RSIT log +MBAM +SecurityProviders

Whiskeyman · 2008/09/05

I am on a PC that was infected by Vista AntiVirus 2009. I had installed MBAM v 1.00 awhile back when cleaning this for previous infections for the owner. The only way to get back on the Internet was to run MBAM and AntiVir several times. After reading the warning about the issue about MBAM v 1.00 - 1.25 and SecurityProviders I decided to follow noahdfear's advice and post the RSIT log. I can see the commas are omitted. Should I run the tool from MBAM or edit the registry?

Logfile of random's system information tool (written by random/random)
Run by Buc at 2008-09-05 19:08:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 65 GB (85%) free of 76 GB
Total RAM: 759 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:10 PM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Buc\Desktop\RSIT.exe
C:\hjt\Buc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe "
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe "
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176029080890
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52636D2D-BA43-4A7C-8430-A7C24E9432AD}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{52636D2D-BA43-4A7C-8430-A7C24E9432AD}: NameServer = 166.102.165.11 166.102.165.13
O23 - Service: Avira AntiVir Personal "“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal "“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6180 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-16 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor "=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"lxcymon.exe "=C:\Program Files\Lexmark 3400 Series\lxcymon.exe [2007-06-25 291504]
"EzPrint "=C:\Program Files\Lexmark 3400 Series\ezprint.exe [2007-06-25 82608]
"FaxCenterServer "=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-06-25 295600]
"LXCYCATS "=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll []
"SiteAdvisor "=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-12-04 36640]
"avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdssserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr "=0
"NoDispCPL "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\WINDOWS\system32\lxcycoms.exe "= "C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Internet Explorer\iexplore.exe "= "C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-05 19:08:02 ----D---- C:\rsit
2008-09-01 17:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-01 17:10:20 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-01 17:09:41 ----D---- C:\WINDOWS\Prefetch
2008-09-01 17:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-01 17:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-01 17:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-01 17:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-01 17:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-01 17:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-01 17:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-01 17:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-01 17:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-01 17:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-01 17:04:14 ----A---- C:\WINDOWS\setuplog.txt
2008-09-01 17:03:21 ----D---- C:\WINDOWS\system32\scripting
2008-09-01 17:03:20 ----D---- C:\WINDOWS\l2schemas
2008-09-01 17:03:19 ----D---- C:\WINDOWS\system32\en
2008-09-01 17:03:19 ----D---- C:\WINDOWS\system32\bits
2008-09-01 16:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-01 16:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-01 16:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-01 16:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-01 16:32:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-01 16:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-01 16:31:38 ----A---- C:\WINDOWS\imsins.BAK
2008-09-01 16:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-01 16:20:30 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-01 16:20:30 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-01 16:20:30 ----A---- C:\WINDOWS\system32\java.exe
2008-09-01 15:53:50 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-30 21:15:50 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2008-08-30 19:56:17 ----D---- C:\Documents and Settings\Buc\Application Data\Malwarebytes
2008-08-30 19:56:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 19:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 14:17:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-30 14:17:25 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-30 14:17:25 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-30 14:17:16 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-30 14:17:14 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-30 14:17:14 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-30 14:17:13 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-30 14:17:13 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-30 14:17:12 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-30 14:17:12 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-30 14:17:07 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-30 14:16:59 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-30 14:16:59 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-30 14:16:59 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-30 14:16:58 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-30 14:16:58 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-30 14:16:50 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-30 14:16:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-30 14:16:50 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-30 14:16:50 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-30 14:16:43 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-30 14:16:43 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-30 14:16:42 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-30 14:16:42 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-30 14:16:42 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-30 14:16:42 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-30 14:16:31 ----A---- C:\WINDOWS\005396_.tmp
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-30 14:16:30 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-30 14:16:28 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-30 14:16:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-30 14:16:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-30 14:16:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-30 14:16:26 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-30 14:16:22 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-30 14:16:22 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-30 14:16:18 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-07-09 17:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-23 03:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-15 09:48:07 ----D---- C:\Program Files\Java
2008-06-15 09:47:17 ----D---- C:\Program Files\Common Files\Java
2008-06-15 09:39:58 ----D---- C:\Program Files\SpywareBlaster
2008-06-14 22:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-14 22:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-14 22:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-14 22:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
2008-06-14 16:43:53 ----D---- C:\Program Files\Avira
2008-06-14 16:43:53 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-14 16:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7

List of drivers

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-17 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\system32\DRIVERS\enethusb.sys [2003-11-26 28857]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 AntiVirScheduler;Avira AntiVir Personal "“ Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-07-17 68865]
R2 AntiVirService;Avira AntiVir Personal "“ Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-30 149761]
R2 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2007-06-20 537264]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-09 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-22 208896]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Geri · 2008/09/05

Hi Whiskeyman

OK follow Daves instructions. We posted at the same time.

Geri

noahdfear · 2008/09/05

First, update MBAM and run it again. I believe those values will be tagged and fixed. If not, create and merge the following reg file.
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
 "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

Whiskeyman · 2008/09/06

I'll hook the other PC up and try both methods. Let you know how it goes.

noahdfear · 2008/09/06

Let me know also what the version # shows on MBAM after update.

Thanks!

Whiskeyman · 2008/09/06

I had updated MBAM once I ran v 1.00 and was able to access the Internet. When I checked it just awhile ago it still showed as v 1.00, so I uninstalled it in Add/Remove and transferred v 1.26 from my thumbdrive. After running a scan with v 1.26 there was no change to SecurityProviders in the new RSIT log. I then ran the .reg file and found that it fixed the problem when I opened regedit.

Thanks Dave, now I can return this to the owner and await a call that it is infected again. It seems no matter how many anti-malware apps I install, he can find the wrong things to click on. Next step will be Net Nanny to block all adult sites.

noahdfear · 2008/09/07

Thanks for testing for us.

Log in or Sign up

RSIT log +MBAM +SecurityProviders

Whiskeyman Inactive Alumni Thread Starter

Geri Inactive Alumni

noahdfear Inactive

Whiskeyman Inactive Alumni Thread Starter

noahdfear Inactive

Whiskeyman Inactive Alumni Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

RSIT log +MBAM +SecurityProviders

Whiskeyman Inactive Alumni Thread Starter

Geri Inactive Alumni

noahdfear Inactive

Whiskeyman Inactive Alumni Thread Starter

noahdfear Inactive

Whiskeyman Inactive Alumni Thread Starter

noahdfear Inactive

Share This Page

Useful Searches