Post by: sheepmaster on October 26, 2008, 02:58:20 PM
can you help me out here questolo?
Post by: guestolo on October 26, 2008, 03:22:14 PM
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Post by: sheepmaster on October 26, 2008, 04:49:19 PM
Scan saved at 12:37:32 AM, on 1/4/2080
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LEXBCES.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\LEXPPS.EXE
C:\Windows\System32\PackethSvc.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\lxdccoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\mqsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\system32\atiptaxx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com (http://\"http://qwest.live.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {0E0A4DC9-4BDF-474D-93FF-CE6C692EFA2A} - http://qwest.live.com (http://\"http://qwest.live.com\") (file missing) (HKCU)
O9 - Extra button: Advisor - {FB602155-A965-424E-98C0-DABE71C066FF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab\")
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/co...ls/DigWebX2.cab (http://\"http://photos.msn.com/resources/neutral/controls/DigWebX2.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?3471575220038 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?3471575220038\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab (http://\"http://admin.pressplay.com/duet/registration/isetup.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab (http://\"http://dgl.microsoft.com/downloads/outc.cab\")
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab (http://\"http://wwemail.support.hp.com/fd2/objects/SysQuery.cab\")
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\Windows\System32\PackethSvc.exe
--
End of file - 9091 bytes
there ya go
Post by: guestolo on October 26, 2008, 07:03:09 PM
But some leftovers to remove
Can you do the following for now please
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.
- Double click on RSIT.exe to launch program.
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Post by: sheepmaster on October 27, 2008, 01:35:11 AM
Run by oscar at 2080-01-04 00:47:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (56%) free of 29 GB
Total RAM: 255 MB (10% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:20 AM, on 1/4/2080
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LEXBCES.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\LEXPPS.EXE
C:\Windows\System32\PackethSvc.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\lxdccoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\mqsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\system32\atiptaxx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\oscar\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\oscar.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com (http://\"http://qwest.live.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {0E0A4DC9-4BDF-474D-93FF-CE6C692EFA2A} - http://qwest.live.com (http://\"http://qwest.live.com\") (file missing) (HKCU)
O9 - Extra button: Advisor - {FB602155-A965-424E-98C0-DABE71C066FF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab\")
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/co...ls/DigWebX2.cab (http://\"http://photos.msn.com/resources/neutral/controls/DigWebX2.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?3471575220038 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?3471575220038\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab (http://\"http://admin.pressplay.com/duet/registration/isetup.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab (http://\"http://dgl.microsoft.com/downloads/outc.cab\")
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab (http://\"http://wwemail.support.hp.com/fd2/objects/SysQuery.cab\")
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\Windows\System32\PackethSvc.exe
--
End of file - 9136 bytes
======Scheduled tasks folder======
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\Registration reminder 1.job
C:\Windows\tasks\Registration reminder 2.job
C:\Windows\tasks\Registration reminder 3.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eabconfg.cpl"=C:\Program Files\Compaq\EAB\EabServr.exe /Start []
"Cpqset"=c:\compaq\cpqsetup\cpqset.exe [2002-04-30 163909]
"Ink Monitor"=C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [2001-12-07 258118]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"SprintModemUpdate"=javaw.exe -cp C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar com.motive.firmwareUpdater.client.SprintModemUpdate []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"lxdcamon"=C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-04-30 20480]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-07-13 28739]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2000-07-13 311350]
"AtiPTA"=C:\Windows\system32\atiptaxx.exe [2002-04-01 290816]
"ATIModeChange"=C:\Windows\system32\Ati2mdxx.exe [2002-04-01 28672]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\Windows\system32\ctfmon.exe [2008-04-13 15360]
"MoneyAgent"=c:\Program Files\Microsoft Money\System\Money Express.exe []
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\Windows\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\Windows\system32\upnpui.dll [2008-04-13 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\WINDOWS\system32\lxdccoms.exe"="C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 1300 Series\App4R.exe"="C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Disabled:Message Queuing"
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe"="C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Disabled:MSN Explorer"
"C:\Windows\Network Diagnostic\xpnetdiag.exe"="C:\Windows\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player"
"C:\Windows\system32\sessmgr.exe"="C:\Windows\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Embarq TotalAccess\TaskPanl.exe"="C:\Program Files\Embarq TotalAccess\TaskPanl.exe:*:Disabled:TaskPanl"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Lexmark 1300 Series\app4r.exe"="C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
======List of files/folders created in the last 1 months======
65535-65535-31889 379:31889:443 ----A---- C:\Windows\system32\MPFServiceFailureCount.txt
2080-01-04 00:47:42 ----D---- C:\rsit
2080-01-04 00:26:54 ----HDC---- C:\Windows\$NtUninstallKB828741$
2080-01-04 00:26:45 ----A---- C:\Windows\system32\mtxoci.dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\mtxoci(2).dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\mtxclu.dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\mtxclu(3).dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\msdtcuiu.dll
2080-01-04 00:26:45 ----A---- C:\Windows\system32\comuid.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\rpcss.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\rpcss(3).dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\rpcrt4.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\rpcrt4(3).dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\ole32.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\ole32(3).dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\msdtctm.dll
2080-01-04 00:26:44 ----A---- C:\Windows\system32\msdtcprx.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\txflog.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\es.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\es(3).dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\comsvcs.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\comsvcs(3).dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\colbact.dll
2080-01-04 00:26:43 ----A---- C:\Windows\system32\colbact(3).dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\clbcatex.dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\catsrvut.dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\catsrvut(3).dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\catsrv.dll
2080-01-04 00:26:42 ----A---- C:\Windows\system32\catsrv(3).dll
2080-01-04 00:25:48 ----HDC---- C:\Windows\$NtUninstallKB835732$
2080-01-04 00:25:42 ----A---- C:\Windows\system32\mf3216.dll
2080-01-04 00:25:41 ----A---- C:\Windows\system32\h323msp.dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\netapi32.dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\netapi32(3).dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\ipnathlp.dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\browser.dll
2080-01-04 00:25:40 ----A---- C:\Windows\system32\browser(3).dll
2080-01-04 00:25:09 ----HDC---- C:\Windows\$NtUninstallKB823559$
2080-01-04 00:22:10 ----HDC---- C:\Windows\$NtUninstallKB834707-IE6-20040929.115007$
2080-01-04 00:21:34 ----HDC---- C:\Windows\$NtUninstallQ810577$
2080-01-04 00:18:59 ----HDC---- C:\Windows\$NtUninstallQ810833$
2080-01-04 00:16:49 ----A---- C:\Windows\setdebug.exe
2080-01-04 00:16:48 ----A---- C:\Windows\system32\jit.dll
2080-01-04 00:16:47 ----A---- C:\Windows\system32\javaee.dll
2080-01-04 00:16:46 ----A---- C:\Windows\system32\dx3j.dll
2080-01-04 00:16:34 ----A---- C:\Windows\system32\wjview.exe
2080-01-04 00:16:34 ----A---- C:\Windows\system32\vmhelper.dll
2080-01-04 00:16:33 ----A---- C:\Windows\system32\msjdbc10.dll
2080-01-04 00:16:32 ----A---- C:\Windows\system32\msjava.dll
2080-01-04 00:16:31 ----A---- C:\Windows\system32\msawt.dll
2080-01-04 00:16:30 ----A---- C:\Windows\system32\jview.exe
2080-01-04 00:16:29 ----A---- C:\Windows\system32\jdbgmgr.exe
2080-01-04 00:16:26 ----A---- C:\Windows\system32\javart.dll
2080-01-04 00:16:25 ----A---- C:\Windows\system32\javaprxy.dll
2080-01-04 00:16:24 ----A---- C:\Windows\system32\javacypt.dll
2080-01-04 00:16:23 ----A---- C:\Windows\system32\clspack.exe
2080-01-04 00:13:43 ----HDC---- C:\Windows\$NtUninstallQ815021$
2080-01-04 00:11:15 ----HDC---- C:\Windows\$NtUninstallQ329441$
2080-01-04 00:10:27 ----D---- C:\Windows\system32\SoftwareDistribution
2080-01-04 00:09:21 ----A---- C:\Windows\system32\srrstr.dll
2080-01-04 00:08:52 ----A---- C:\Windows\system32\MRT.exe
2080-01-04 00:08:06 ----D---- C:\Program Files\Common Files\Motive
2080-01-04 00:08:05 ----D---- C:\Program Files\mcci
2080-01-04 00:08:04 ----A---- C:\Program Files\EndProcess.exe
2080-01-04 00:08:00 ----HDC---- C:\Windows\$NtUninstallQ817606$
2080-01-04 00:07:42 ----D---- C:\Windows\SoftwareDistribution
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wuweb.dll
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wups.dll
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wucltui.dll
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wuaueng1.dll
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wuauclt1.exe
2080-01-04 00:07:23 ----A---- C:\Windows\system32\wuapi.dll
======List of files/folders modified in the last 1 months======
65535-65535-31889 379:31889:443 ----A---- C:\Windows\SchedLgU.Txt
2080-01-04 00:47:55 ----D---- C:\Windows\Temp
2080-01-04 00:47:37 ----D---- C:\Windows\Prefetch
2080-01-04 00:26:46 ----HDC---- C:\Windows\$xpsp1hfm$
2080-01-04 00:04:50 ----D---- C:\Windows\system32\inetsrv
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2007-10-17 9072]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2007-10-17 9200]
R1 intelppm;Intel Processor Driver; C:\Windows\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\Windows\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 Cnxtdiag;Cnxtdiag; C:\Windows\System32\DRIVERS\cnxtdiag.sys [2001-10-03 17776]
R2 cpqdfw;Compaq Diagnostics Driver; \??\C:\Windows\System32\drivers\cpqdfw.sys []
R2 cq_mem;Compaq Diagnostics Memory Driver; \??\C:\Windows\System32\drivers\cq_mem.sys []
R2 cqcpu;Compaq Diagnostics CPU Driver; \??\C:\Windows\System32\drivers\cqcpu.sys []
R2 Fallback;Fallback; C:\Windows\System32\DRIVERS\fallback.sys [2001-10-03 308403]
R2 Fsks;Fsks; C:\Windows\System32\DRIVERS\fsksnt.sys [2001-10-03 124189]
R2 irda;IrDA Protocol; C:\Windows\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 K56;K56; C:\Windows\System32\DRIVERS\k56nt.sys [2001-10-03 427215]
R2 SoftFax;SoftFax; C:\Windows\System32\DRIVERS\faxnt.sys [2001-10-03 215195]
R2 Tones;Tones; C:\Windows\System32\DRIVERS\tonesnt.sys [2001-10-03 59375]
R2 V124;V124; C:\Windows\System32\DRIVERS\v124nt.sys [2001-10-03 539917]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 Arp1394;1394 ARP Client Protocol; C:\Windows\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2002-04-17 419200]
R3 basic2;basic2; C:\Windows\System32\DRIVERS\basic2.sys [2001-10-03 76610]
R3 BridgeMP;MAC Bridge Miniport; C:\Windows\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 CmBatt;Microsoft AC Adapter Driver; C:\Windows\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Adapter Driver; C:\Windows\System32\DRIVERS\e100b325.sys [2002-04-11 120320]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MQAC;Message Queuing access control; \??\C:\Windows\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\Windows\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\Windows\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 Rksample;Rksample; C:\Windows\System32\DRIVERS\rksample.sys [2001-10-03 67222]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\Windows\system32\drivers\RMCast.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\System32\DRIVERS\SynTP.sys [2002-04-25 253328]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wandrv;WAN Network Driver; C:\Windows\System32\DRIVERS\wandrv.sys [2001-08-09 22608]
R3 winachsf;winachsf; C:\Windows\System32\DRIVERS\HSF_CNXT.sys [2001-10-03 585200]
S1 ClntMgmt.sys;ClntMgmt.sys; C:\Windows\System32\Drivers\ClntMgmt.sys []
S1 P3;Intel PentiumIII Processor Driver; C:\Windows\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 allegro;ESS Allegro Audio Driver (WDM); C:\Windows\system32\drivers\es198x.sys [2001-08-17 174464]
S3 atimpab;atimpab; C:\Windows\System32\DRIVERS\atimpab.sys [2001-08-17 289664]
S3 Bridge;MAC Bridge; C:\Windows\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\Windows\System32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\Windows\System32\DRIVERS\btwdndis.sys []
S3 EPUSBSTOR;EPSON USB Storage Driver; C:\Windows\System32\DRIVERS\epusbsto.sys [2001-09-09 17976]
S3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ltmodem5;LT Modem Driver; C:\Windows\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 mouhid;Mouse HID Driver; C:\Windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\Windows\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2001-12-17 414184]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\Windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\Windows\System32\DRIVERS\wanatw4.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [2002-04-01 110592]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2001-08-09 90112]
R2 IISADMIN;IIS Admin; C:\Windows\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Irmon;Infrared Monitor; C:\Windows\System32\svchost.exe [2008-04-13 14336]
R2 LexBceS;LexBce Server; C:\Windows\system32\LEXBCES.EXE [2006-04-17 311296]
R2 lxdc_device;lxdc_device; C:\Windows\system32\lxdccoms.exe [2007-05-25 537520]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSMQ;Message Queuing; C:\Windows\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\Windows\system32\mqtgsvc.exe [2008-04-13 117248]
R2 PackethSvc;Virtual NIC Service; C:\Windows\System32\PackethSvc.exe [2001-08-09 64512]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\Windows\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\Windows\System32\snmp.exe [2008-04-13 33280]
R2 W3SVC;World Wide Web Publishing; C:\Windows\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent; C:\Windows\Cpqdiag\Cpqdfwag.exe [2001-11-19 212992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Compaq_RBA;Compaq Advisor; C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe [2002-01-22 258048]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 SNMPTRAP;SNMP Trap Service; C:\Windows\System32\snmptrap.exe [2008-04-13 8704]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2080-01-04 00:48:34
======Uninstall list======
-->C:\Windows\IsUninst.exe -fC:\Windows\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AT&T WorldNet Setup 2.0-->C:\PROGRA~1\WorldNet\wnun20.exe C:\PROGRA~1\WorldNet
ATI Display Driver-->rundll32 C:\Windows\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Compaq Advisor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL
Compaq Diagnostics for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1881AE03-2BD4-11D4-86BF-00508B10AA88}\setup.exe"
Compaq Remote Diagnostics Enabling Agent-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71A470E1-27E7-424E-803A-F9C0D41968D3}\SETUP.EXE" -l0x9
CompuServe 2000-->C:\Program Files\Common Files\csshare\csunins_us.exe
GTOneCare-->MsiExec.exe /X{CA40DD4F-D30E-4622-8783-1ED1E81340C2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\Windows\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Ink Monitor-->C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(tm) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lexmark 1300 Series-->C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\Windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\Windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
NBA Live 99-->C:\Windows\UNINST.EXE -f"C:\Program Files\EA SPORTS\NBA Live 99\DeIsL1.isu" -c"C:\Program Files\EA SPORTS\NBA Live 99\eauninst.dll
Security Update for Step By Step Interactive Training (KB898458)-->"C:\Windows\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\Windows\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\Windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\Windows\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\Windows\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\Windows\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\Windows\$NtUninstallKB941569$\spuninst\spuninst.exe"
Setup Compaq Software-->C:\Windows\IsUninst.exe -f"C:\Program Files\COMPAQ\Setup Compaq Software\Uninst.isu" -c"C:\Program Files\COMPAQ\Setup Compaq Software\CPQUNST.DLL"
Synaptics TouchPad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Wal-Mart® Mini Movie-->C:\Program Files\InstallShield Installation Information\{15FE4D77-D717-4632-8EA8-B6BB258CFC7D}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Imaging Component-->"C:\Windows\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows XP Service Pack 3-->"C:\Windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: McAfee VirusScan (outdated)
FW: McAfee Personal Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Post by: sheepmaster on October 27, 2008, 01:37:40 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: sheepmaster on October 27, 2008, 01:30:02 PM
Post by: guestolo on October 27, 2008, 06:24:18 PM
Your Java is outdated, we should install the latest which includes security fixes
Can you close down all browser windows
Access your Add and Remove Programs and remove Both
J2SE Runtime Environment 5.0 Update 6
Javaâ„¢ 6 Update 5
Don't reboot yet
Instead, come back here
Do a "System scan only" with Hijackthis and put a check next to these entries:
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab\")
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
- Click the "Download" button to the right.
- In the Window that opens, select Windows,>>Check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.
Java Quick Starter
That runs on startup
Supposedly it preloads portions of the JRE onto the system disk cache, decreasing the startup time. It is turned on by default in Windows 2000 and XP systems
If you don't need the plugin/Service
You can open Java in the Windows Control Panel
Click the Advanced tab
Expand(+) on Miscellaneous
and Uncheck "Java Quick Starter"
If you would like to do a double check, which is not a bad idea, if your AntiVirus has missed anything
Temporarily disable McAfee Virus scan
Please do a scan with [color=\"#3333FF\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")
[color=\"green\"]Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.[/color]
Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- In the drop down box labeled Files of type change the type to Text file.
- Save the file to your desktop.
- Copy and paste that information in your next post.
Post by: sheepmaster on October 27, 2008, 10:38:24 PM
the update has failed. program has failed to start. close the kaspersky's online scanner 7.0 window and open it again to install the program. you must be online to update the kaspersky's online scanner 7 database. with the latest database updates, you can find new viruses and other threats. please go online to use kaspersky online scanner 7. [ERROR: key is expired]
Post by: sheepmaster on October 27, 2008, 10:47:06 PM
Post by: guestolo on October 27, 2008, 11:32:46 PM
Can you do me a favor, I want to ensure it's not Java 6 update 10 problem
In IE, click on TOOLS>>Manage Addons>>Enable or Disable addons....
Can you ensure that anything related to Java under "Addons currently loaded in Internet Explorer"
From publisher>>> Sun Microsystems is enabled
If not enabled, enable them
Restart IE then try the scan again at Kaspersky's
Post by: sheepmaster on October 28, 2008, 10:06:13 AM
Post by: sheepmaster on October 28, 2008, 06:25:50 PM
Post by: guestolo on October 29, 2008, 07:57:50 AM
run a free online scan with the [color=\"blue\"]ESET Online Scanner[/color] (http://\"http://www.eset.eu/online-scanner\")[/url]
Note: You will need to use Internet Explorer for this scan[/i].[list=1]
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan
Wait for the scan to finish - Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
Post by: sheepmaster on October 29, 2008, 09:23:02 PM
Post by: guestolo on October 30, 2008, 08:26:07 PM
Sounds as if everything else is ok
Post by: sheepmaster on October 31, 2008, 12:56:16 AM
Post by: guestolo on October 31, 2008, 01:52:15 PM
Quote
by the way for some reason my explorer says internet explorer-provided by qwest i guess because i used to have qwest but now i have comcast, any idea how to get rid of that?
It's just a registry change, but I suggest that you do the following
To help prevent spyware from being installed, this is a great tool that doesn't run in the background
add SpywareBlaster to your protection software
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection
Now we can also use SpywareBlaster to change the Windows Title in IE
Right now yours reads
Windows Internet Explorer provided by Qwest
Open SpywareBlaster, click on TOOLS>>Misc. IE SETTINGS
Under "Internet Explorer Customizations cut the following
provided by Qwest
Then apply it and close SpywareBlaster
You should probably do that with IE closed, or you will probably have to restart IE for the change to take effect
Let me know if that helps
Post by: sheepmaster on November 01, 2008, 03:59:51 PM
Post by: Stop Reading My Name on November 01, 2008, 04:42:03 PM
I've had it (and the previous releases) for as long as I've had a computer and they've never failed me.
I highly recommend you give it a try, you won't be disappointed.