNetworkConnections "= 00000000
    "NoViewOnDrive "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.JDCT "= jl_jdct.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2006-11-13 12:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    --a------ 2007-09-04 19:25 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SCardSvr "=3 (0x3)
    "RasMan "=3 (0x3)
    "RasAuto "=3 (0x3)
    "CiSvc "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\WINDOWS\\system32\\dlcccoms.exe "=
    "c:\\Program Files\\Azureus\\Azureus.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE "=
    "c:\\Program Files\\Dtella@Purdue\\dtella.exe "=
    "c:\\Program Files\\ApexDC++\\ApexDC.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP "= 3540:UDP:peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest "= 1 (0x1)

    R2 ASTSRV;ASTSRV; [x]
    R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [2005-09-06 35840]
    S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-07-11 14912]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - NVR0DEV
    *Deregistered* - AegisP
    *Deregistered* - AFD
    *Deregistered* - Arp1394
    *Deregistered* - BBDemon
    *Deregistered* - Beep
    *Deregistered* - Bonjour Service
    *Deregistered* - Browser
    *Deregistered* - Cdfs
    *Deregistered* - Compbatt
    *Deregistered* - DcomLaunch
    *Deregistered* - Dhcp
    *Deregistered* - dlcc_device
    *Deregistered* - dmio
    *Deregistered* - dmload
    *Deregistered* - Dnscache
    *Deregistered* - Fastfat
    *Deregistered* - Fips
    *Deregistered* - FltMgr
    *Deregistered* - Ftdisk
    *Deregistered* - Gpc
    *Deregistered* - HTTP
    *Deregistered* - HTTPFilter
    *Deregistered* - Ip6Fw
    *Deregistered* - IpFilterDriver
    *Deregistered* - IpNat
    *Deregistered* - IPSec
    *Deregistered* - JavaQuickStarterService
    *Deregistered* - KSecDD
    *Deregistered* - LanmanServer
    *Deregistered* - lanmanworkstation
    *Deregistered* - LmHosts
    *Deregistered* - LUMDriver
    *Deregistered* - LVPr2Mon
    *Deregistered* - LVPrcSrv
    *Deregistered* - LVSrvLauncher
    *Deregistered* - LVUSBSta
    *Deregistered* - mcmscsvc
    *Deregistered* - McProxy
    *Deregistered* - McShield
    *Deregistered* - McSysmon
    *Deregistered* - mfeavfk
    *Deregistered* - mfebopk
    *Deregistered* - mfehidk
    *Deregistered* - mnmdd
    *Deregistered* - MountMgr
    *Deregistered* - MPFP
    *Deregistered* - MpfService
    *Deregistered* - MRxSmb
    *Deregistered* - Msfs
    *Deregistered* - mssmbios
    *Deregistered* - Mup
    *Deregistered* - NDIS
    *Deregistered* - NdisTapi
    *Deregistered* - Ndisuio
    *Deregistered* - NdisWan
    *Deregistered* - NDProxy
    *Deregistered* - Net Driver HPZ12
    *Deregistered* - NetBIOS
    *Deregistered* - NetBT
    *Deregistered* - Npfs
    *Deregistered* - Ntfs
    *Deregistered* - nTuneService
    *Deregistered* - Null
    *Deregistered* - NVR0Dev
    *Deregistered* - NVSvc
    *Deregistered* - NwlnkIpx
    *Deregistered* - NwlnkNb
    *Deregistered* - NwlnkSpx
    *Deregistered* - OMCI
    *Deregistered* - PartMgr
    *Deregistered* - Pml Driver HPZ12
    *Deregistered* - PptpMiniport
    *Deregistered* - PSched
    *Deregistered* - RasAcd
    *Deregistered* - Rasl2tp
    *Deregistered* - RasPppoe
    *Deregistered* - Raspti
    *Deregistered* - Rdbss
    *Deregistered* - RDPCDD
    *Deregistered* - rdpdr
    *Deregistered* - RTCore32
    *Deregistered* - S24EventMonitor
    *Deregistered* - s24trans
    *Deregistered* - seclogon
    *Deregistered* - sfdrv01
    *Deregistered* - sfhlp02
    *Deregistered* - sfsync02
    *Deregistered* - sptd
    *Deregistered* - sr
    *Deregistered* - Srv
    *Deregistered* - SSDPSRV
    *Deregistered* - STacSV
    *Deregistered* - swenum
    *Deregistered* - Tcpip
    *Deregistered* - Tcpip6
    *Deregistered* - TermDD
    *Deregistered* - Themes
    *Deregistered* - Tosrfcom
    *Deregistered* - tunmp
    *Deregistered* - Update
    *Deregistered* - VgaSave
    *Deregistered* - VolSnap
    *Deregistered* - vsdatant
    *Deregistered* - W32Time
    *Deregistered* - Wanarp
    *Deregistered* - WS2IFSL
    *Deregistered* - wuauserv
    *Deregistered* - WudfPf
    *Deregistered* - WudfSvc

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d65ec0a-342e-11dd-b332-0015c53eb6d8}]
    \Shell\AutoRun\command - e:\portableapps\PortableAppsMenu\PortableAppsMenu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdb866de-22e8-11dd-b314-0015c53eb6d8}]
    \Shell\AutoRun\command - E:\setupSNK.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-04 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

    2009-02-04 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

    2007-12-12 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
    - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

    2007-10-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
    - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/mpfplus/en-us/redir.asp?affid=105-79&installtype=force&dtag=2fqkcb1&langid=1&systempopup=true
    DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    FF - ProfilePath - c:\documents and settings\Ryan\Application Data\Mozilla\Firefox\Profiles\nwr6pfng.default\
    FF - prefs.js: browser.startup.homepage - www.msn.com
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-18 16:14:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-527237240-299502267-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "?? "=hex:18,57,36,85,de,f0,6a,a6,6a,ba,6b,fc,57,34,c6,59,cd,c2,aa,77,27,25,b6,
    83,0b,72,c8,9d,6a,b1,1b,6a,87,11,ce,31,35,e1,d6,6b,d1,32,10,d6,e9,cd,88,7a,\
    "?? "=hex:1b,13,83,d8,d9,05,65,4d,6c,b9,49,df,3b,02,87,1b
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1100)
    c:\windows\system32\netprovcredman.dll
    .
    Completion time: 2009-02-18 16:15:54
    ComboFix-quarantined-files.txt 2009-02-18 21:15:51

    Pre-Run: 53,405,786,112 bytes free
    Post-Run: 53,399,166,976 bytes free

    408 --- E O F --- 2009-01-15 02:12:45
     
  8. 2009/02/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please open the task manager and click File>New Task (Run), type explorer.exe then hit Enter to see if your taskbar and start menu load.
    If successful, try the internet as well.

    Download driver_service_info and run it.
    Press S then Enter for a Services report.
    Press B then Enter for both Active and Inactive Services.
    When prompted, press Y then Enter to gather ServiceGroup and LoadOrderGroup info.
    Copy the contents of the log that opens and paste it in a reply here.


    The log may be too large to fit in one post, requiring you to split it into 2.
     
  9. 2009/02/22
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    Explorer.exe ends up bringing up the My Documents folder. Does not restart explorer at all, just opens the My Docs folder.

    Driver Service Info results:

    ~~~ Service Information report ~~~


    ~~~ svchost Export ~~~

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
    HTTPFilter REG_MULTI_SZ
    HTTPFilter
    LocalService REG_MULTI_SZ
    Alerter
    WebClient
    LmHosts
    RemoteRegistry
    upnphost
    SSDPSRV
    NetworkService REG_MULTI_SZ
    DnsCache
    netsvcs REG_MULTI_SZ
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    wscsvc
    xmlprov
    MHN
    BITS
    wuauserv
    ShellHWDetection
    helpsvc
    WmdmPmSN
    napagent
    hkmsvc
    DcomLaunch REG_MULTI_SZ
    DcomLaunch
    TermService
    rpcss REG_MULTI_SZ
    RpcSs
    imgsvc REG_MULTI_SZ
    StiSvc
    termsvcs REG_MULTI_SZ
    TermService
    WudfServiceGroup REG_MULTI_SZ
    WUDFSvc
    bthsvcs REG_MULTI_SZ
    BthServ
    eapsvcs REG_MULTI_SZ
    eaphost
    dot3svc REG_MULTI_SZ
    dot3svc
    HPZ12 REG_MULTI_SZ
    Pml Driver HPZ12
    Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ
    hpqcxs08
    hpqddsvc
    p2psvc REG_MULTI_SZ
    p2psvc
    p2pimsvc
    p2pgasvc
    PNRPSvc
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
    CoInitializeSecurityParam REG_DWORD 0x1
    DefaultRpcStackSize REG_DWORD 0x8
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc
    AuthenticationCapabilities REG_DWORD 0x3020
    CoInitializeSecurityParam REG_DWORD 0x1
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs
    AuthenticationCapabilities REG_DWORD 0x3020
    CoInitializeSecurityParam REG_DWORD 0x1
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
    CoInitializeSecurityParam REG_DWORD 0x1
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
    CoInitializeSecurityParam REG_DWORD 0x1
    AuthenticationCapabilities REG_DWORD 0x2000
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
    CoInitializeSecurityParam REG_DWORD 0x1
    AuthenticationCapabilities REG_DWORD 0x3020
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
    CoInitializeSecurityParam REG_DWORD 0x2
    AuthenticationCapabilities REG_DWORD 0x40
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
    CoInitializeSecurityParam REG_DWORD 0x1
    DefaultRpcStackSize REG_DWORD 0x8


    ~~~ ServiceGroupOrder ~~~


    ~~~ LoadOrderGroup Members ~~~


    ~~~End of Report~~~
     
  10. 2009/02/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Open the task manager and type services.msc and hit Enter.
    See if the Windows Management Instrumentation service is running.
    If not, try to start it (right click and select start).
     
  11. 2009/02/22
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    FYI when services.msc is run, I cannot see the Extended tab. Under the standard tab, WMI service was not started, and when I tried to start it, I recieved the following error message:
    Could not start the Windows Management Instrumentation service on Local Computer.
    Error 1068: The Dependency service or group failed to start.
     
  12. 2009/02/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Check the Remote Procedure Call (RPC) service.
    It needs to be running for WMI and several others to start.
    It's startup type should be set to Automatic as well.
     
  13. 2009/02/22
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    When I have tried to start the RPC service, I get the following error message as well:

    Could not start the RPC service on Local Computer.
    Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    It is set to be started automatically, I have not disabled it.
     
  14. 2009/02/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    In task manager, type regedit and hit Enter to open the registry editor.
    Expand the HKEY_LOCAL_MACHINE tree by clicking the + sign next to it, then expand the System and CurrentControlSet keys.
    Click the Services key once to select it, then right click it and select Export.
    Save it as services.reg on your flash drive, then email that file to me please.
     
  15. 2009/02/22
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    Completed and e-mailed.
     
  16. 2009/02/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Well, I see why the RPC service isn't running ........ it's registry data is gone. ComboFix should have created some backups. ;)

    Navigate to C:\Windows\ERDNT\Hiv-backup and see if there is a file named ERDNT
    If so, double click that file and click OK.
    At the Restoration options screen, select the System registry entry only and leave the Restoration modes as is.
    Click OK to continue and reboot when completed.
     
  17. 2009/02/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Maybe I should get my eyes examined :eek: The RPC service is present in the export ........ I just overlooked it. Still think restoring the backup is the way to go at this time though.
     
  18. 2009/02/22
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    Restored the registry as per instructions and nothing chaged at this time. It still displays the same error when I try to start WMI. Boot time is still extremely long, and no internet still. It does however sound like my sound came back. After running ComboFix I believe i lost my sound, but I just heard the speakers kick on when rebooting.
     
  19. 2009/02/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please place a copy of c:\windows\ServicePackFiles\i386\svchost.exe in the C:\Windows\system32\dllcache folder (dllcache is a hidden folder)
    Then, rename the svchost.exe file in C:\Windows\system32 to svchost.old
    Restart the computer and see if there's any change.

    You can accomplish this in a command window with the following commands.

    copy c:\windows\ServicePackFiles\i386\svchost.exe c:\Windows\system32\dllcache

    ren C:\Windows\system32\svchost.exe svchost.old
     
  20. 2009/02/23
    Ryman

    Ryman Inactive Thread Starter

    Joined:
    2009/02/14
    Messages:
    11
    Likes Received:
    0
    Did as per above post, still no change.
     
  21. 2009/02/23
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hmmm, please export the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder key and post it's contents here.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.