Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can not run or update spybot or mcafee

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Can not run or update spybot or mcafee

Unread postby anbrown3 » May 16th, 2009, 4:08 pm

ComboFix 09-05-16.03 - Archie Neal Brown II 05/16/2009 14:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2943 [GMT -5:00]
Running from: c:\documents and settings\Archie Neal Brown II\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Helper
c:\windows\system32\drivers\gxvxctcwgtrabhukxdosrdakaiqrydwhywjie.sys
c:\windows\system32\drivers\ip_fw.sys
c:\windows\system32\drivers\msqpdxhkvniygv.sys
c:\windows\system32\gxvxcotkihwgjtawoqhrwmprxrjkblgoncnon.dll
c:\windows\system32\msqpdxooimnufd.dll

----- BITS: Possible infected sites -----

hxxp://download.kodak.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys
-------\Service_MSQPDXSERV.SYS
-------\Legacy_IPFW
-------\Legacy_IP_FW
-------\Service_ip_fw


((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 18:47 . 2009-05-16 19:20 -------- d-----w c:\temp\New Folder
2009-05-16 13:44 . 2009-05-16 13:45 -------- d-----w C:\rsit
2009-05-15 19:26 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-15 19:26 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 19:26 . 2009-05-16 06:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 19:30 . 2009-01-19 21:52 12800 ----a-w c:\windows\system32\EKDeviceServices.dll
2009-05-03 19:28 . 2008-10-22 11:54 102400 ----a-w c:\windows\system32\EKIJCOINST02.dll
2009-05-03 19:28 . 2008-10-22 11:54 397312 ----a-w c:\windows\system32\EKIJ5000MON.dll
2009-05-03 19:14 . 2009-05-05 21:07 -------- d-----w c:\documents and settings\Archie Neal Brown II\Application Data\Temp
2009-04-28 18:01 . 2006-03-03 13:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-04-28 17:56 . 2007-11-22 11:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-04-28 17:56 . 2007-12-02 17:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-28 17:56 . 2007-11-22 11:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-28 17:56 . 2007-11-22 11:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-28 17:56 . 2007-11-22 11:44 201320 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-04-28 17:56 . 2007-07-13 11:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-04-28 17:55 . 2009-04-28 17:55 -------- d-----w c:\program files\McAfee.com
2009-04-28 17:55 . 2009-04-28 17:56 -------- d-----w c:\program files\Common Files\McAfee
2009-04-28 17:55 . 2009-05-07 17:01 -------- d-----w c:\program files\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 14:18 . 2007-12-22 04:53 118224 -c--a-w c:\documents and settings\Archie Neal Brown II\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 06:23 . 2009-01-23 07:01 -------- d-----w c:\program files\Spybot - S & D
2009-05-03 19:27 . 2008-02-28 03:36 -------- d-----w c:\program files\Kodak
2009-04-16 12:22 . 2007-02-23 09:28 118224 -c--a-w c:\documents and settings\Archie Neal Brown II\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 08:01 . 2007-02-24 22:02 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-15 17:06 . 2009-04-15 03:10 -------- d-----w c:\program files\Free Offers from Freeze.com
2009-04-15 03:11 . 2009-04-15 03:11 -------- d-----w c:\program files\VideoLAN
2009-04-15 02:17 . 2009-04-15 02:14 -------- d-----w c:\program files\Memorex exPressit Label Design Studio
2009-04-15 02:14 . 2009-03-10 02:57 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-04-14 11:53 . 2007-02-23 01:17 -------- d-----w c:\program files\Java
2009-04-05 00:01 . 2009-03-23 12:24 -------- d-----w c:\program files\Ask.com
2009-03-26 06:37 . 2007-02-24 22:00 -------- d-----w c:\program files\Common Files\L&H
2009-03-24 12:28 . 2009-03-24 12:28 -------- d-----w c:\program files\Common Files\xing shared
2009-03-24 12:28 . 2007-08-27 00:53 -------- d-----w c:\program files\Common Files\Real
2009-03-24 12:28 . 2007-02-22 13:23 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-09 10:19 . 2008-12-18 05:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-06-23 17:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-21 13:25 . 2009-02-21 13:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-17 02:47 . 2009-02-17 02:47 524288 ----a-w c:\windows\opuc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-03 00:50 809864 ----a-w c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - S & D\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 1200128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-24 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2007-9-19 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcshell.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9322:TCP"= 9322:TCP:EKDiscovery

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [1/19/2009 5:01 PM 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [1/19/2009 5:02 PM 38296]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [1/20/2009 6:18 PM 61840]
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-28 18:32]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-28 18:32]

2009-05-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-04-03 00:50]

2009-02-10 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - S & D\SDUpdate.exe [2009-01-23 21:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{22FE8EC6-10B9-45BE-99BD-2E99FC81054C} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-iTunesHelper - f:\program files\iTunes\iTunesHelper.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
uInternet Settings,ProxyOverride = *.local
TCP: {AE0A583A-4AC0-474E-930A-0A7A95CA28B8} = 208.67.220.220,208.67.222.222
TCP: {F3196DDC-3178-45DF-9C4B-73CCF695706D} = 208.67.220.220,208.67.222.222
DPF: {302124C4-30A0-484A-9C7A-B51D5BA5306B}
DPF: {4396C620-ACCD-11DC-AA5D-0002A5D5C51B}
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 14:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-05-16 15:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-16 20:03

Pre-Run: 13,875,863,552 bytes free
Post-Run: 13,845,442,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

233 --- E O F --- 2009-04-16 16:08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:25 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Archie Neal Brown II\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - S & D\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {302124C4-30A0-484A-9C7A-B51D5BA5306B} -
O16 - DPF: {4396C620-ACCD-11DC-AA5D-0002A5D5C51B} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2121899687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9891217109
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} -
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE0A583A-4AC0-474E-930A-0A7A95CA28B8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3196DDC-3178-45DF-9C4B-73CCF695706D}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ARCHIE~1/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg

--
End of file - 10518 bytes
anbrown3
Active Member
 
Posts: 14
Joined: February 10th, 2009, 3:38 am
Advertisement
Register to Remove

Re: Can not run or update spybot or mcafee

Unread postby Shaba » May 17th, 2009, 2:04 am

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Folder::
    c:\program files\Ask.com
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Can not run or update spybot or mcafee

Unread postby anbrown3 » May 17th, 2009, 2:26 pm

ComboFix 09-05-17.01 - Archie Neal Brown II 05/17/2009 12:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2899 [GMT -5:00]
Running from: c:\documents and settings\Archie Neal Brown II\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-17 17:43 . 2009-05-17 17:48 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-05-17 05:19 . 2009-05-17 05:19 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-17 05:01 . 2006-03-03 13:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-05-17 04:57 . 2007-11-22 11:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-05-17 04:57 . 2007-12-02 17:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-05-17 04:57 . 2007-11-22 11:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-05-17 04:57 . 2007-11-22 11:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-05-17 04:57 . 2007-11-22 11:44 201320 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-05-17 04:56 . 2007-07-13 11:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-05-17 04:56 . 2009-05-17 04:56 -------- d-----w c:\program files\McAfee.com
2009-05-17 04:56 . 2009-05-17 04:57 -------- d-----w c:\program files\Common Files\McAfee
2009-05-17 04:55 . 2009-05-17 05:01 -------- d-----w c:\program files\McAfee
2009-05-17 02:32 . 2009-05-17 02:32 -------- d-sh--w c:\documents and settings\Archie Neal Brown II\PrivacIE
2009-05-17 01:45 . 2009-05-17 01:45 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-17 01:43 . 2009-05-17 01:43 -------- d-sh--w c:\documents and settings\Archie Neal Brown II\IETldCache
2009-05-17 01:39 . 2009-05-17 01:39 -------- d-----w c:\windows\ie8updates
2009-05-17 01:38 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-17 01:35 . 2009-05-17 01:37 -------- dc-h--w c:\windows\ie8
2009-05-16 13:44 . 2009-05-16 13:45 -------- d-----w C:\rsit
2009-05-15 19:26 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-15 19:26 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 19:26 . 2009-05-16 06:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 19:30 . 2009-01-19 21:52 12800 ----a-w c:\windows\system32\EKDeviceServices.dll
2009-05-03 19:28 . 2008-10-22 11:54 102400 ----a-w c:\windows\system32\EKIJCOINST02.dll
2009-05-03 19:28 . 2008-10-22 11:54 397312 ----a-w c:\windows\system32\EKIJ5000MON.dll
2009-05-03 19:14 . 2009-05-05 21:07 -------- d-----w c:\documents and settings\Archie Neal Brown II\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 14:18 . 2007-12-22 04:53 118224 -c--a-w c:\documents and settings\Archie Neal Brown II\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 06:23 . 2009-01-23 07:01 -------- d-----w c:\program files\Spybot - S & D
2009-05-03 19:27 . 2008-02-28 03:36 -------- d-----w c:\program files\Kodak
2009-04-16 12:22 . 2007-02-23 09:28 118224 -c--a-w c:\documents and settings\Archie Neal Brown II\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 08:01 . 2007-02-24 22:02 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-15 17:06 . 2009-04-15 03:10 -------- d-----w c:\program files\Free Offers from Freeze.com
2009-04-15 03:11 . 2009-04-15 03:11 -------- d-----w c:\program files\VideoLAN
2009-04-15 02:17 . 2009-04-15 02:14 -------- d-----w c:\program files\Memorex exPressit Label Design Studio
2009-04-15 02:14 . 2009-03-10 02:57 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-04-14 11:53 . 2007-02-23 01:17 -------- d-----w c:\program files\Java
2009-04-05 00:01 . 2009-03-23 12:24 -------- d-----w c:\program files\Ask.com
2009-03-26 06:37 . 2007-02-24 22:00 -------- d-----w c:\program files\Common Files\L&H
2009-03-24 12:28 . 2009-03-24 12:28 -------- d-----w c:\program files\Common Files\xing shared
2009-03-24 12:28 . 2007-08-27 00:53 -------- d-----w c:\program files\Common Files\Real
2009-03-24 12:28 . 2007-02-22 13:23 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-09 10:19 . 2008-12-18 05:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 09:34 . 2006-06-23 17:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2003-03-31 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2003-03-31 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2003-03-31 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2003-03-31 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2003-03-31 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2003-03-31 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2003-03-31 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2003-03-31 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2003-03-31 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-21 13:25 . 2009-02-21 13:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-17 02:47 . 2009-02-17 02:47 524288 ----a-w c:\windows\opuc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-16_19.57.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-17 17:36 . 2009-05-17 17:36 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat
+ 2007-02-22 05:28 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
+ 2009-04-15 03:16 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
+ 2006-06-29 14:05 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 14:05 . 2006-06-29 14:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 23:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 23:59 . 2006-06-28 23:59 24576 c:\windows\system32\nlsdl.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
+ 2006-10-17 17:58 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-11-08 03:03 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
+ 2006-11-07 09:26 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
+ 2003-03-31 12:00 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 14:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 14:05 . 2006-06-29 14:05 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 17:58 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
+ 2007-01-04 13:36 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2006-10-17 17:28 . 2006-10-17 17:28 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-10-17 17:28 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-01-04 13:36 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-10-17 17:56 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2006-10-17 17:56 . 2006-10-17 17:56 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-05-09 20:59 . 2009-03-08 09:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 18:05 . 2009-03-08 09:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-01-04 13:36 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-01-04 13:36 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2006-10-17 17:57 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2006-11-07 09:26 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2006-11-07 09:26 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04 . 2009-03-08 09:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2006-10-17 17:44 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 09:33 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2006-11-07 09:26 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2007-02-22 04:52 . 2009-05-17 14:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-22 04:52 . 2009-05-16 19:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-22 04:52 . 2009-05-17 14:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-22 04:52 . 2009-05-16 19:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-22 04:52 . 2009-05-16 19:30 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-02-22 04:52 . 2009-05-17 14:11 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-02-24 22:02 . 2009-04-16 16:07 90112 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-02-24 22:02 . 2009-05-17 01:40 90112 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-02-24 22:02 . 2009-05-17 01:40 45056 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-02-24 22:02 . 2009-04-16 16:07 45056 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-02-24 22:02 . 2009-04-16 16:07 22528 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-02-24 22:02 . 2009-05-17 01:40 22528 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-02-24 22:02 . 2009-05-17 01:40 30720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-02-24 22:02 . 2009-04-16 16:07 30720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-02-24 22:02 . 2009-04-16 16:07 16384 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-02-24 22:02 . 2009-05-17 01:40 16384 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-02-24 22:02 . 2009-05-17 01:40 34304 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-02-24 22:02 . 2009-04-16 16:07 34304 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-04-16 16:07 . 2009-04-16 16:07 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-05-17 01:40 . 2009-05-17 01:40 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-04-02 19:35 . 2009-04-02 19:35 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBPROXY.DLL
+ 2009-04-02 19:35 . 2009-04-02 19:35 68496 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBCOM.EXE
+ 2006-10-27 03:13 . 2006-10-27 03:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNVP.DLL
+ 2006-10-27 03:07 . 2006-10-27 03:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
+ 2009-05-17 01:37 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 44544 c:\windows\ie8\pngfilt.dll
+ 2009-05-17 01:35 . 2006-10-17 17:28 48128 c:\windows\ie8\mshtmler.dll
+ 2009-05-17 01:35 . 2006-10-17 17:56 45568 c:\windows\ie8\mshta.exe
+ 2009-05-17 01:35 . 2006-10-17 17:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-05-17 01:35 . 2009-02-20 18:09 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-05-17 01:35 . 2006-10-17 18:05 40960 c:\windows\ie8\licmgr10.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 27648 c:\windows\ie8\jsproxy.dll
+ 2009-05-17 01:35 . 2006-11-07 09:26 92672 c:\windows\ie8\inseng.dll
+ 2009-05-17 01:35 . 2006-10-17 17:57 36352 c:\windows\ie8\imgutil.dll
+ 2009-05-17 01:35 . 2006-11-07 09:26 55296 c:\windows\ie8\iesetup.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 44544 c:\windows\ie8\iernonce.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 78336 c:\windows\ie8\ieencode.dll
+ 2009-05-17 01:35 . 2009-02-20 10:20 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-05-17 01:35 . 2009-02-20 18:09 63488 c:\windows\ie8\icardie.dll
+ 2009-05-17 01:35 . 2006-10-17 17:44 60416 c:\windows\ie8\hmmapi.dll
+ 2009-05-17 01:35 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2009-05-17 01:35 . 2006-11-07 09:26 71680 c:\windows\ie8\admparse.dll
+ 2007-02-24 22:02 . 2009-05-17 01:40 3584 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-02-24 22:02 . 2009-04-16 16:07 3584 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-02-24 22:02 . 2009-04-16 16:07 8192 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-02-24 22:02 . 2009-05-17 01:40 8192 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-02-24 22:02 . 2009-05-17 01:40 2560 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2007-02-24 22:02 . 2009-04-16 16:07 2560 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-05-17 01:39 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB969497-IE8\iecompat.dll
- 2007-02-24 04:12 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2007-02-24 04:12 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
+ 2006-10-17 18:05 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2003-03-31 12:00 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll
- 2003-03-31 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2003-03-31 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2003-03-31 12:00 . 2009-03-08 09:34 109568 c:\windows\system32\occache.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
+ 2003-03-31 12:00 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll
+ 2006-11-08 03:03 . 2009-03-08 09:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
+ 2006-11-08 03:03 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 183808 c:\windows\system32\iepeers.dll
+ 2003-03-31 12:00 . 2009-03-08 19:09 391536 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 17:27 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe
+ 2003-03-31 12:00 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll
+ 2007-01-04 13:37 . 2009-03-08 09:34 914944 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-08 03:03 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2006-12-19 18:08 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2006-10-17 18:05 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 18:05 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-10-17 18:04 . 2009-03-08 09:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2007-01-04 13:36 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-01-04 13:36 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2003-03-31 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2003-03-31 12:00 . 2006-11-08 03:03 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-05-09 20:59 . 2009-03-08 09:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 18:04 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2007-01-04 13:36 . 2009-03-08 09:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 09:27 . 2009-03-08 19:09 391536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-09 20:59 . 2009-03-08 09:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 09:27 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 09:26 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 09:26 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-01-04 13:36 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-01-04 13:36 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-11-07 09:26 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2009-05-17 05:19 . 2009-05-17 14:11 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2003-03-31 12:00 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll
+ 2007-02-24 22:02 . 2009-05-17 01:40 114688 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-02-24 22:02 . 2009-04-16 16:07 114688 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2006-10-27 02:49 . 2006-10-27 02:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL
+ 2009-05-17 01:39 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969497-IE8\spuninst\updspapi.dll
+ 2009-05-17 01:39 . 2008-07-09 07:38 231288 c:\windows\ie8updates\KB969497-IE8\spuninst\spuninst.exe
+ 2009-05-17 01:35 . 2009-03-03 00:18 826368 c:\windows\ie8\wininet.dll
+ 2009-05-17 01:35 . 2006-10-17 18:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-05-17 01:35 . 2009-02-20 18:09 233472 c:\windows\ie8\webcheck.dll
+ 2009-05-17 01:35 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2009-05-17 01:35 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 105984 c:\windows\ie8\url.dll
+ 2009-05-17 01:37 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-05-17 01:37 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-05-17 01:35 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-05-17 01:35 . 2009-02-20 18:09 102912 c:\windows\ie8\occache.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 671232 c:\windows\ie8\mstime.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 193024 c:\windows\ie8\msrating.dll
+ 2009-05-17 01:35 . 2006-11-08 03:03 156160 c:\windows\ie8\msls31.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 477696 c:\windows\ie8\mshtmled.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 459264 c:\windows\ie8\msfeeds.dll
+ 2009-05-17 01:35 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-05-17 01:35 . 2009-02-28 04:54 636072 c:\windows\ie8\iexplore.exe
+ 2009-05-17 01:35 . 2006-11-08 03:03 180736 c:\windows\ie8\ieui.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 268288 c:\windows\ie8\iertutil.dll
+ 2009-05-17 01:35 . 2006-11-08 03:03 287744 c:\windows\ie8\ieproxy.dll
+ 2009-05-17 01:35 . 2006-11-08 03:03 191488 c:\windows\ie8\iepeers.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 383488 c:\windows\ie8\ieapfltr.dll
+ 2009-05-17 01:35 . 2009-02-20 05:14 161792 c:\windows\ie8\ieakui.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 230400 c:\windows\ie8\ieaksie.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 153088 c:\windows\ie8\ieakeng.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 214528 c:\windows\ie8\dxtrans.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 124928 c:\windows\ie8\advpack.dll
+ 2006-08-31 02:42 . 2009-03-08 09:34 1206784 c:\windows\system32\urlmon.dll
+ 2003-03-31 12:00 . 2009-03-08 09:41 5937152 c:\windows\system32\mshtml.dll
+ 2006-10-17 17:57 . 2009-03-08 09:32 1985024 c:\windows\system32\iertutil.dll
+ 2006-09-06 05:01 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2007-01-25 12:48 . 2009-03-08 09:34 1206784 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-01-04 13:36 . 2009-03-08 09:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 20:59 . 2009-03-08 09:32 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-09 20:59 . 2009-02-07 02:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-04-02 19:35 . 2009-04-02 19:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
+ 2009-05-17 01:35 . 2009-02-20 18:09 1160192 c:\windows\ie8\urlmon.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 3595264 c:\windows\ie8\mshtml.dll
+ 2009-05-17 01:35 . 2009-02-20 18:09 6066176 c:\windows\ie8\ieframe.dll
+ 2009-05-17 01:35 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2007-02-24 03:42 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
+ 2006-11-08 03:03 . 2009-03-08 09:39 11063808 c:\windows\system32\ieframe.dll
+ 2007-05-09 20:58 . 2009-03-08 09:39 11063808 c:\windows\system32\dllcache\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-03 00:50 809864 ----a-w c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - S & D\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 1200128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-24 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2007-9-19 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcshell.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9322:TCP"= 9322:TCP:EKDiscovery
"9323:TCP"= 9323:TCP:EKDiscovery

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

S2 0045631242536209mcinstcleanup;McAfee Application Installer Cleanup (0045631242536209);c:\docume~1\ARCHIE~1\LOCALS~1\Temp\004563~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ARCHIE~1\LOCALS~1\Temp\004563~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [1/19/2009 5:01 PM 279960]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [1/19/2009 5:02 PM 38296]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [1/20/2009 6:18 PM 61840]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0045631242536209MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-17 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-17 18:32]

2009-05-17 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-17 18:32]

2009-05-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-04-03 00:50]

2009-02-10 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - S & D\SDUpdate.exe [2009-01-23 21:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{22FE8EC6-10B9-45BE-99BD-2E99FC81054C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
uInternet Settings,ProxyOverride = *.local
TCP: {AE0A583A-4AC0-474E-930A-0A7A95CA28B8} = 208.67.220.220,208.67.222.222
TCP: {F3196DDC-3178-45DF-9C4B-73CCF695706D} = 208.67.220.220,208.67.222.222
DPF: {302124C4-30A0-484A-9C7A-B51D5BA5306B}
DPF: {4396C620-ACCD-11DC-AA5D-0002A5D5C51B}
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 13:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-17 13:03
ComboFix-quarantined-files.txt 2009-05-17 18:02
ComboFix2.txt 2009-05-16 20:03

Pre-Run: 13,437,652,992 bytes free
Post-Run: 13,419,409,408 bytes free

399 --- E O F --- 2009-04-16 16:08
anbrown3
Active Member
 
Posts: 14
Joined: February 10th, 2009, 3:38 am

Re: Can not run or update spybot or mcafee

Unread postby Shaba » May 17th, 2009, 2:41 pm

It didn't go as supposed.

Please follow my instructions exactly, word by word, and try again.

You are not supposed to just doubleclick Combofix.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Can not run or update spybot or mcafee

Unread postby anbrown3 » May 17th, 2009, 5:22 pm

I tried to followit exactly this time. I hope I got it right. It asked me if I wanted to update combofix I did not update. Let me know if I need to udat and do it again.

ComboFix 09-05-17.01 - Archie Neal Brown II 05/17/2009 16:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]
Running from: c:\documents and settings\Archie Neal Brown II\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Archie Neal Brown II\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-17 17:43 . 2009-05-17 17:48 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-05-17 05:19 . 2009-05-17 05:19 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-17 05:01 . 2006-03-03 13:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-05-17 04:57 . 2007-11-22 11:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-05-17 04:57 . 2007-12-02 17:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-05-17 04:57 . 2007-11-22 11:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-05-17 04:57 . 2007-11-22 11:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-05-17 04:57 . 2007-11-22 11:44 201320 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-05-17 04:56 . 2007-07-13 11:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-05-17 04:56 . 2009-05-17 04:56 -------- d-----w c:\program files\McAfee.com
2009-05-17 04:56 . 2009-05-17 04:57 -------- d-----w c:\program files\Common Files\McAfee
2009-05-17 04:55 . 2009-05-17 05:01 -------- d-----w c:\program files\McAfee
2009-05-17 02:32 . 2009-05-17 02:32 -------- d-sh--w c:\documents and settings\Archie Neal Brown II\PrivacIE
2009-05-17 01:45 . 2009-05-17 01:45 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-17 01:43 . 2009-05-17 01:43 -------- d-sh--w c:\documents and settings\Archie Neal Brown II\IETldCache
2009-05-17 01:39 . 2009-05-17 01:39 -------- d-----w c:\windows\ie8updates
2009-05-17 01:38 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-17 01:35 . 2009-05-17 01:37 -------- dc-h--w c:\windows\ie8
2009-05-16 13:44 . 2009-05-16 13:45 -------- d-----w C:\rsit
2009-05-15 19:26 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-15 19:26 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 19:26 . 2009-05-16 06:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 19:30 . 2009-01-19 21:52 12800 ----a-w c:\windows\system32\EKDeviceServices.dll
2009-05-03 19:28 . 2008-10-22 11:54 102400 ----a-w c:\windows\system32\EKIJCOINST02.dll
2009-05-03 19:28 . 2008-10-22 11:54 397312 ----a-w c:\windows\system32\EKIJ5000MON.dll
2009-05-03 19:14 . 2009-05-05 21:07 -------- d-----w c:\documents and settings\Archie Neal Brown II\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 14:18 . 2007-12-22 04:53 118224 -c--a-w c:\documents and settings\Archie Neal Brown II\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 06:23 . 2009-01-23 07:01 -------- d-----w c:\program files\Spybot - S & D
2009-05-03 19:27 . 2008-02-28 03:36 -------- d-----w c:\program files\Kodak
2009-04-16 12:22 . 2007-02-23 09:28 118224 -c--a-w c:\documents and settings\Archie Neal Brown II\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 08:01 . 2007-02-24 22:02 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-15 17:06 . 2009-04-15 03:10 -------- d-----w c:\program files\Free Offers from Freeze.com
2009-04-15 03:11 . 2009-04-15 03:11 -------- d-----w c:\program files\VideoLAN
2009-04-15 02:17 . 2009-04-15 02:14 -------- d-----w c:\program files\Memorex exPressit Label Design Studio
2009-04-15 02:14 . 2009-03-10 02:57 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-04-14 11:53 . 2007-02-23 01:17 -------- d-----w c:\program files\Java
2009-04-05 00:01 . 2009-03-23 12:24 -------- d-----w c:\program files\Ask.com
2009-03-26 06:37 . 2007-02-24 22:00 -------- d-----w c:\program files\Common Files\L&H
2009-03-24 12:28 . 2009-03-24 12:28 -------- d-----w c:\program files\Common Files\xing shared
2009-03-24 12:28 . 2007-08-27 00:53 -------- d-----w c:\program files\Common Files\Real
2009-03-24 12:28 . 2007-02-22 13:23 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-09 10:19 . 2008-12-18 05:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 09:34 . 2006-06-23 17:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2003-03-31 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2003-03-31 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2003-03-31 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2003-03-31 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2003-03-31 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2003-03-31 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2003-03-31 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2003-03-31 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2003-03-31 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-21 13:25 . 2009-02-21 13:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-17 02:47 . 2009-02-17 02:47 524288 ----a-w c:\windows\opuc.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-17_18.00.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-22 04:52 . 2009-05-17 21:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-22 04:52 . 2009-05-17 14:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-22 04:52 . 2009-05-17 21:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-22 04:52 . 2009-05-17 14:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-22 04:52 . 2009-05-17 21:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-02-22 04:52 . 2009-05-17 14:11 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-17 05:19 . 2009-05-17 21:09 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-05-17 05:19 . 2009-05-17 14:11 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-03 00:50 809864 ----a-w c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - S & D\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 1200128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-24 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2007-9-19 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcshell.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9322:TCP"= 9322:TCP:EKDiscovery
"9323:TCP"= 9323:TCP:EKDiscovery

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

S2 0045631242536209mcinstcleanup;McAfee Application Installer Cleanup (0045631242536209);c:\docume~1\ARCHIE~1\LOCALS~1\Temp\004563~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ARCHIE~1\LOCALS~1\Temp\004563~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [1/19/2009 5:01 PM 279960]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [1/19/2009 5:02 PM 38296]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [1/20/2009 6:18 PM 61840]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0045631242536209MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-17 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-17 18:32]

2009-05-17 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-17 18:32]

2009-05-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-04-03 00:50]

2009-02-10 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - S & D\SDUpdate.exe [2009-01-23 21:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{22FE8EC6-10B9-45BE-99BD-2E99FC81054C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
uInternet Settings,ProxyOverride = *.local
TCP: {AE0A583A-4AC0-474E-930A-0A7A95CA28B8} = 208.67.220.220,208.67.222.222
TCP: {F3196DDC-3178-45DF-9C4B-73CCF695706D} = 208.67.220.220,208.67.222.222
DPF: {302124C4-30A0-484A-9C7A-B51D5BA5306B}
DPF: {4396C620-ACCD-11DC-AA5D-0002A5D5C51B}
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 16:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-05-17 16:16
ComboFix-quarantined-files.txt 2009-05-17 21:15
ComboFix2.txt 2009-05-17 18:03
ComboFix3.txt 2009-05-16 20:03

Pre-Run: 13,428,359,168 bytes free
Post-Run: 13,410,938,880 bytes free

223 --- E O F --- 2009-04-16 16:08
anbrown3
Active Member
 
Posts: 14
Joined: February 10th, 2009, 3:38 am

Re: Can not run or update spybot or mcafee

Unread postby Shaba » May 18th, 2009, 12:08 am

Did you copy this also to CFScript?

Folder::

It won't without it.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Can not run or update spybot or mcafee

Unread postby Shaba » May 23rd, 2009, 3:23 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware