TCB

I do. I was trying to avoid that long painful process, but I guess it is time. Thanks for your help.

Issues that remain: --Internet still only works in safe mode --Normal startup gives AsmiHwlo "Cannot open kernel driver asLM75.sys" popup followed by AsGetDmi "Can't load AsmiHwIo.dll" --McAfee real time scanning is disabled and turns on for a few seconds and then turns off --Shortly after regular startup I get InCD Essentials "The InCD helper service could not be found. InCD cannot start." --Sound control panel reports No audio devices installed. This last I am not sure is directly connected but I didn't notice it before. Before the debug process started, I only had the first symptom that I know. Security Check log: Results of screen317's Security Check version 0.99.7 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! ESET Online Scanner v3 McAfee SecurityCenter Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner (remove only) Java 2 SDK Enterprise Edition v1.3.1 Java 2 SDK Standard Edition v1.3.1 Java Web Start Java 6 Update 20 Java 2 SDK, SE v1.4.2_04 Java 2 Runtime Environment, SE v1.4.2_04 Java 2 Runtime Environment, SE v1.4.1_02 Out of date Java installed! Adobe Flash Player 10.3.181.26 Adobe Reader 9.1.2 Adobe Reader 9.3 Out of date Adobe Reader installed! Mozilla Firefox (3.6.18) Mozilla Thunderbird (1.0.2) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````

ESET Log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=4ff2a585d493cf4ba1225a66d95b6387 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-12 03:51:30 # local_time=2011-07-11 08:51:30 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 216460707 216460707 0 0 # compatibility_mode=5121 16777190 100 75 4008633 23425402 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=228741 # found=11 # cleaned=11 # scan_time=6686 C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237752.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237753.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237754.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237755.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237756.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237757.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237758.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237760.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237761.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{73788396-D6E4-4757-B417-21AFC9A8FEF0}\RP1122\A0237762.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\tmp\downloads\Nero-7.11.10.0_all_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

ComboFix 11-07-07.05 - topcat 07/07/2011 21:19:11.1.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.745 [GMT -7:00] Running from: c:\documents and settings\topcat\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator.ARAGORN.002\WINDOWS c:\documents and settings\topcat\Application Data\PriceGong c:\documents and settings\topcat\Application Data\PriceGong\Data\1.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\a.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\b.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\c.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\d.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\e.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\f.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\g.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\h.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\i.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\J.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\k.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\l.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\m.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\mru.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\n.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\o.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\p.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\q.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\r.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\s.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\t.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\u.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\v.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\w.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\x.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\y.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\z.xml c:\documents and settings\topcat\WINDOWS c:\windows\BackUp c:\windows\BackUp\TB041126.DAT c:\windows\system32\Cache c:\windows\system32\dllcache\download c:\windows\system32\dllcache\update.bat c:\windows\System32\hrq.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NETWORK -------\Legacy_WINDOWS_MESSENGER . . ((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 ))))))))))))))))))))))))))))))) . . 2011-07-06 04:34 . 2011-07-06 04:34 -------- d--h--w- c:\documents and settings\data\.TemporaryItems 2011-07-02 17:58 . 2011-07-02 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-06-22 02:10 . 2011-06-22 02:10 -------- d-----w- c:\documents and settings\topcat\Application Data\Malwarebytes 2011-06-22 01:52 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-22 01:52 . 2011-06-22 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-22 01:52 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-18 17:11 . 2011-06-29 17:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-18 17:02 . 2011-07-08 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-06-17 05:28 . 2011-06-27 04:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-06-17 02:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-14 04:12 . 2011-06-14 04:12 11861 ----a-w- c:\windows\system32\drivers\mdc8021x.sys 2011-06-14 04:11 . 2011-06-14 04:12 -------- d-----w- c:\program files\D-Link AirPlus Xtreme G 2011-06-14 04:11 . 2003-12-19 21:06 351776 ----a-w- c:\windows\system32\drivers\ar52119x.sys 2011-06-14 04:11 . 2003-10-28 17:34 114688 ----a-w- c:\windows\system32\athcfg10.dll 2011-06-14 04:11 . 2003-06-01 03:10 651264 ----a-r- c:\windows\system32\libeay32.dll 2011-06-14 04:11 . 2003-06-01 03:10 450560 ----a-r- c:\windows\system32\AegisE5.dll 2011-06-14 04:11 . 2003-06-01 03:10 327680 ----a-r- c:\windows\system32\AegisE2.dll 2011-06-14 04:11 . 2003-06-01 03:10 147456 ----a-r- c:\windows\system32\ssleay32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-04 17:26 . 2011-05-27 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-02 15:31 . 2004-06-07 22:19 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2003-03-31 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2003-03-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2006-06-23 18:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2008-06-15 02:10 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2003-03-31 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-14 21:01 . 2011-02-26 20:53 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 21:01 . 2011-02-26 20:53 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-04-14 21:01 . 2011-02-26 20:53 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 21:01 . 2011-02-26 20:53 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-04-14 21:01 . 2011-02-26 20:53 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 21:01 . 2011-02-26 20:53 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 21:01 . 2011-02-26 20:53 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 21:01 . 2011-02-26 20:53 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 21:01 . 2011-02-26 20:53 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 21:01 . 2011-02-26 20:53 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 21:01 . 2011-02-26 20:53 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-04-13 03:23 . 2010-11-18 16:29 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-04-14 21:01 . 2011-02-26 20:53 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2004-08-06 2502656] "Virtual Dimension"="c:\root\Virtual Dimension\VirtualDimension.exe" [2005-07-09 446976] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] "SpybotSD TeaTimer"="c:\antispyware\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nForce Tray Options"="sstray.exe" [2003-08-13 73728] "ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984] "AtiPTA"="atiptaxx.exe" [2001-09-27 245760] "SMSERIAL"="sm56hlpr.exe" [2003-06-19 548864] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672] "WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2005-08-07 974848] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-07-18 1028096] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744] "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688] "Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] . c:\documents and settings\topcat\Start Menu\Programs\Startup\ BHO Cop.lnk - c:\antispyware\BHOCop\BHOCop.exe [2004-11-18 212992] Dropbox.lnk - c:\documents and settings\topcat\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2005-3-28 1466384] D-Link AirPlus Xtreme G Configuration Utility.lnk - c:\program files\D-Link AirPlus Xtreme G\AirPlus.exe [2011-6-13 512077] D-Link REG Utility.lnk - c:\program files\D-Link AirPlus Xtreme G\Reg.exe [2011-6-13 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-8-20 184320] SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2004-8-20 598069] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "c:\\Documents and Settings\\topcat\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [8/25/2004 12:34 PM 17792] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [8/19/2004 3:57 PM 89749] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [8/19/2004 3:57 PM 9600] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/26/2011 1:53 PM 84200] R2 CVS;CVSNT;c:\root\cvsnt\cvsservice.exe [12/10/2003 5:22 PM 45056] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/6/2008 9:46 AM 88176] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2011 1:53 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2011 1:53 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/26/2011 1:53 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/26/2011 1:53 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/26/2011 1:53 PM 56064] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/26/2011 1:53 PM 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/26/2011 1:53 PM 88736] S3 Boingo Wireless Engine;Boingo Wireless Engine;c:\program files\Boingo\Boingo Wireless Software\WENGINE2\BWEngine.exe [9/6/2006 5:42 PM 853576] S3 Boingo WMonitor;Boingo WMonitor;c:\program files\Boingo\Boingo Wireless Software\WENGINE2\WMonitor.exe [9/6/2006 5:42 PM 79432] S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;\??\c:\windows\System32\BWNDIS5.SYS --> c:\windows\System32\BWNDIS5.SYS [?] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\tmp\everesthome220\kerneld.wnt --> c:\tmp\everesthome220\kerneld.wnt [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/26/2011 1:53 PM 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/26/2011 1:53 PM 84488] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [8/20/2004 12:21 AM 166720] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-583907252-725345543-1003Core.job - c:\documents and settings\topcat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-03 03:39] . 2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-583907252-725345543-1003UA.job - c:\documents and settings\topcat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-03 03:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm Trusted Zone: intuit.com\ttlc Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\topcat\Application Data\Mozilla\Firefox\Profiles\ptdtz2ej.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . BHO-{2F19EFE8-0C72-2C85-7BF0-5087ED84BFED} - c:\windows\System32\tnwjypmg.dll BHO-{8B1DB7BD-0023-058D-7B27-0AC2B95F1792} - c:\windows\System32\iav.dll BHO-{946C8458-6CCB-1163-9AD1-4681E8B55EB5} - c:\windows\System32\hrq.dll BHO-{996C8659-6CCA-1C64-9AA0-30819DB05EB3} - c:\windows\System32\hrq.dll HKCU-Run-System Stats - SystemStats.exe HKCU-Run-Yahoo Update - Yahoo.exe HKCU-Run-McAfee AntiVirus - McAffee.exe HKCU-Run-Tasu - c:\documents and settings\topcat\Application Data\nahh.exe HKLM-Run-System Stats - SystemStats.exe HKLM-Run-Yahoo Update - Yahoo.exe HKLM-Run-NWEReboot - (no file) HKU-Default-RunOnce-Win32 Configuration - mplayer.exe Notify-!SASWinLogon - (no file) Notify-WgaLogon - (no file) AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe AddRemove-Sun Download Manager v1.1 - c:\program files\SDM\Uninstal.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-07 21:33 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Virtual Dimension = c:\root\Virtual Dimension\VirtualDimension.exe????v?8?"??cE~????????$?"?p,??????????????????????`?"???A~??v???????????A~??????????????????"?s??|p?"???????v?????????????p,??`cE~??A~??A~???????????????????????????????????????|??????"???"???B~??v???????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\tmp\everesthome220\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4340) c:\windows\system32\WININET.dll c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Common Files\Seagate\Schedule2\schedul2.exe c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Apache Group\Apache\Apache.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Apache Group\Apache\Apache.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\root\cvsnt\cvslock.exe c:\windows\System32\inetsrv\inetinfo.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\System32\nvsvc32.exe c:\windows\System32\tcpsvcs.exe c:\windows\System32\snmp.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\windows\system32\rundll32.exe c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\sstray.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Logitech\MouseWare\system\em_exec.exe c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-07-07 21:41:57 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-08 04:41 . Pre-Run: 193,043,435,520 bytes free Post-Run: 192,031,391,744 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - ECB7554A0B175776EFE9C48661194799 . DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Run by topcat at 21:54:23 on 2011-07-07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.640 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\antisp~1\spybot~1\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110515172840.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet uRun: [Virtual Dimension] c:\root\virtual dimension\VirtualDimension.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [spybotSD TeaTimer] c:\antispyware\spybot - search & destroy\TeaTimer.exe mRun: [nForce Tray Options] sstray.exe /r mRun: [ASUS Probe] c:\program files\asus\probe\AsusProb.exe mRun: [AtiPTA] atiptaxx.exe mRun: [sMSERIAL] sm56hlpr.exe mRun: [Logitech Utility] Logi_MwX.Exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe" mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [inCD] c:\program files\nero\nero 7\incd\InCD.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\bhocop~1.lnk - c:\antispyware\bhocop\BHOCop.exe StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\topcat\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus xtreme g\AirPlus.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~2.lnk - c:\program files\d-link airplus xtreme g\Reg.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\antisp~1\spybot~1\SDHelper.dll Trusted Zone: intuit.com\ttlc Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2D815017-A52E-4748-89BF-0A1D8E792B65} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{60673716-6D42-46D2-829A-36A16785A3C9} : DhcpNameServer = 192.168.1.254 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\ FF - component: c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\documents and settings\topcat\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-26 387480] R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2004-8-25 17792] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-19 89749] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2004-8-19 9600] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-26 84200] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-26 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-26 141792] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-26 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 88736] S2 CVS;CVSNT;c:\root\cvsnt\cvsservice.exe [2003-12-10 45056] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-6 88176] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 271480] S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 271480] S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-26 171168] S3 Boingo Wireless Engine;Boingo Wireless Engine;c:\program files\boingo\boingo wireless software\wengine2\BWEngine.exe [2006-9-6 853576] S3 Boingo WMonitor;Boingo WMonitor;c:\program files\boingo\boingo wireless software\wengine2\WMonitor.exe [2006-9-6 79432] S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\bwndis5.sys --> c:\windows\system32\BWNDIS5.SYS [?] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-26 56064] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\tmp\everesthome220\kerneld.wnt --> c:\tmp\everesthome220\kerneld.wnt [?] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-26 153280] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-26 52320] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-26 84488] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2004-8-20 166720] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-3-28 189792] . =============== Created Last 30 ================ . 2011-07-08 04:14:34 -------- d-sha-r- C:\cmdcons 2011-07-08 04:04:42 98816 ----a-w- c:\windows\sed.exe 2011-07-08 04:04:42 518144 ----a-w- c:\windows\SWREG.exe 2011-07-08 04:04:42 256000 ----a-w- c:\windows\PEV.exe 2011-07-08 04:04:42 208896 ----a-w- c:\windows\MBR.exe 2011-07-02 17:58:05 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-06-22 02:10:37 -------- d-----w- c:\documents and settings\topcat\application data\Malwarebytes 2011-06-22 01:52:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-22 01:52:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-06-22 01:52:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-18 17:11:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-17 02:55:08 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-14 04:12:07 11861 ----a-w- c:\windows\system32\drivers\mdc8021x.sys 2011-06-14 04:11:58 -------- d-----w- c:\program files\D-Link AirPlus Xtreme G 2011-06-14 04:11:43 351776 ----a-w- c:\windows\system32\drivers\ar52119x.sys 2011-06-14 04:11:42 114688 ----a-w- c:\windows\system32\athcfg10.dll 2011-06-14 04:11:41 651264 ----a-r- c:\windows\system32\libeay32.dll 2011-06-14 04:11:41 450560 ----a-r- c:\windows\system32\AegisE5.dll 2011-06-14 04:11:41 327680 ----a-r- c:\windows\system32\AegisE2.dll 2011-06-14 04:11:41 147456 ----a-r- c:\windows\system32\ssleay32.dll . ==================== Find3M ==================== . 2011-07-04 17:26:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-04-14 21:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-04-13 03:23:39 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . ============= FINISH: 21:55:32.68 ===============

Should I download a fresh copy of DDS? I used the one from http://download.bleepingcomputer.com/sUBs/dds.scr for the orginal post. Below is the updated MBAM log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7011 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 7/3/2011 9:32:48 AM mbam-log-2011-07-03 (09-32-38).txt Scan type: Quick scan Objects scanned: 218794 Time elapsed: 3 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 6 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Stats (Worm.WootBot) -> Value: System Stats -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Update (Worm.WootBot) -> Value: Yahoo Update -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\McAfee AntiVirus (Worm.WootBot) -> Value: McAfee AntiVirus -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Stats (Worm.WootBot) -> Value: System Stats -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Update (Worm.WootBot) -> Value: Yahoo Update -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Yahoo Update (Worm.WootBot) -> Value: Yahoo Update -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Hello all, My first time on the board. I have Windows XP SP3 Internet only works in safe mode. MB log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6957 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 6/26/2011 10:07:01 PM mbam-log-2011-06-26 (22-07-01).txt Scan type: Quick scan Objects scanned: 217537 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS log: . DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Run by topcat at 20:35:09 on 2011-06-27 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.534 [GMT -7:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\tmp\downloads\cleaners\Defogger.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = uSearch Bar = uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {2f19efe8-0c72-2c85-7bf0-5087ed84bfed} - c:\windows\system32\tnwjypmg.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110515172840.dll BHO: {8b1db7bd-0023-058d-7b27-0ac2b95f1792} - c:\windows\system32\iav.dll BHO: {946c8458-6ccb-1163-9ad1-4681e8b55eb5} - c:\windows\system32\hrq.dll BHO: {996c8659-6cca-1c64-9aa0-30819db05eb3} - c:\windows\system32\hrq.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet uRun: [system Stats] SystemStats.exe uRun: [Yahoo Update] Yahoo.exe uRun: [McAfee AntiVirus] McAffee.exe uRun: [Tasu] c:\documents and settings\topcat\application data\nahh.exe uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background uRun: [Virtual Dimension] c:\root\virtual dimension\VirtualDimension.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\topcat\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [nForce Tray Options] sstray.exe /r mRun: [ASUS Probe] c:\program files\asus\probe\AsusProb.exe mRun: [AtiPTA] atiptaxx.exe mRun: [sMSERIAL] sm56hlpr.exe mRun: [Logitech Utility] Logi_MwX.Exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe" mRun: [system Stats] SystemStats.exe mRun: [Yahoo Update] Yahoo.exe mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper mRun: [NWEReboot] mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [inCD] c:\program files\nero\nero 7\incd\InCD.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunServices: [Yahoo Update] Yahoo.exe dRunOnce: [Win32 Configuration] mplayer.exe StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\bhocop~1.lnk - c:\antispyware\bhocop\BHOCop.exe StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\topcat\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus xtreme g\AirPlus.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~2.lnk - c:\program files\d-link airplus xtreme g\Reg.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Search IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll Trusted Zone: intuit.com\ttlc Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2D815017-A52E-4748-89BF-0A1D8E792B65} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{60673716-6D42-46D2-829A-36A16785A3C9} : DhcpNameServer = 192.168.1.254 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 relog_ap . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\ FF - component: c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\documents and settings\topcat\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-18 64512] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-26 387480] R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2004-8-25 17792] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-19 89749] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2004-8-19 9600] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-26 84200] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2151128] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-26 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-26 141792] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-26 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 88736] S2 CVS;CVSNT;c:\root\cvsnt\cvsservice.exe [2003-12-10 45056] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-6 88176] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 271480] S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 271480] S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-26 171168] S3 Boingo Wireless Engine;Boingo Wireless Engine;c:\program files\boingo\boingo wireless software\wengine2\BWEngine.exe [2006-9-6 853576] S3 Boingo WMonitor;Boingo WMonitor;c:\program files\boingo\boingo wireless software\wengine2\WMonitor.exe [2006-9-6 79432] S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\bwndis5.sys --> c:\windows\system32\BWNDIS5.SYS [?] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-26 56064] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\tmp\everesthome220\kerneld.wnt --> c:\tmp\everesthome220\kerneld.wnt [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-26 153280] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-26 52320] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-26 84488] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2004-8-20 166720] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-3-28 189792] . =============== Created Last 30 ================ . 2011-06-22 02:10:37 -------- d-----w- c:\documents and settings\topcat\application data\Malwarebytes 2011-06-22 01:52:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-22 01:52:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-06-22 01:52:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-19 11:38:26 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-06-18 17:11:00 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-18 17:04:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-06-18 17:02:18 -------- d-----w- c:\program files\Lavasoft 2011-06-17 02:55:08 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-14 04:12:07 11861 ----a-w- c:\windows\system32\drivers\mdc8021x.sys 2011-06-14 04:11:58 -------- d-----w- c:\program files\D-Link AirPlus Xtreme G 2011-06-14 04:11:43 351776 ----a-w- c:\windows\system32\drivers\ar52119x.sys 2011-06-14 04:11:42 114688 ----a-w- c:\windows\system32\athcfg10.dll 2011-06-14 04:11:41 651264 ----a-r- c:\windows\system32\libeay32.dll 2011-06-14 04:11:41 450560 ----a-r- c:\windows\system32\AegisE5.dll 2011-06-14 04:11:41 327680 ----a-r- c:\windows\system32\AegisE2.dll 2011-06-14 04:11:41 147456 ----a-r- c:\windows\system32\ssleay32.dll 2011-06-03 03:40:53 -------- d-----w- c:\documents and settings\topcat\local settings\application data\Temp . ==================== Find3M ==================== . 2011-05-27 14:22:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-04-14 21:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-04-13 03:23:39 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 20:36:10.20 =============== Thanks. attach.zip