Active IE not accepting cookies

[Active] IE not accepting cookies

I am sorry i postd this on the wrong forum,(internet explorer) I have ot been able to log into ebay or amazon for the pastweek. i get browser not accepting cookies page. i read the threads here and am going with the malware thread. hee is my log file

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-13 21:32:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (57%) free of 38 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:38 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Windows\runservice.exe
C:\Windows\system32\LxrSII1s.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\HPZipm12.exe
C:\Windows\System32\snmp.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Windows\system32\ltmsg.exe
C:\Program Files\Common Files\AOL\1159014010\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\administrator\local settings\application data\wamaecm.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159014010\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title= "CorelDRAW Graphics Suite 12" /date=122008 serial=DR12WUS-0926960-CLD lang=EN
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r= "Software\Corel\CorelDRAW\12.0 "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [wamaecm] "c:\documents and settings\administrator\local settings\application data\wamaecm.exe" wamaecm
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: McAfee Application Installer Cleanup (0248711227139684) (0248711227139684mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\024871~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe

--
End of file - 10824 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AppleSoftwareUpdate.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar BHO - C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-12 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAD3A971-6A23-4246-8691-C9244E858967}]
OToolbarHelper Class - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [2007-12-03 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 1185120]
{DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - PayPal Plug-In - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [2007-12-03 2703360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange "=C:\Windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"AtiPTA "=C:\Windows\system32\atiptaxx.exe [2002-02-14 315392]
"SynTPLpr "=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-04-25 126976]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-04-25 540672]
"eabconfg.cpl "=C:\Program Files\Compaq\EAB\EabServr.exe [2002-03-07 171665]
"LTWinModem1 "=ltmsg.exe 9 []
"AOLDialer "=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"HostManager "=C:\Program Files\Common Files\AOL\1159014010\ee\AOLSoftware.exe [2006-09-25 50736]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-23 185784]
"CorelDRAW Graphics Suite 11b "=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe [2003-11-25 729088]
"CanonMyPrinter "=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-10-16 1197648]
"mcagent_exe "=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe "=C:\Windows\system32\ctfmon.exe [2008-04-13 15360]
"c:_program files_corel_cor3c "=C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe [2003-11-18 139264]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-17 68856]
"wamaecm "=c:\documents and settings\administrator\local settings\application data\wamaecm.exe [2008-11-26 294912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\Windows\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0 "
"C:\Program Files\America Online 9.0a\waol.exe "= "C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\1159014010\EE\AOLServiceHost.exe "= "C:\Program Files\Common Files\AOL\1159014010\EE\AOLServiceHost.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\System Information\sinf.exe "= "C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe "= "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe "= "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe "= "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service "
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe "= "C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\eMule\emule.exe "= "C:\Program Files\eMule\emule.exe:*:Enabled:eMule "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe "= "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 3 months======

2008-12-13 21:33:00 ----D---- C:\Program Files\trend micro
2008-12-13 21:32:58 ----D---- C:\rsit
2008-12-12 23:50:48 ----HDC---- C:\Windows\$NtUninstallKB955839$
2008-12-12 23:47:17 ----HDC---- C:\Windows\$NtUninstallKB952069_WM9$
2008-12-12 23:47:07 ----HDC---- C:\Windows\$NtUninstallKB954600$
2008-12-12 23:46:49 ----HDC---- C:\Windows\$NtUninstallKB956802$
2008-12-09 20:16:06 ----D---- C:\Program Files\CDisplay
2008-12-09 20:08:39 ----D---- C:\Program Files\CBViewer
2008-12-06 00:59:19 ----A---- C:\Windows\system32\cpwmon2k.dll
2008-12-06 00:59:01 ----D---- C:\Program Files\Acro Software
2008-12-06 00:58:20 ----D---- C:\Program Files\GPLGS
2008-12-05 23:46:53 ----A---- C:\Windows\system32\javaws.exe
2008-12-05 23:46:53 ----A---- C:\Windows\system32\javaw.exe
2008-12-05 23:46:53 ----A---- C:\Windows\system32\java.exe
2008-12-05 22:34:55 ----A---- C:\ROFTable.bak
2008-12-05 22:34:55 ----A---- C:\ROFImagesTable.bak
2008-12-05 22:34:55 ----A---- C:\pathnameTable.bak
2008-12-05 22:34:55 ----A---- C:\managedFolderTable.bak
2008-12-05 22:34:55 ----A---- C:\keywordTable.bak
2008-12-05 22:34:55 ----A---- C:\keywordImagesTable.bak
2008-12-05 22:34:55 ----A---- C:\imageTable.bak
2008-12-05 22:34:55 ----A---- C:\EXIFTable.bak
2008-12-05 22:34:55 ----A---- C:\albumTable.bak
2008-12-05 22:34:55 ----A---- C:\albumImagesTable.bak
2008-12-05 22:34:54 ----A---- C:\CB_Server_Errors.txt
2008-12-05 22:34:54 ----A---- C:\administrativeInfo.bak
2008-12-05 22:04:58 ----D---- C:\Windows\Microsoft.NET
2008-12-05 22:04:58 ----D---- C:\Windows\assembly
2008-12-05 22:04:54 ----D---- C:\Windows\system32\URTTemp
2008-11-27 16:33:47 ----A---- C:\Windows\system32\deploytk.dll
2008-11-12 03:03:55 ----HDC---- C:\Windows\$NtUninstallKB957097$
2008-11-12 03:03:41 ----HDC---- C:\Windows\$NtUninstallKB954459$
2008-11-12 03:03:15 ----HDC---- C:\Windows\$NtUninstallKB955069$
2008-11-01 16:06:44 ----D---- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-10-30 09:57:16 ----D---- C:\Program Files\WinRAR
2008-10-24 02:02:03 ----HDC---- C:\Windows\$NtUninstallKB958644$
2008-10-17 01:23:58 ----D---- C:\tlog
2008-10-16 08:21:21 ----D---- C:\Program Files\iPod
2008-10-16 08:21:14 ----D---- C:\Program Files\iTunes
2008-10-16 08:21:14 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 02:05:15 ----HDC---- C:\Windows\$NtUninstallKB956803$
2008-10-15 02:05:03 ----HDC---- C:\Windows\$NtUninstallKB956391$
2008-10-15 02:04:49 ----HDC---- C:\Windows\$NtUninstallKB957095$
2008-10-15 02:03:44 ----HDC---- C:\Windows\$NtUninstallKB954211$
2008-10-15 02:03:17 ----HDC---- C:\Windows\$NtUninstallKB956841$
2008-10-08 09:17:16 ----D---- C:\Documents and Settings\Administrator\Application Data\Softplicity
2008-10-08 09:16:46 ----D---- C:\Program Files\TotalAudioConverter
2008-10-05 12:03:52 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-10-04 09:48:14 ----D---- C:\Documents and Settings\Administrator\Application Data\AccurateRip
2008-10-04 09:48:10 ----A---- C:\Windows\system32\SpoonUninstall.exe
2008-10-04 09:48:02 ----D---- C:\Program Files\Illustrate
2008-10-03 20:45:15 ----D---- C:\Program Files\jZip
2008-09-30 16:43:34 ----A---- C:\Windows\system32\msxml4.dll
2008-09-30 00:24:10 ----D---- C:\Program Files\Bonjour
2008-09-28 05:13:40 ----A---- C:\WebmailPlugin.dll
2008-09-19 08:39:15 ----HDC---- C:\Windows\$NtUninstallKB951978$
2008-09-17 18:05:18 ----HDC---- C:\Windows\$NtUninstallKB952954$
2008-09-17 18:05:03 ----HDC---- C:\Windows\$NtUninstallKB952287$
2008-09-17 18:04:47 ----HDC---- C:\Windows\$NtUninstallKB951748$
2008-09-17 18:04:33 ----HDC---- C:\Windows\$NtUninstallKB951698$
2008-09-17 18:04:20 ----HDC---- C:\Windows\$NtUninstallKB951376-v2$
2008-09-17 18:04:06 ----HDC---- C:\Windows\$NtUninstallKB951376$
2008-09-17 18:03:49 ----HDC---- C:\Windows\$NtUninstallKB951066$
2008-09-17 18:03:35 ----HDC---- C:\Windows\$NtUninstallKB950974$
2008-09-17 18:03:21 ----HDC---- C:\Windows\$NtUninstallKB950762$
2008-09-17 18:03:05 ----HDC---- C:\Windows\$NtUninstallKB946648$
2008-09-17 18:02:51 ----HDC---- C:\Windows\$NtUninstallKB938464$
2008-09-17 17:46:56 ----D---- C:\Windows\system32\scripting
2008-09-17 17:46:46 ----D---- C:\Windows\l2schemas
2008-09-17 17:46:42 ----D---- C:\Windows\system32\en
2008-09-17 17:09:04 ----N---- C:\Windows\system32\wmphoto.dll
2008-09-17 17:09:00 ----N---- C:\Windows\system32\wlanapi.dll
2008-09-17 17:08:57 ----N---- C:\Windows\system32\windowscodecsext.dll
2008-09-17 17:08:57 ----N---- C:\Windows\system32\windowscodecs.dll
2008-09-17 17:08:36 ----N---- C:\Windows\system32\tspkg.dll
2008-09-17 17:08:36 ----N---- C:\Windows\system32\tsgqec.dll
2008-09-17 17:08:10 ----N---- C:\Windows\system32\setupn.exe
2008-09-17 17:08:01 ----N---- C:\Windows\system32\rhttpaa.dll
2008-09-17 17:07:58 ----N---- C:\Windows\system32\rasqec.dll
2008-09-17 17:07:56 ----N---- C:\Windows\system32\qutil.dll
2008-09-17 17:07:54 ----N---- C:\Windows\system32\qcliprov.dll
2008-09-17 17:07:54 ----N---- C:\Windows\system32\qagentrt.dll
2008-09-17 17:07:54 ----N---- C:\Windows\system32\qagent.dll
2008-09-17 17:07:50 ----N---- C:\Windows\system32\photometadatahandler.dll
2008-09-17 17:07:45 ----N---- C:\Windows\system32\onex.dll
2008-09-17 17:07:26 ----N---- C:\Windows\system32\napstat.exe
2008-09-17 17:07:26 ----N---- C:\Windows\system32\napmontr.dll
2008-09-17 17:07:26 ----N---- C:\Windows\system32\napipsec.dll
2008-09-17 17:07:23 ----N---- C:\Windows\system32\msxml6r.dll
2008-09-17 17:07:23 ----N---- C:\Windows\system32\msxml6.dll
2008-09-17 17:07:18 ----N---- C:\Windows\system32\msshavmsg.dll
2008-09-17 17:07:18 ----N---- C:\Windows\system32\mssha.dll
2008-09-17 17:06:44 ----N---- C:\Windows\system32\mmcperf.exe
2008-09-17 17:06:43 ----N---- C:\Windows\system32\mmcfxcommon.dll
2008-09-17 17:06:43 ----N---- C:\Windows\system32\mmcex.dll
2008-09-17 17:06:43 ----N---- C:\Windows\system32\microsoft.managementconsole.dll
2008-09-17 17:06:23 ----N---- C:\Windows\system32\l2gpstore.dll
2008-09-17 17:06:21 ----N---- C:\Windows\system32\kmsvc.dll
2008-09-17 17:06:19 ----N---- C:\Windows\system32\kbdpash.dll
2008-09-17 17:06:19 ----N---- C:\Windows\system32\kbdnepr.dll
2008-09-17 17:06:19 ----N---- C:\Windows\system32\kbdiultn.dll
2008-09-17 17:06:18 ----N---- C:\Windows\system32\kbdbhc.dll
2008-09-17 17:05:57 ----N---- C:\Windows\system32\smtpapi.dll
2008-09-17 17:05:57 ----N---- C:\Windows\system32\rwnh.dll
2008-09-17 17:05:28 ----A---- C:\Windows\005709_.tmp
2008-09-17 17:05:25 ----N---- C:\Windows\system32\eapsvc.dll
2008-09-17 17:05:25 ----N---- C:\Windows\system32\eapqec.dll
2008-09-17 17:05:25 ----N---- C:\Windows\system32\eappprxy.dll
2008-09-17 17:05:25 ----N---- C:\Windows\system32\eapphost.dll
2008-09-17 17:05:25 ----N---- C:\Windows\system32\eappgnui.dll
2008-09-17 17:05:25 ----N---- C:\Windows\system32\eappcfg.dll
2008-09-17 17:05:24 ----N---- C:\Windows\system32\eapp3hst.dll
2008-09-17 17:05:24 ----N---- C:\Windows\system32\eapolqec.dll
2008-09-17 17:05:18 ----N---- C:\Windows\system32\dot3ui.dll
2008-09-17 17:05:18 ----N---- C:\Windows\system32\dot3svc.dll
2008-09-17 17:05:18 ----N---- C:\Windows\system32\dot3msm.dll
2008-09-17 17:05:18 ----N---- C:\Windows\system32\dot3gpclnt.dll
2008-09-17 17:05:18 ----N---- C:\Windows\system32\dot3dlg.dll
2008-09-17 17:05:18 ----N---- C:\Windows\system32\dot3cfg.dll
2008-09-17 17:05:18 ----N---- C:\Windows\system32\dot3api.dll
2008-09-17 17:05:15 ----N---- C:\Windows\system32\dimsroam.dll
2008-09-17 17:05:15 ----N---- C:\Windows\system32\dimsntfy.dll
2008-09-17 17:05:15 ----N---- C:\Windows\system32\dhcpqec.dll
2008-09-17 17:05:10 ----N---- C:\Windows\system32\credssp.dll
2008-09-17 17:05:01 ----N---- C:\Windows\system32\bitsprx4.dll
2008-09-17 17:05:00 ----N---- C:\Windows\system32\azroles.dll
2008-09-17 17:04:43 ----N---- C:\Windows\system32\aaclient.dll
2008-09-17 00:05:47 ----HDC---- C:\Windows\$NtUninstallKB938464_0$
2008-09-17 00:04:37 ----HDC---- C:\Windows\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 3 months======

2008-12-13 21:33:24 ----D---- C:\Windows\Temp
2008-12-13 21:33:01 ----D---- C:\Windows\Prefetch
2008-12-13 21:33:00 ----RD---- C:\Program Files
2008-12-13 21:05:21 ----A---- C:\VETlog.txt
2008-12-13 21:05:14 ----A---- C:\Windows\win.ini
2008-12-13 19:58:35 ----D---- C:\Windows\system32
2008-12-13 19:57:04 ----D---- C:\WINDOWS
2008-12-13 19:48:22 ----HD---- C:\Windows\inf
2008-12-13 19:48:20 ----D---- C:\Program Files\Internet Explorer
2008-12-13 19:48:10 ----RSHD---- C:\Windows\system32\dllcache
2008-12-13 19:46:44 ----A---- C:\Windows\SchedLgU.Txt
2008-12-13 19:17:53 ----D---- C:\Windows\system32\CatRoot
2008-12-13 19:17:40 ----D---- C:\Windows\system32\CatRoot2
2008-12-13 18:55:03 ----D---- C:\Windows\system32\en-US
2008-12-12 23:50:37 ----A---- C:\Windows\imsins.BAK
2008-12-12 23:49:53 ----HD---- C:\Windows\$hf_mig$
2008-12-09 18:24:37 ----A---- C:\Windows\system32\MRT.exe
2008-12-07 13:27:37 ----AC---- C:\Windows\cdplayer.ini
2008-12-05 23:47:27 ----SHD---- C:\Windows\Installer
2008-12-05 23:47:16 ----HD---- C:\Config.Msi
2008-12-05 23:46:43 ----D---- C:\Program Files\Java
2008-12-05 23:18:13 ----D---- C:\Windows\system32\config
2008-12-05 23:17:35 ----D---- C:\Windows\system32\wbem
2008-12-05 23:17:34 ----D---- C:\Windows\Registration
2008-12-05 22:34:38 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-12-05 22:15:08 ----D---- C:\Program Files\Common Files\HP
2008-12-05 22:10:30 ----D---- C:\Program Files\HP
2008-12-01 17:18:49 ----AC---- C:\Windows\SCWRITER.INI
2008-11-28 17:16:47 ----SD---- C:\Windows\Downloaded Program Files
2008-11-27 01:58:12 ----D---- C:\Movie Magic Screenwriter
2008-11-22 16:29:10 ----D---- C:\Program Files\AOL Toolbar
2008-11-20 21:05:58 ----D---- C:\Windows\system32\drivers
2008-11-20 21:00:23 ----D---- C:\mcafee_mcpr
2008-11-20 20:12:13 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-19 19:04:37 ----D---- C:\Program Files\McAfee
2008-11-16 22:16:52 ----D---- C:\Windows\Help
2008-11-12 09:59:46 ----D---- C:\Windows\WinSxS
2008-11-12 09:59:22 ----D---- C:\Program Files\Common Files\Adobe
2008-11-12 09:59:22 ----D---- C:\Program Files\Adobe
2008-11-07 17:56:41 ----D---- C:\Documents and Settings\Administrator\Application Data\U3
2008-11-07 00:26:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-25 15:24:41 ----D---- C:\Documents and Settings\Administrator\Application Data\Help
2008-10-23 07:36:14 ----A---- C:\Windows\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\Windows\system32\tzchange.exe
2008-10-17 02:08:40 ----A---- C:\Windows\system32\mshtml.dll
2008-10-16 15:38:40 ----A---- C:\Windows\system32\wininet.dll
2008-10-16 15:38:39 ----A---- C:\Windows\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\Windows\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\Windows\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\Windows\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\Windows\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\Windows\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\Windows\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\Windows\system32\mshtmled.dll
2008-10-16 15:38:37 ----A---- C:\Windows\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\Windows\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\Windows\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\Windows\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\Windows\system32\ieframe.dll
2008-10-16 15:38:35 ----A---- C:\Windows\system32\iedkcs32.dll
2008-10-16 15:38:35 ----A---- C:\Windows\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\Windows\system32\ieaksie.dll
2008-10-16 15:38:35 ----A---- C:\Windows\system32\ieakeng.dll
2008-10-16 15:38:35 ----A---- C:\Windows\system32\icardie.dll
2008-10-16 15:38:35 ----A---- C:\Windows\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\Windows\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\Windows\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\Windows\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\Windows\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\Windows\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\Windows\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\Windows\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\Windows\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\Windows\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\Windows\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\Windows\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\Windows\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\Windows\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\Windows\system32\wuaueng.dll.mui
2008-10-16 08:17:56 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-16 08:11:09 ----A---- C:\Windows\system32\ieudinit.exe
2008-10-16 08:11:09 ----A---- C:\Windows\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\Windows\system32\netapi32.dll
2008-10-15 02:04:53 ----A---- C:\Windows\system32\ieakui.dll
2008-10-12 16:08:10 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-10-12 16:07:23 ----D---- C:\EMPIRE
2008-10-04 01:01:39 ----D---- C:\Program Files\WinAce
2008-10-04 00:59:43 ----D---- C:\Program Files\Mozilla Firefox
2008-10-03 05:02:42 ----A---- C:\Windows\system32\strmdll.dll
2008-09-30 00:28:54 ----SD---- C:\Windows\Tasks
2008-09-30 00:28:50 ----D---- C:\Program Files\Apple Software Update
2008-09-30 00:23:06 ----D---- C:\Program Files\QuickTime
2008-09-30 00:21:46 ----D---- C:\Program Files\Common Files\Apple
2008-09-18 23:55:49 ----AC---- C:\Windows\OEWABLog.txt
2008-09-18 23:50:11 ----D---- C:\Windows\system32\Setup
2008-09-18 23:50:11 ----D---- C:\Windows\ime
2008-09-18 23:50:11 ----D---- C:\Windows\AppPatch
2008-09-18 23:50:11 ----D---- C:\Program Files\Messenger
2008-09-18 23:50:07 ----RSD---- C:\Windows\Fonts
2008-09-17 18:34:52 ----D---- C:\Windows\security
2008-09-17 17:48:11 ----D---- C:\Windows\system32\inetsrv
2008-09-17 17:48:10 ----D---- C:\Windows\network diagnostic
2008-09-17 17:47:01 ----D---- C:\Windows\system32\usmt
2008-09-17 17:46:40 ----D---- C:\Windows\system32\bits
2008-09-17 17:46:39 ----D---- C:\Windows\peernet
2008-09-17 17:46:39 ----D---- C:\Program Files\Movie Maker
2008-09-17 17:38:25 ----D---- C:\Windows\system32\Restore
2008-09-17 17:38:25 ----D---- C:\Windows\system32\npp
2008-09-17 17:38:22 ----D---- C:\Windows\msagent
2008-09-17 17:38:19 ----D---- C:\Windows\srchasst
2008-09-17 17:38:17 ----D---- C:\Program Files\NetMeeting
2008-09-17 17:38:15 ----D---- C:\Windows\system32\Com
2008-09-17 17:38:10 ----D---- C:\Program Files\Windows Media Player
2008-09-17 17:38:09 ----D---- C:\Program Files\Windows NT
2008-09-17 17:38:09 ----D---- C:\Program Files\Outlook Express
2008-09-17 17:38:03 ----D---- C:\Program Files\Common Files\System
2008-09-17 17:37:36 ----D---- C:\Windows\system32\oobe
2008-09-17 17:37:32 ----D---- C:\Windows\system
2008-09-17 17:31:17 ----D---- C:\Windows\system32\ReinstallBackups
2008-09-17 17:30:46 ----HDC---- C:\Windows\$NtServicePackUninstall$
2008-09-17 17:20:07 ----D---- C:\Windows\EHome
2008-09-17 15:09:49 ----D---- C:\Windows\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ClntMgmt.sys;ClntMgmt.sys; C:\Windows\System32\Drivers\ClntMgmt.sys [2002-01-16 54222]
R1 EABFiltr;EABFiltr; \??\C:\Windows\System32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\Windows\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\Windows\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\Windows\System32\DRIVERS\AegisP.sys [2006-09-21 17119]
R2 Cnxtdiag;Cnxtdiag; C:\Windows\System32\DRIVERS\cnxtdiag.sys [2001-10-04 17776]
R2 Fallback;Fallback; C:\Windows\System32\DRIVERS\fallback.sys [2001-10-04 308403]
R2 Fsks;Fsks; C:\Windows\System32\DRIVERS\fsksnt.sys [2001-10-04 124189]
R2 irda;IrDA Protocol; C:\Windows\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 K56;K56; C:\Windows\System32\DRIVERS\k56nt.sys [2001-10-04 427215]
R2 LxrSII1d;Secure II Driver; \??\C:\Windows\system32\Drivers\LxrSII1d.sys []
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2006-10-15 8413]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\Windows\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\Windows\System32\DRIVERS\nwlnknb.sys [2001-08-18 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\Windows\System32\DRIVERS\nwlnkspx.sys [2001-08-18 55936]
R2 SoftFax;SoftFax; C:\Windows\System32\DRIVERS\faxnt.sys [2001-10-04 215195]
R2 Tones;Tones; C:\Windows\System32\DRIVERS\tonesnt.sys [2001-10-04 59375]
R2 V124;V124; C:\Windows\System32\DRIVERS\v124nt.sys [2001-10-04 539917]
R3 ati2mtag;ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2002-02-20 381824]
R3 CmBatt;Microsoft AC Adapter Driver; C:\Windows\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\System32\DRIVERS\e100b325.sys [2001-11-02 119808]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ltmodem5;Lucent Modem Driver; C:\Windows\System32\DRIVERS\ltmdmxp.sys [2002-02-28 623665]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\Windows\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT2500;RT2500 Wireless Driver; C:\Windows\System32\DRIVERS\RT2500.sys [2004-12-15 218368]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2001-12-17 414184]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\System32\DRIVERS\SynTP.sys [2002-04-25 253328]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB Root Hub (usbport); C:\Windows\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\Windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\Windows\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 P3;Intel PentiumIII Processor Driver; C:\Windows\System32\DRIVERS\p3.sys [2008-04-13 42752]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ACGPRS;Sierra Wireless 3G Adapter; C:\Windows\system32\DRIVERS\acgprs.sys [2006-01-26 97280]
S3 allegro;ESS Allegro Audio Driver (WDM); C:\Windows\system32\drivers\es198x.sys [2001-08-17 174464]
S3 ATICDSDr;ATICDSDr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys []
S3 atimpab;atimpab; C:\Windows\System32\DRIVERS\atimpab.sys [2001-08-17 289664]
S3 basic2;basic2; C:\Windows\System32\DRIVERS\basic2.sys [2001-10-04 76610]
S3 eabusb;EABUsb; \??\C:\Windows\System32\drivers\EABUsb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\Windows\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2006-05-16 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\Windows\system32\DRIVERS\HPZipr12.sys [2006-05-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-05-16 21568]
S3 mf;mf; C:\Windows\system32\DRIVERS\mf.sys [2008-04-13 63744]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\Windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 msloop;Microsoft Loopback Adapter Driver; C:\Windows\System32\DRIVERS\loop.sys [2001-08-17 4992]
S3 NWRDR;NetWare Rdr; C:\Windows\System32\DRIVERS\nwrdr.sys [2008-04-13 163584]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS []
S3 RimSerPort;RIM Virtual Serial Port; C:\Windows\system32\DRIVERS\RimSerial.sys [2006-07-12 18432]
S3 Rksample;Rksample; C:\Windows\System32\DRIVERS\rksample.sys [2001-10-04 67222]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2001-08-18 5888]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\Windows\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\Windows\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 winachsf;winachsf; C:\Windows\System32\DRIVERS\HSF_CNXT.sys [2001-10-04 585200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\Windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\Windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [2002-01-16 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Irmon;Infrared Monitor; C:\Windows\System32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2006-09-23 2560]
R2 LxrSII1s;Lexar Secure II; C:\Windows\system32\LxrSII1s.exe [2005-05-19 53248]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\system32\HPZipm12.exe [2007-08-09 73728]
R2 SNMP;SNMP Service; C:\Windows\System32\snmp.exe [2008-04-13 33280]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 0248711227139684mcinstcleanup;McAfee Application Installer Cleanup (0248711227139684); C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\024871~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 NWCWorkstation;Client Service for NetWare; C:\Windows\System32\svchost.exe [2008-04-13 14336]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-11 138168]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 SNMPTRAP;SNMP Trap Service; C:\Windows\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\Windows\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

 

IE not accepting cookies part 2

here is the other part of the log file

info.txt logfile of random's system information tool 1.04 2008-12-13 21:33:47

======Uninstall list======

--> "C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox= "N" /CheckMutx= "N" /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Windows\IsUninst.exe -fC:\Windows\orun32.isu
-->MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Deskbar--> "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG "
AOL Toolbar--> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG "
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\Windows\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon iP1800 series User Registration-->C:\Program Files\Canon\IJEREG\iP1800 series\UNINST.EXE
Canon iP1800 series--> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CDisplay 1.8--> "C:\Program Files\CDisplay\unins000.exe "
Compaq Easy Access Buttons 3.00 A9-->C:\Windows\IsUninst.exe -f "C:\Program Files\Compaq\EAB\Uninst.isu" -c "C:\Program Files\Compaq\EAB\EABINST.DLL "
Corel SVG Viewer-->MsiExec.exe /X{E32D1370-414D-45CC-950A-7320BA6022C5}
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
dBpoweramp [Calculate Audio CRC] Codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
dBpoweramp Dalet Codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
dBpoweramp FLAC Codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp Monkeys Audio Codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Mp2 and BwfMp2 codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
dBpoweramp mp3 (Fraunhofer IIS) Codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
dBpoweramp Music Converter--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBpoweramp Real Audio (Helix) Encoder--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
dBPoweramp tooLame MP2 codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
dBpoweramp Wave64 Codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
dBpoweramp WavPack Codec--> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Dominoes-->C:\Windows\ST5UNST.EXE -n "C:\Program Files\Dominoes\ST5UNST.LOG"
Dramatica Pro 4.0-->C:\Windows\IsUninst.exe -f "C:\Program Files\Screenplay Systems\Dramatica Pro\Uninst.isu "
Favorit--> "c:\documents and settings\administrator\local settings\application data\wamaecm.exe" -uninstall
Final Draft 7-->MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll "
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\Windows\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\Windows\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\Windows\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\Windows\$NtUninstallKB952287$\spuninst\spuninst.exe "
HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
InterVideo WinDVD--> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
Lucent Win Modem-->C:\Windows\System32\ltremove.exe
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\Windows\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\Windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\Windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\Windows\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft XML Parser and SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Movie Magic Budgeting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EE305C0-5DB2-11D4-AE43-0050DA5BC72E}\setup.exe"
Movie Magic Scheduling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A224D9F0-568B-11D4-AE3C-0050DA5BC72E}\setup.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nokia Connectivity Adapter Cable DKU-5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
PayPal Plug-In-->C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickTime-->C:\Windows\unvise32qt.exe C:\Windows\System32\QuickTime\Uninstall.log
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RT2500 Wireless LAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA66A0D-E610-40B8-9D51-C1854285773A}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
Security Update for Step By Step Interactive Training (KB898458)--> "C:\Windows\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723)--> "C:\Windows\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\Windows\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\Windows\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\Windows\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\Windows\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\Windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\Windows\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\Windows\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\Windows\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\Windows\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\Windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\Windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB958215)--> "C:\Windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB952069)--> "C:\Windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\Windows\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\Windows\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\Windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\Windows\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\Windows\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\Windows\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\Windows\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\Windows\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\Windows\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\Windows\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\Windows\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\Windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\Windows\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\Windows\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\Windows\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\Windows\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\Windows\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "C:\Windows\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954600)--> "C:\Windows\$NtUninstallKB954600$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\Windows\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\Windows\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956802)--> "C:\Windows\$NtUninstallKB956802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\Windows\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\Windows\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\Windows\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\Windows\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\Windows\$NtUninstallKB958644$\spuninst\spuninst.exe "
Setup Compaq Software-->C:\Windows\IsUninst.exe -f "C:\Program Files\COMPAQ\Setup Compaq Software\Uninst.isu" -c "C:\Program Files\COMPAQ\Setup Compaq Software\CPQUNST.DLL "
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
StoryBoard QUICK-->C:\Windows\IsUninst.exe -f "C:\Program Files\PowerProduction Software\StoryBoard QUICK\Uninst.isu "
Synaptics TouchPad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
TotalAudioConverter--> "C:\Program Files\TotalAudioConverter\unins000.exe "
Update for Windows XP (KB951072-v2)--> "C:\Windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\Windows\$NtUninstallKB951978$\spuninst\spuninst.exe "
Update for Windows XP (KB955839)--> "C:\Windows\$NtUninstallKB955839$\spuninst\spuninst.exe "
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WinAce Archiver 2.0-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp Toolbar for Internet Explorer--> "C:\Program Files\Winamp Toolbar\uninstall.exe "
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\Windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\Windows\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\Windows\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip--> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Hosts File======

10.254.254.253 Xdrive

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=C:\Program Files\Corel\Corel SVG Viewer\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\jZip
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION "=0207
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK "=NO
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

 

Welcome to WindowsBBS fleagore

You have some nasties on board. Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.


I have to ask ....... why are you running on the Administrator account?

 

i am going to try this now. the administrator is the only account i have set up on here. should i run on something different?

 

After we get you cleaned up, then yes, I recommend creating another account to use. The Administrator account is meant to be used for administration purposes, and best left unused for normal computing.

 

Here is the log

ComboFix 08-12-14.04 - Administrator 2008-12-15 3:39:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.648 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Local Settings\Application Data\wamaecm.dat
c:\documents and settings\Administrator\Local Settings\Application Data\wamaecm.exe
c:\documents and settings\Administrator\Local Settings\Application Data\wamaecm_nav.dat
c:\documents and settings\Administrator\Local Settings\Application Data\wamaecm_navps.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\AutoRun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-13 21:33 . 2008-12-13 21:33 <DIR> d-------- c:\program files\trend micro
2008-12-13 21:32 . 2008-12-13 21:33 <DIR> d-------- C:\rsit
2008-12-09 20:08 . 2008-12-09 20:08 <DIR> d-------- c:\program files\CBViewer
2008-12-06 00:59 . 2008-12-06 00:59 <DIR> d-------- c:\program files\Acro Software
2008-12-06 00:59 . 2007-07-12 22:33 87,552 --a------ c:\windows\system32\cpwmon2k.dll
2008-12-06 00:58 . 2008-12-06 00:58 <DIR> d-------- c:\program files\GPLGS
2008-12-05 22:41 . 2008-12-05 22:56 178 --a------ C:\dochwin.dat
2008-12-05 22:04 . 2008-12-05 23:14 <DIR> d-------- c:\windows\system32\URTTemp
2008-12-05 16:29 . 2008-12-05 22:27 68,870 --a------ c:\windows\hpoins05.dat
2008-12-05 16:29 . 2004-12-14 11:07 19,696 --------- c:\windows\hpomdl05.dat
2008-11-27 16:33 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 08:46 2,737 --sha-w c:\windows\system32\mmf.sys
2008-12-06 04:46 --------- d-----w c:\program files\Java
2008-12-06 04:08 178 ----a-w C:\handle.dat
2008-12-06 03:15 --------- d-----w c:\program files\Common Files\HP
2008-12-06 03:10 --------- d-----w c:\program files\HP
2008-11-22 21:29 --------- d-----w c:\program files\AOL Toolbar
2008-11-21 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-20 00:04 --------- d-----w c:\program files\McAfee
2008-11-12 14:59 --------- d-----w c:\program files\Common Files\Adobe
2008-11-07 22:56 --------- d-----w c:\documents and settings\Administrator\Application Data\U3
2008-11-01 21:30 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2008-11-01 13:35 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 07:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:22 --------- d-----w c:\program files\iTunes
2008-10-16 13:22 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-16 13:21 --------- d-----w c:\program files\iPod
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-04 15:15 510,840 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 10:13 591,296 ----a-w C:\WebmailPlugin.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"c:_program files_corel_cor3c "= "c:\program files\Corel\Corel Graphics 12\Programs\CorUpd.exe" [2003-11-18 139264]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-04-25 126976]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-04-25 540672]
"eabconfg.cpl "= "c:\program files\Compaq\EAB\EabServr.exe" [2002-03-07 171665]
"AOLDialer "= "c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager "= "c:\program files\Common Files\AOL\1159014010\ee\AOLSoftware.exe" [2006-09-25 50736]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-23 185784]
"CorelDRAW Graphics Suite 11b "= "c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ATIModeChange "= "Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"AtiPTA "= "atiptaxx.exe" [2002-02-14 c:\windows\system32\atiptaxx.exe]
"LTWinModem1 "= "ltmsg.exe" [2002-02-28 c:\windows\system32\ltmsg.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
RaConfig2500.lnk - c:\program files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2006-09-21 532480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\America Online 9.0a\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\1159014010\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=

R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2006-09-23 2560]
R2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\Drivers\LxrSII1d.sys [2006-09-28 70016]
S2 0248711227139684mcinstcleanup;McAfee Application Installer Cleanup (0248711227139684);c:\docume~1\ADMINI~1\LOCALS~1\Temp\024871~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\DRIVERS\acgprs.sys [2006-01-26 97280]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-wamaecm - c:\documents and settings\administrator\local settings\application data\wamaecm.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/explore.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 03:46:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrSII1s.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\snmp.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-12-15 3:56:32 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-12-15 08:55:15

Pre-Run: 23,164,829,696 bytes free
Post-Run: 23,440,101,376 bytes free

207 --- E O F --- 2008-12-14 00:17:56

 

Please upload the following files to my submission channel for analysis. Leave a link back to this topic.

C:\dochwin.dat
C:\handle.dat

Thanks!

Highlight and copy the following command.

sc delete 0248711227139684mcinstcleanup

Click Start>Run and paste the command in the Run dialog then hit Enter.

Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

i submitted the 2 files and here is the scan report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 16, 2008 02:36:51
Records in database: 1464325
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Files scanned: 149286
Threat name: 8
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 05:24:30


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\710cee4-230b6264 Infected: Trojan-Downloader.Java.OpenConnection.ar 1
C:\Program Files\AOL Toolbar\AOLToolbarSetup.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
F:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP655\A0135063.exe Infected: P2P-Worm.Win32.Kapucen.b 1
F:\music downloads\SlySoft.AnyDVD.HD.v6.4.6.9.Multilingual.WinAll.Incl.Keygen.and.Patch-BRD\SetupAnyDVD6469.exe Infected: Trojan-PSW.Win32.Small.gs 1
F:\music downloads\Ulead DVD MovieFactory 6.0 Plus keygen.zip Infected: Trojan.Win32.Small.ypj 1
F:\music downloads\Ulead DVD MovieFactory 6.0 Plus keygen.zip Infected: Trojan-Downloader.Win32.Agent.akwa 1
F:\music downloads\Ulead DVD MovieFactory 6.0 Plus keygen.zip Infected: Trojan.Win32.Pakes.luu 1
F:\music downloads\[PC GAME Crack] Left 4 Dead (Crack NO CD + Serial)\PC Game - Crack.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

The selected area was scanned.

 

Files received and appear legit.

Well, you can see what kind of junk you get with keygens and cracks.

F:\music downloads\SlySoft.AnyDVD.HD.v6.4.6.9.Multilingual.WinAll.Incl.Keygen.and.Pa tch-BRD\SetupAnyDVD6469.exe Infected: Trojan-PSW.Win32.Small.gs 1
F:\music downloads\Ulead DVD MovieFactory 6.0 Plus keygen.zip Infected: Trojan.Win32.Small.ypj 1
F:\music downloads\Ulead DVD MovieFactory 6.0 Plus keygen.zip Infected: Trojan-Downloader.Win32.Agent.akwa 1
F:\music downloads\Ulead DVD MovieFactory 6.0 Plus keygen.zip Infected: Trojan.Win32.Pakes.luu 1
F:\music downloads\[PC GAME Crack] Left 4 Dead (Crack NO CD + Serial)\PC Game - Crack.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

It's not only dishonest and unfair to the developer, it's dangerous. I recommend you delete those infected files and cease that sort of activity. I further recommend you dump the P2P filesharing apps ..... malware authors love to spread their junk via p2p.


Please download JavaRa and save the file to your desktop.

• Right click and Extract All
• Once extracted, open and run JavaRa.exe
• Click Remove Older Versions in the JavaRa interface and allow it to proceed
• When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
• Exit the tool when complete.

If any Java components fail removal, reboot and run the tool again.


Delete RSIT.exe and the C:\rsit folder.
Remove any quarantined items in your resident antivirus and all antispyware applications.
Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.


Once you get the above completed, if all appears to be working normally, I recommend you create a new user account and begin using it rather than the Administrator account.

Let me know how everything goes.

 

Everything looks good. my nephews were using my computer while i was away evidently they used the p2p servers. they wont be doing that again.

thanks for all your help

 

Glad to hear it, and glad I could help. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!