Jump to content

MissKiki

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by MissKiki

  1. Thanks - I've updated Java, but I can't (not allowed to) update IE. Is there anything else I should do? If not, thank you so much for all your support!!!!
  2. From Bitdefender QuickScan: QuickScan Beta 32-bit v0.9.9.96 ------------------------------- Scan date: Sun Jul 03 12:50:46 2011 Machine ID: D88B4920 No infection found. ------------------- Processes --------- Alps Pointing-device Driver 2796 C:\Program Files\Apoint\Apoint.exe Alps Pointing-device Driver 796 C:\Program Files\Apoint\hidfind.exe Alps Pointing-device Driver for Windows 3196 C:\Program Files\Apoint\ApntEx.exe ApMsgFwd 3636 C:\Program Files\Apoint\ApMsgFwd.exe C-Major Audio 1620 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe C-Major Audio 3416 C:\WINDOWS\stsystra.exe COCIManager.exe 5128 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe Cyberlink PowerCinema 860 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe DMPrimer 952 C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe EPAService Module 216 C:\epa.epa\EPAService.exe Eupr 1392 C:\Program Files\Eupr\xrxacm_pa.exe Intel® Common User Interface 2536 C:\WINDOWS\system32\hkcmd.exe Intel® Common User Interface 2600 C:\WINDOWS\system32\igfxpers.exe Intel® Common User Interface 2608 C:\WINDOWS\system32\igfxsrvc.exe Java Platform SE 6 U14 420 C:\Program Files\Java\jre6\bin\jqs.exe Java Platform SE 6 U14 3172 C:\Program Files\Java\jre6\bin\jusched.exe Logitech QuickCam 1500 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe LogWatNT.exe 1228 C:\WINDOWS\LogWatNT.exe McAfee Agent 700 C:\Program Files\McAfee\Common Framework\FrameworkService.exe McAfee Agent 828 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe McAfee Agent 336 C:\Program Files\McAfee\Common Framework\UdaterUI.exe McAfee System Tray 8816 C:\Program Files\McAfee\Common Framework\McTray.exe Microsoft IntelliPoint 3168 C:\Program Files\Microsoft IntelliPoint\ipoint.exe Microsoft Office 2003 10060 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Microsoft Office Outlook 1416 C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE Microsoft® Windows® Operating System 1384 C:\WINDOWS\system32\spoolsv.exe Microsoft® Windows® Operating System 2652 C:\WINDOWS\system32\wbem\wmiprvse.exe Microsoft® Windows® Operating System 4840 C:\WINDOWS\system32\wbem\wmiprvse.exe Microsoft® Windows® Operating System 2208 C:\WINDOWS\system32\wbem\wmiprvse.exe NicConfigSvc 1168 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PaperPort 728 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe Pointsec PC 3432 C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe Prot_srv.exe 1192 C:\WINDOWS\system32\Prot_srv.exe pstartSr.exe 1276 C:\WINDOWS\system32\pstartSr.exe Quickcam.exe 2128 C:\Program Files\Logitech\QuickCam\Quickcam.exe QuickSet 3552 C:\Program Files\Dell\QuickSet\quickset.exe Software Delivery 4076 C:\SxpInst\sxplog32.exe Software Manager 3384 C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe SYSCORE 1076 C:\WINDOWS\system32\mfevtps.exe System Center Configuration Manager 1556 C:\WINDOWS\system32\CCM\CcmExec.exe Unicenter Message Queuing 668 C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe Unicenter Remote Control 1292 C:\Program Files\CA\Unicenter Remote Control\rcHost.exe VirusScan Enterprise 9548 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe VirusScan Enterprise 1036 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe VSCORE 400 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe VSCORE 1088 C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe Windows® Internet Explorer 10108 C:\Program Files\Internet Explorer\iexplore.exe xrxacm_euprsvc.exe 1356 C:\Program Files\Eupr\xrxacm_euprsvc.exe (verified) Microsoft® Windows® Operating System 7544 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 2200 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 3896 C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System 1760 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 1436 C:\WINDOWS\system32\scardsvr.exe (verified) Microsoft® Windows® Operating System 1748 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 1564 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1932 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 2008 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1012 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 516 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 476 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 368 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1704 C:\WINDOWS\system32\winlogon.exe Network activity ---------------- Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160 Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160 Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160 Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160 Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160 Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160 Process iexplore.exe (10108) connected on port 80 (HTTP) --> 63.116.246.48 Process iexplore.exe (10108) connected on port 80 (HTTP) --> 63.116.246.82 Process iexplore.exe (10108) connected on port 80 (HTTP) --> 66.235.142.57 Process iexplore.exe (10108) connected on port 80 (HTTP) --> 69.171.224.11 Process iexplore.exe (10108) connected on port 80 (HTTP) --> 72.14.204.102 Process iexplore.exe (10108) connected on port 80 (HTTP) --> 63.116.246.48 Process cam.exe (668) listens on ports: 3104, 4105 Process FrameworkService.exe (700) listens on ports: 12085 Process rcHost.exe (1292) listens on ports: 798 Process svchost.exe (2008) listens on ports: 135 (RPC) Autoruns and critical files --------------------------- Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Alps Pointing-device Driver C:\Program Files\Apoint\Apoint.exe Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe C-Major Audio C:\WINDOWS\stsystra.exe Cyberlink PowerCinema C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe Java Platform SE 6 U14 C:\Program Files\Java\jre6\bin\jusched.exe McAfee Agent C:\Program Files\McAfee\Common Framework\UdaterUI.exe Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe Microsoft Office Communicator 2007 C:\Program Files\Microsoft Office Communicator\communicator.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll PaperPort C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe PaperPort C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe Pointsec PC C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe Quickcam.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe QuickSet C:\Program Files\Dell\QuickSet\quickset.exe QuickTime C:\Program Files\QuickTime\qttask.exe Software Delivery C:\SxpInst\sxpstub.exe Software Manager C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe SSBkgdUpdate Application C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe VirusScan Enterprise C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll Browser plugins --------------- AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll Garmin Communicator Plug-In C:\Program Files\Garmin GPS Plugin\npGarmin.dll InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe Java Platform SE 6 U14 C:\Program Files\Java\jre6\bin\jp2ssv.dll Java Platform SE 6 U14 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll VSCORE C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517092442.dll Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll (verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll (verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll (verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll (verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll (verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll (verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll Missing files ------------- File not found: c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll --> HKLM\Software\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\InprocServer32\"(default)" File not found: c:\program files\google\google toolbar\googletoolbar_32.dll --> HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32\"(default)" --> HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32\"(default)" File not found: c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll --> HKLM\Software\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32\"(default)" Scan ---- MD5: 84cd42c6ff6c752a2131bdfeb6dc265e C:\CA_APPSW\DTS30\bin\tngdoba.exe MD5: 53bb9df3a2c1c9e505f2e5342a3446e1 C:\CA_APPSW\DTS30\bin\tngdta.exe MD5: 9903d0eb32729f4cfe84a7292cb21e64 C:\CA_APPSW\DTS30\bin\tngdtmg.exe MD5: d01068873f6f42800250ae55fc22f353 C:\CA_LIC\lic98.dll MD5: 1af1360e070bd8ea402f793ef6fbaaeb C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe MD5: 173c4ccff4a3acd356abbd4bc4082645 c:\epa.epa\arpcollector.sys MD5: 40628d6e808baee13d15f5213db7b811 C:\epa.epa\EPAService.exe MD5: 37bf603c3685289ca684c4d3400a9de7 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe MD5: 83a27bdc021979643dde277bba83f0c0 C:\Program Files\Apoint\ApMsgFwd.exe MD5: 99a7b10500920e5cc79b700927b18bc1 C:\Program Files\Apoint\ApntEx.exe MD5: af38d98e11995342850e94fdacba326e C:\Program Files\Apoint\Apoint.DLL MD5: 5bdd2ae06f704d8257255ed8009ca722 C:\Program Files\Apoint\Apoint.exe MD5: 4afb0f5533405bf53f26423bf8726ba9 C:\Program Files\Apoint\EzAuto.dll MD5: c574c551637734b13278898fe2d12d15 C:\Program Files\Apoint\hidfind.exe MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe MD5: b6e6d065ccdb1e986c45988218d9e2ae C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe MD5: 9fc5947be80e15695b6e9c5c5b2990f5 C:\Program Files\CA\SharedComponents\CAM\bin\emcci2.dll MD5: dce518f18d485f15ec52810540955749 C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe MD5: a8c1de79e548688363812aeb3013bf82 C:\Program Files\CA\Unicenter Remote Control\CAWINEXF.dll MD5: 0818a072f87b315a6c71179eb8d15ddb C:\Program Files\CA\Unicenter Remote Control\libetpki.dll MD5: 028a3c347ae519856335ab3664b69cf5 C:\Program Files\CA\Unicenter Remote Control\libetpki_thread.dll MD5: ac9b094618eb2cfcaf00cfdb80a2304c C:\Program Files\CA\Unicenter Remote Control\pthread.dll MD5: 8aea17c00d6228dc0c5e181fdb6cb105 C:\Program Files\CA\Unicenter Remote Control\rcconfig.dll MD5: bdce26a58394d3201adefff4b6a9c5d8 C:\Program Files\CA\Unicenter Remote Control\rcencrypt.dll MD5: afab15d059b0bf1d846e4409962c5943 C:\Program Files\CA\Unicenter Remote Control\rcevent.dll MD5: 47fcd937234da246fdafd869c74dcb98 C:\Program Files\CA\Unicenter Remote Control\rcevent_EN.dll MD5: 6965c42dd28aa9c7ba6b5a4b2e3d8d69 C:\Program Files\CA\Unicenter Remote Control\rcHost.exe MD5: 7470f61d120bc2a57a854671d9d71281 C:\Program Files\CA\Unicenter Remote Control\rcHost_en.dll MD5: d8c92158be81860f02d490f8ceb0fedc C:\Program Files\CA\Unicenter Remote Control\rcnetwork.dll MD5: 1852d08b38e89b9ac272daf4edde7171 C:\Program Files\CA\Unicenter Remote Control\rcos.dll MD5: 6bda59eda493e88a6a0ee8580ea24b72 C:\Program Files\CA\Unicenter Remote Control\rcSock.dll MD5: 9c7b7f5080e3754e279a281741b6e139 C:\Program Files\CA\Unicenter Remote Control\rctcp.dll MD5: 347c036611bb13d51f9767298ffc1b82 C:\Program Files\CA\Unicenter Remote Control\rctrace.dll MD5: 2c472a473418a7efe6457d83f8ed6ad8 C:\Program Files\CA\Unicenter Remote Control\rcUtilities.dll MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: b8e865d24f2753a35cc2a9a6a3ce1ad4 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe MD5: bd957aa548944dda1816e6095212d685 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\OutlookChangeNotifierAddIn.dll MD5: e698235fe26505f2b0f4a60cbbe7a27a C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe MD5: b4b6b581af50c5a0b5d1dac7dedcf98c C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManagerPS.dll MD5: ff23862146a682fcc3dbaa002e22f958 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe MD5: 0e2667d5ce8df09c47c13ac835c00b7f C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll MD5: 50182e471b44c7a0f63b46e2def08b0f C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe MD5: 2e418192f9987ceb17cab10184faa31d C:\Program Files\Common Files\McAfee\SystemCore\FTL.Dll MD5: 92c1ef61b800d3ea9e7b177d87d06692 C:\Program Files\Common Files\McAfee\SystemCore\LockDown.dll MD5: 50182e471b44c7a0f63b46e2def08b0f C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe MD5: c4128bb133d6bc4890cd7b3a4ff6824a C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll MD5: 9970c3226d534a076a772d77e7475cbc C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dll MD5: feda19d1fc4d49531d7d23138e643bbb C:\Program Files\Common Files\McAfee\SystemCore\mfebopa.dll MD5: 177408f47e5db08715959ffb6adecb6f C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll MD5: 37a6504643537c9a828609031cd4e6a5 C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll MD5: 0598b347f4686a7ddcfe4f2439601047 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dll MD5: 339c7a48cb560330d2cb4c3b36a7cbf0 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dll MD5: 7b4ebf77ed855dfb650bca0347a3e7d5 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dll MD5: 79194dd8318834587d3a7ebcf83f8a74 C:\Program Files\Common Files\McAfee\SystemCore\naevent.dll MD5: 41ef09b134f956bd35c50cd365a147ef C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517092442.dll MD5: 41ef09b134f956bd35c50cd365a147ef C:\Program Files\Common Files\McAfee\SystemCore\scriptsn.dll MD5: a7e8525fa8788ca52f728414a65ba349 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL MD5: 10eebde7683fb0499f23aec9efc4d444 C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\CONFAPI.dll MD5: 61b734f1e03aaedcd92d0280fc27150d C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\en-US\ConfApiSat.dll MD5: c07ad23bdfd6b514fb2d183f98839c5f C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll MD5: ccd29fa246d747847029fc31d77e8dac C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll MD5: bbf8782c834372d50599272e1761abf4 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL MD5: 8b688ec768180311d47e93e0fd66b784 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FNAME.DLL MD5: 79d3da5886b55778b362af0a3f68a74e C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll MD5: 8b40bd4fe2f30c7f7789358642dca492 C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll MD5: 41b3eef65169ceabb6ed01a81c046f1c C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll MD5: 1c3ca3e7807f915933bb4e08e599ddab C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe MD5: 4912d2d5b12184d3bc02d730e3573eb7 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\contab32.dll MD5: 69cd9bfa8dc8ce1b65d6b1caf0e37ce2 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\EMSABP32.DLL MD5: 968065937e14f25b1e45d99c09fac34a C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\EMSMDB32.DLL MD5: 2a0d1874675a6d9a3870b2d6c9782655 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\EMSUI32.DLL MD5: 2b1824a6ad828874a262cfbaab506bf4 C:\Program Files\Common Files\System\MSMAPI\1033\mapi32.dll MD5: 6dda628ffe38ffc114020664ada83a66 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MAPIR.DLL MD5: 6a3c3ff4437675da77eaab64fc235f58 C:\Program Files\Common Files\System\MSMAPI\1033\msmapi32.dll MD5: 740532154b8127ae9f2428b44599dcc7 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MSPST32.DLL MD5: ee4fe3b51a312cf5d1bc4978d0281d9f C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\OUTEX.dll MD5: bf0cfc7156e22d24184cc53bc5a8a50a C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\CyberLink\PowerDVD DX\MFC71.DLL MD5: bf67a8f7cc0e83d226fed8b4e27f8c33 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe MD5: 5dfe9c6a0005c7b0de6c261502315111 C:\Program Files\Dell\QuickSet\dadkeyb.dll MD5: 9078a8b2716722012f320dae00303740 C:\Program Files\Dell\QuickSet\IWH10.dll MD5: 13f3bd0e7b61db137f4388c315d69c70 C:\Program Files\Dell\QuickSet\IWH9.dll MD5: 173c750946a08c776daa6bded59a1db5 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe MD5: e5792f83fe0a2ab0a9ca5bb397eecfa2 C:\Program Files\Dell\QuickSet\preflibcl.dll MD5: 61b9651215d612bda0bb4d52e49a50a6 C:\Program Files\Dell\QuickSet\quickset.exe MD5: 69eab4bf0dd2c5267a91f0827a87b20c C:\Program Files\Eupr\xrxacm_euprsvc.exe MD5: 1d13814f40d3649b9ed980c327e6d080 C:\Program Files\Eupr\xrxacm_pa.exe MD5: 20c15e2d1523ed9ca9cc6457a830b7aa C:\Program Files\Eupr\xrxacm_pares410.dll MD5: c1fd7007dae4e0a91a91cedf83164530 C:\Program Files\Garmin GPS Plugin\npGarmin.dll MD5: ca9b8fb2015266f22368b006bcc69990 C:\Program Files\Internet Explorer\ieproxy.dll MD5: e4a798dfde7fe6e79f23548f0ef0f844 C:\Program Files\Internet Explorer\iexplore.exe MD5: 33839ca6cc3fd43400ecaec4d73c74e2 C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: d2e8efb8af35fcf5a7af22f5a0ce1a82 C:\Program Files\iPod\bin\iPodService.exe MD5: af936d2fec358a475c3338ba7e751140 C:\Program Files\iTunes\iTunesOutlookAddIn.dll MD5: 2d315bb5a7a4c6c265192b05db53034f C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll MD5: 192e39c717013a0bd532b33ac29d6e7d C:\Program Files\Java\jre6\bin\jp2ssv.dll MD5: 44ffba62f0f426b581759c49aafec2e2 C:\Program Files\Java\jre6\bin\jqs.exe MD5: d22d936f9ab0da3b8eb7537284867708 C:\Program Files\Java\jre6\bin\jusched.exe MD5: 9a0ca264ec3210e77764c45ad7c5f339 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll MD5: 4022bc4abce309f433101911be83c61c C:\Program Files\Logitech\QuickCam\Quickcam.exe MD5: 1365bb2a78db638870337422b54ddbac C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll MD5: f95905102d70251372c8fc773e52c157 C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll MD5: 080eee1ab760eb9ec0978107b15c57ac C:\Program Files\McAfee\Common Framework\0409\UpdRes.dll MD5: 1b73ec6147ee0901ed8af5872aec6c3f C:\Program Files\McAfee\Common Framework\Agent.dll MD5: 5a120072e4eaf8e243f9643c1e5ba2f4 C:\Program Files\McAfee\Common Framework\agentplugin.dll MD5: 894d94c39f9ae2bf38ef0725ccc6f705 C:\Program Files\McAfee\Common Framework\applib.dll MD5: 8f927bb311055cce1bcdf8d84f7104a5 C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll MD5: b59226741551434e8b8a89a97ff339c4 C:\Program Files\McAfee\Common Framework\ccme_base.dll MD5: af6dddf0bcd46e78ac052209e452ef2b C:\Program Files\McAfee\Common Framework\cmalib.dll MD5: e75e05b939a8f350e063f2e11992850c C:\Program Files\McAfee\Common Framework\cryptocme2.dll MD5: 062d80f13d762f7bc2f38430d60f5048 C:\Program Files\McAfee\Common Framework\FrameworkService.exe MD5: 85f8a10f73c6f7d88ecd54a38a337400 C:\Program Files\McAfee\Common Framework\Genevtinf3.dll MD5: a62129ff1fe9ae8b7eade24f7b1218d8 C:\Program Files\McAfee\Common Framework\inetmgr.dll MD5: f528fdae10ce1e765dfd38449b4d398c C:\Program Files\McAfee\Common Framework\ipcchannel.dll MD5: 7a39a4eae57a6477912c7c0322111ec5 C:\Program Files\McAfee\Common Framework\ListenServer.dll MD5: 38ae8929e8179eecac8d6359ace63427 C:\Program Files\McAfee\Common Framework\Logging.dll MD5: b5c1d3e32d5079a6a8df7627bea3e89d C:\Program Files\McAfee\Common Framework\Management.dll MD5: ce904d15afd1c9f3f51d8aa7a0de40b6 C:\Program Files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll MD5: c0dddafb06d87d2227cdd3bb7b2b09c9 C:\Program Files\McAfee\Common Framework\McTray.exe MD5: b614a51cda6d109158824326ee02add0 C:\Program Files\McAfee\Common Framework\McTrayErrorLoggingPlugin.dll MD5: 384b4582630fd75de4b92da6867a1e11 C:\Program Files\McAfee\Common Framework\McTrayInterfaceLib.dll MD5: 8628981787799ab9d0584105369cc864 C:\Program Files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll MD5: 5fa3ffb9e51eb1c0bdd40b1764f90eaf C:\Program Files\McAfee\Common Framework\mfeCmnLib71.dll MD5: 8dd18b6906d794c7a983ffba067dd485 C:\Program Files\McAfee\Common Framework\mfecurl.dll MD5: b86346eead2f489ef709e18a2ae1a062 C:\Program Files\McAfee\Common Framework\mfelpc.dll MD5: a09e63853da3ec95e889e78c7ce38c3a C:\Program Files\McAfee\Common Framework\mfezlib.dll MD5: f2631483cf04c5d1fd591f30d7dfeb54 C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll MD5: e13686449049a993f6c1e3bc7a3adbd0 C:\Program Files\McAfee\Common Framework\nailog3.dll MD5: cc97dcd4a9f317c85b380ab570f57861 C:\Program Files\McAfee\Common Framework\nainet.dll MD5: 3004ed630387c737441449ba99a5fc50 C:\Program Files\McAfee\Common Framework\naPolicyManager.dll MD5: 39f313773ad1ed4c4e345a90e5666086 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe MD5: 05044f1006af6035dd70196a20174307 C:\Program Files\McAfee\Common Framework\naSPIPE.dll MD5: 870c9d565a05047638742e2c9fe03e9a C:\Program Files\McAfee\Common Framework\naxml3_71.dll MD5: f3d56719c3179bac6cae230eec1fcb7d C:\Program Files\McAfee\Common Framework\pcrplug.dll MD5: 8166d9d0730cc9a9ec58e34636cbf4e4 C:\Program Files\McAfee\Common Framework\rsamanager.dll MD5: 3278947969bb7ee79b4f7bb031c9cac9 C:\Program Files\McAfee\Common Framework\Scheduler.dll MD5: bccd34b2bb9b766ae29abf6f3cd67331 C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll MD5: 52955e4957ffe8fd7269bc507b347051 C:\Program Files\McAfee\Common Framework\UdaterUI.exe MD5: e1d3409b1cc64a3f278a807dedac8106 C:\Program Files\McAfee\Common Framework\updater.dll MD5: 8f717ed171f0fb5626fe98365f531058 C:\Program Files\McAfee\Common Framework\UpdateSubSys.Dll MD5: 5f31d877c3a3de768e4f8fc1c243df4b C:\Program Files\McAfee\Common Framework\UserSpace.Dll MD5: e2b409d061c188bdc5e2500b5a3edbf7 C:\Program Files\McAfee\VirusScan Enterprise\condl.DLL MD5: 5f5e84a1b0e9857a8b3cdb647ca65a01 C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll MD5: ae07ee937f1fedaa8454508de147d4e0 C:\Program Files\McAfee\VirusScan Enterprise\Graphics.dll MD5: 92c1ef61b800d3ea9e7b177d87d06692 C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll MD5: 54baaf892ab8f092bd22caccb5d98495 C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe MD5: 75c7d0cd77df25a2a0c6152497c68379 C:\Program Files\McAfee\VirusScan Enterprise\MIDUtil.Dll MD5: f434f3bcc051e13e5c0b6e660ce6e9ac C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll MD5: ef738bbd10353232070fbef5af9d81f3 C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll MD5: 032687dbace5b057cc3ebdf0243107c8 C:\Program Files\McAfee\VirusScan Enterprise\shext.dll MD5: 45e1121e6ba2d9677b3a61c2e0466b5a C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe MD5: 67362f7f445366256ffd48422c624684 C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll MD5: 18a9bce0ec4821c7df7cbcfb7ef7ac53 C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll MD5: 694e094fa4b707ae4bef2effc3a23d43 C:\Program Files\McAfee\VirusScan Enterprise\VsPlugin.dll MD5: 113c20eb4982c5670f49718441bee76d C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe MD5: 0225ea3e1eee30313d8ac49ff287aae5 C:\Program Files\McAfee\VirusScan Enterprise\wmain.DLL MD5: da09a4e58ab41e42264516d352c23649 C:\Program Files\McAfee\VirusScan Enterprise\WscAv.dll MD5: 5f9dea747bca5344c9c8555c107fd263 C:\Program Files\Messenger\msmsgs.exe MD5: 0b4159026b99fa24baa9b1a62f8cbad0 C:\Program Files\Microsoft IntelliPoint\Components\Commands\dpghnt\dpghnt.dll MD5: 844dbabfb55257433c4f116a4154c0c8 C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll MD5: 29e8836d4ba4bee95db9d1ffe1608115 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll MD5: 55c0c08f29c43cc9e883dfe4d98d80fc C:\Program Files\Microsoft IntelliPoint\ipoint.exe MD5: 03a8471f917e71e986bda1e7b7aa6d70 C:\Program Files\Microsoft IntelliPoint\ipres.dll MD5: 9a278db687a48c791d8d19790433562b C:\Program Files\Microsoft IntelliPoint\sqmapi.dll MD5: 7ad9b21be75ae5aa81ef54636f227c66 C:\Program Files\Microsoft IntelliPoint\srres.dll MD5: 834e4f1038fb0145d559c775e0eeea8b C:\Program Files\Microsoft Office Communicator\communicator.exe MD5: b23646e356f67039ecf009c863b75322 C:\Program Files\Microsoft Office Communicator\MUI\0409\lclang.dll MD5: 32693ede5120117d1c736dbd6e18c35a C:\Program Files\Microsoft Office Communicator\ocoffice.dll MD5: 7fdacba82f0352f1888c47eda838d45b C:\Program Files\Microsoft Office\Live Meeting 8\Addins\en\lmintsat.dll MD5: baa0c380ecdcf6a305e3fc3ae79aa40d C:\Program Files\Microsoft Office\Live Meeting 8\Addins\LMAddins.dll MD5: 9d07c6123eba8865354d3b9db3539486 C:\Program Files\Microsoft Office\OFFICE11\1033\envelopr.dll MD5: e94ee779864219c853041607f5957c2a C:\Program Files\Microsoft Office\OFFICE11\1033\OUTLLIBR.DLL MD5: 302571f21078996117e88fc3fd22e13b C:\Program Files\Microsoft Office\OFFICE11\ENVELOPE.DLL MD5: 4884ca24c3fddb099a4bf1d4ce04765d C:\Program Files\Microsoft Office\OFFICE11\MSOSTYLE.DLL MD5: aac0b1fa9e993e84499afdb537cd6e9f C:\Program Files\Microsoft Office\OFFICE11\OUTLACCT.DLL MD5: 851a0cc8d01d7124e87b6e19c1f136ca C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DLL MD5: 40120a867340912ccddba413a66e85b3 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE MD5: 0e519de7f31667c8066ff3e19444158f C:\Program Files\Microsoft Office\OFFICE11\OUTLPH.DLL MD5: 9b1c515982918abb7b3e65d790bbba20 C:\Program Files\Microsoft Office\OFFICE11\SENDTO.DLL MD5: 19dd1387b85bb9d5ca49976a4e71e81f C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE MD5: 8e151a2a185daf9852322028abe55534 c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll MD5: 5325859baa0ad6783882e3297477e31e C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe MD5: d826e5586b49b7ee8ce32c8e9e88fe2c C:\Program Files\Pointsec\Pointsec for PC\psui.dll MD5: 6cd5c3276c83f72677d647f27ee14abd C:\Program Files\QuickTime\qttask.exe MD5: f4224e0455d21c9c0e270e4638ffc06f C:\Program Files\SAP\FrontEnd\SapGui\wdkcalex.dll MD5: e3d900f273383fc5eb07b6ec5191ede0 C:\Program Files\ScanSoft\PaperPort\BindRes.dll MD5: e2bf206e5164569500742637b5459402 C:\Program Files\ScanSoft\PaperPort\blicectr.dll MD5: b07ae1c4b79704a04d79177bbc03bfc4 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe MD5: 368d160726490a631ab9726d35c8adf0 C:\Program Files\ScanSoft\PaperPort\MaxRes.dll MD5: da71cbbe7d2b8b1ab14481fbf7f886b8 C:\Program Files\ScanSoft\PaperPort\PPRecDiag.dll MD5: 46c87b63ffabb6a6a07d45a74671dc5b C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe MD5: 3effc3ab372d759fa5ba9dbd2d719d9f C:\Program Files\ScanSoft\PaperPort\XMAXUTIL.dll MD5: 686fa4acfdcb4e16b7f0230b88f6d17e C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe MD5: 8b038c0aeddbba67ff65ad01a03c79de C:\Program Files\WINZIP\WZSHLSTB.DLL MD5: c7cc90df1cb60e4785d120798f662094 C:\Program Files\Xerox External Access Network\Extranet_serv.exe MD5: 40120a867340912ccddba413a66e85b3 C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE MD5: 7ae01a7a1b8693d3473f6596a42af797 C:\SxpInst\CCSCMP32.dll MD5: d401f7971879a80344a86f215d993abd C:\SxpInst\CCSINI32.dll MD5: 15992277d0992077185ae0bc42b2f49f C:\SxpInst\CCSLCK32.dll MD5: 4d361414269526815cefd0f6f3f03e8e C:\SxpInst\CCSTOO32.dll MD5: eabfc6332a44c6f9b60667c58fb3f596 C:\SxpInst\ccsTrc32.dll MD5: e455e9768a55402e5fc2aecea53206a2 C:\SxpInst\SXP2MSI.dll MD5: 0dbdf2a605a3a250e6debb2e12598cdd C:\SxpInst\SXPAAF32.dll MD5: 704c6862f2439e644f942a7d00557c39 C:\SxpInst\SXPFILEC.dll MD5: 089fffbfa2fd5cfc7e4713dc699f8a7d C:\SxpInst\sxplog32.exe MD5: 867fc39a6635b009a767eb5f37f48256 C:\SxpInst\sxpstub.exe MD5: d793151529200e908be0eb352bad25d7 C:\TNGSD\BIN\SDCAWIN.dll MD5: ed68638b4f0a2f37cd6346023e55d528 C:\TNGSD\BIN\SDSERV.EXE MD5: a2225902f9dcc977d0fa79cf905ab777 C:\TNGSD\BIN\SDStrCnv.dll MD5: edfbaf0203109e36430a81224c027923 C:\TNGSD\SD\NLS\sxplog32.ENU MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: e7df2954fabefaac6f9619e95f4a5517 C:\WINDOWS\CAWINEXF.dll MD5: 01e2eca759056f23c73a035fdabb2d6d C:\WINDOWS\Downloaded Program Files\dwusplay.exe MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll MD5: 6ffb2acd37a3e005c2c41c781935aa77 C:\WINDOWS\Lic98Rmt.exe MD5: 04fd3e1cd37204dc834458fabeadedfd C:\WINDOWS\Lic98RmtD.exe MD5: 41a74d6cac31f76c77555b6c44516db5 C:\WINDOWS\LogWatNT.exe MD5: 9a2d686c89acc36e3aa7cde3d1c45c1a c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll MD5: 48fa23e7d82441eb16c243f5d8f6aab8 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: 34f44fe583d16815ad848855e7618e0d C:\WINDOWS\stsystra.exe MD5: 79f3d2c98f5bc1b4b19c358e3536a593 C:\WINDOWS\system32\ADVPACK.DLL MD5: aea90cdb93bf9cba05114763ba529aad C:\WINDOWS\system32\BiCMonNT.dll MD5: 4e5cdcbeb4834b3f5820a39717d76651 C:\WINDOWS\system32\BIIMG.dll MD5: 2f16966bb03eb47e90bf9f8b343dc4e1 C:\WINDOWS\system32\BiMMonNT.dll MD5: 5a9e05991504bd55bf4ad31897d937f5 C:\WINDOWS\system32\CCM\ccm_caltrack.dll MD5: 4fe8ac107037d48405df1b6eca7b88fb C:\WINDOWS\system32\CCM\CcmCTM.dll MD5: 3603471788b0bca891845a91c14b50eb C:\WINDOWS\system32\CCM\CcmCTMNotification.DLL MD5: 91cd4d7aae98150ce63dcc38ee6d0c60 C:\WINDOWS\system32\CCM\CcmDTS.dll MD5: a454a9baa25b8c8e76735dd86bd4b017 C:\WINDOWS\system32\CCM\CcmExec.exe MD5: a9e3d5b26877f2c74a4f21fda1647eaf C:\WINDOWS\system32\CCM\CCMGenCert.dll MD5: 122e10430a84328ad48c53429fadc937 C:\WINDOWS\system32\CCM\ccmid.DLL MD5: 2e0338e9faa15a82fc4444aef405311e C:\WINDOWS\system32\CCM\ccmident.dll MD5: e697cd9824b583865e673a599b426e0b C:\WINDOWS\system32\CCM\ccmperf.dll MD5: f1e15cd86ac3d1b8596f90c00965fa09 C:\WINDOWS\system32\CCM\CcmProxy.dll MD5: 4e51cf7f1f1214a887bf0c3cd1859c91 C:\WINDOWS\system32\CCM\CcmTask.dll MD5: 0d17c10f46798828f0d627a34839b554 C:\WINDOWS\system32\CCM\CCMUtilLib.dll MD5: b6c9f13bbf0eee558f217869e0053165 C:\WINDOWS\system32\CCM\CIAgent.dll MD5: fa962a229f7e129f853cfe0712790a64 C:\WINDOWS\system32\CCM\ContentAccess.dll MD5: 1a8c189f1be65d44c7f816d9c521e08d C:\WINDOWS\system32\CCM\CPApplet.dll MD5: c4a363c8ea5bbb615fc60dca786bc337 C:\WINDOWS\system32\CCM\dcmagent.dll MD5: dad9e1739a0a3e86f6ad40e4a662adff C:\WINDOWS\system32\CCM\execmgr.dll MD5: e13b08415cd2ed9f74295170d1a0fc78 C:\WINDOWS\system32\CCM\FSPUtilLib.dll MD5: 44cf581237948f2742987c87e7c28e5b C:\WINDOWS\system32\CCM\LibRDC.dll MD5: 43bca5aae641f52ac3e809df3cc40ce7 C:\WINDOWS\system32\CCM\LSInterface.dll MD5: 4e6ac2b79788b0d0d7ee581cc39763f4 C:\WINDOWS\system32\CCM\LSUtilities.dll MD5: de5cbff96e4a9e49281a61b67c3a8d99 C:\WINDOWS\system32\CCM\MtrMgr.dll MD5: 1a226fa611154d18638b696ddef01e00 C:\WINDOWS\system32\CCM\pdpagent.dll MD5: ae84ed6a560cbc4942d0a38c51fc8b8f C:\WINDOWS\system32\CCM\PolicyAgent.dll MD5: 677d27d2669bab18f6809b505c80a865 C:\WINDOWS\system32\CCM\PolicyAgentEndpoint.dll MD5: 471cfd948321711b5420817250d61cb6 C:\WINDOWS\system32\CCM\PolicyAgentProvider.dll MD5: 08004f5322acd10bbf77a724be575b52 C:\WINDOWS\system32\CCM\Prep.dll MD5: 2a4514a9233d35a355f569ff8b8f6240 C:\WINDOWS\system32\CCM\prepdrv.sys MD5: c36571366ec15e7309d383d10a68eb5f C:\WINDOWS\system32\CCM\PwrAgentEndpoint.dll MD5: b98ac3e7f894efe47e4e3d8661fa9f3d C:\WINDOWS\system32\CCM\PwrEventTask.dll MD5: 8080f8dff9e332825e7e605843a2f390 C:\WINDOWS\system32\CCM\rebootcoord.dll MD5: 734113b929e18c20f7978b103b2cf479 C:\WINDOWS\system32\CCM\RTConfiguration.dll MD5: d4e1ca768b9741b3c6143112c3edf72f C:\WINDOWS\system32\CCM\ScanAgent.dll MD5: 3954e070b94cbd04d5e775d5611f8066 C:\WINDOWS\system32\CCM\Sched.dll MD5: 5d2c64963a28ae42671914b599f5c625 C:\WINDOWS\system32\CCM\SdmAgent.dll MD5: 21f3490aa2b7429820712a91db2964e5 C:\WINDOWS\system32\CCM\smsclient.dll MD5: ca8f0b71b0a8c36f96739ae947df5e41 C:\WINDOWS\system32\CCM\smscore.dll MD5: ff4047c964f5e2019513aeee54782d70 C:\WINDOWS\system32\CCM\smssha.dll MD5: 96c450ece93c0c84bfa83555ebea157f C:\WINDOWS\system32\CCM\SrcUpdateMgr.dll MD5: 5c5962e66ae60d387533d32223925bc1 C:\WINDOWS\system32\CCM\SrvWinMgr.dll MD5: f83803bef79046cb7220baeb2990b6c6 C:\WINDOWS\system32\CCM\StateMessage.dll MD5: efefbeed50efb289fa877c9af275a813 C:\WINDOWS\system32\CCM\StatusAgent.dll MD5: d4c5fcb080357c2d181d144bdf6f10f1 C:\WINDOWS\system32\CCM\StatusAgentProxy.dll MD5: d2ec9b276a97a32825e2c81123cb0630 C:\WINDOWS\system32\CCM\TSManager.exe MD5: f931798c3a94478bee548ec47ea0955a C:\WINDOWS\system32\CCM\UpdatesDeployment.dll MD5: 9c32486b66d3b2c1dfb0d353708a8e2b C:\WINDOWS\system32\CCM\UpdatesHandler.dll MD5: 98d2d549f4b4a97ab628109ab6f0f19c C:\WINDOWS\system32\CCM\UpdatesStore.dll MD5: 9aa842f64141ba16947706b5c7cbc925 C:\WINDOWS\system32\CCM\VAppLaunchMgr.dll MD5: 768782b9bb5abb8c930ff455190ed589 C:\WINDOWS\system32\CCM\WUAHandler.dll MD5: 4b807127c4c627cf6f681688497054dc C:\WINDOWS\system32\ccmcore.dll MD5: 952fdcf800bb46b5cf8dda72fffdabb2 C:\WINDOWS\system32\CNCF2Lb.DLL MD5: df6be05b03f506a62b3eb786d0336ed1 C:\WINDOWS\system32\CNMLM7Q.DLL MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.dll MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll MD5: 2afbf898c6dfab2367dcb791acb5f2ef C:\WINDOWS\system32\corpol.dll MD5: b373075cc1c45c1a8f3147088e85bb15 C:\WINDOWS\system32\cpwmon2k.dll MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll MD5: 7618d5218f2a614672ec61a80d854a37 C:\WINDOWS\System32\drivers\afd.sys MD5: b8d65da679a4a8d048783ede2691b5d4 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys MD5: ec94e05b76d033b74394e7b2175103cf C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS MD5: f96038aa1ec4013a93d2420fc689d1e9 C:\WINDOWS\system32\DRIVERS\b57xp32.sys MD5: e9ea635b8432d68f0005b3f6cebab837 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys MD5: 34aaa3b298a852b3663e6e0d94d12945 C:\WINDOWS\system32\DRIVERS\e1e5132.sys MD5: 128622a56a7cf32042b8a914d787c97b C:\WINDOWS\system32\DRIVERS\eacfilt.sys MD5: ab8a6a87d9d7255c3884d5b9541a6e80 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys MD5: 96aff1738271755a39b52eef7e35f98f C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys MD5: ddbd528e60f5961c142a490dc4ea7780 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys MD5: b1526810210980bed9d22315946c919d C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys MD5: 2358c53f30cb9dcd1d3843c4e2f299b2 C:\WINDOWS\system32\drivers\iaStor.sys MD5: 200cca76cd0e0f7eec78fa56c29b4d67 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys MD5: c399687188fecfcfee4ed846c6a6e3ab C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys MD5: 99dde24b5426f1b0cf0b2e21afae3eef C:\WINDOWS\system32\DRIVERS\LV561AV.SYS MD5: f96cfb47903854f228baaf3e2d41a0a3 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys MD5: 5f987fc1aad215ec2c60cf07719b1cce C:\WINDOWS\system32\drivers\LVUSBSta.sys MD5: b309912717c29fc67e1ba4730a82b6dd C:\WINDOWS\system32\drivers\mbamswissarmy.sys MD5: c0d975d64c1af8057f2d75b1297a6979 C:\WINDOWS\system32\drivers\mfeapfk.sys MD5: c169326049a8a03d5f905b34f5a65f8c C:\WINDOWS\system32\drivers\mfeavfk.sys MD5: 50b0253b2484a306a20d8695c5ae5858 C:\WINDOWS\system32\drivers\mfebopk.sys MD5: 188b40866db2ab8ef262febc65291687 C:\WINDOWS\system32\drivers\mfehidk.sys MD5: c1b30af2e18e69bf8ceb39b33f32d3c1 C:\WINDOWS\system32\drivers\mferkdet.sys MD5: 97ef4ca122ddda4781ff557e65dfb262 C:\WINDOWS\system32\drivers\mfetdi2k.sys MD5: 0ea4d8ed179b75f8afa7998ba22285ca C:\WINDOWS\system32\DRIVERS\mrxsmb.sys MD5: 0e1fd1ea2837d6b7a1d7b6c928014d05 C:\WINDOWS\System32\Drivers\oz776.sys MD5: e552d6598670b1e7655cb73d562e0cd9 C:\WINDOWS\system32\DRIVERS\point32.sys MD5: 5213b49d918c3956f44acd7fb36fda2c C:\WINDOWS\system32\DRIVERS\RCSpyMP.sys MD5: 4b4ab78e866bbecf93f6eabc3270178a C:\WINDOWS\system32\DRIVERS\smsmdm.sys MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys MD5: 31ba85e1cff39a57f702a2a0877bb8e1 C:\WINDOWS\system32\drivers\sthda.sys MD5: c1ca131f4e3ed63d6bc89a35ffad4cda C:\WINDOWS\System32\Drivers\usbaapl.sys MD5: fa5c79a191e7a01c0e345f4f3e33e332 C:\WINDOWS\system32\Dxtmsft.dll MD5: 5ce67d0c54110becbc273bb179e35b87 C:\WINDOWS\system32\Dxtrans.dll MD5: 19a799805b24990867b00c120d300c3a c:\windows\system32\es.dll MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll MD5: b015b9134dad7e29e7d2d6b5f5c8c2fc C:\WINDOWS\system32\GDI32.dll MD5: 0ca8195ad933b1dc14656f1a8f0c9e21 C:\WINDOWS\system32\hccutils.DLL MD5: 48ed49a40d09a6cf258e8bf398b9cf79 C:\WINDOWS\system32\hkcmd.exe MD5: 321e79d32d06f20503e2ac95d08af52f C:\WINDOWS\system32\ieapfltr.dll MD5: effd64260143b0118d456ec6971f08bd C:\WINDOWS\system32\ieframe.dll MD5: bf14379b4293b452388a0976353aad6a C:\WINDOWS\system32\iepeers.dll MD5: b8eb7f71695bd146bf4385aa5f57cbce C:\WINDOWS\system32\iertutil.dll MD5: 28f5b835472a62b13ad54663c645191d C:\WINDOWS\system32\IEUI.dll MD5: a0b342d6386a01250d35ba942b1c5a0b C:\WINDOWS\system32\igfxdev.dll MD5: b922482fa05828762ea1fd8d24d3ad62 C:\WINDOWS\system32\igfxpers.exe MD5: d9b8e5a44df9f109fe0fd0f8ea3136af C:\WINDOWS\system32\igfxres.dll MD5: b85c339254b8c2b89183476df05ef964 C:\WINDOWS\system32\igfxsrvc.dll MD5: 45209e0df290f993acdfba69911b27fb C:\WINDOWS\system32\igfxsrvc.exe MD5: 16219958fa5a3948c983d821c669f7a6 C:\WINDOWS\system32\igfxtray.exe MD5: f7b098a08efcf4ab4247264c0ac225d2 C:\WINDOWS\system32\JScript.dll MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll MD5: 7d465b4715ef166a18d1474b6df81bc0 C:\WINDOWS\system32\lmdimon8.dll MD5: dacfebeb0a1053bcacac54a45063344f C:\WINDOWS\system32\lmxp32.dll MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll MD5: 67c04ffc699b37e1b15d702d723348bb C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.DLL MD5: 49c8e20d178be981ff28523a942a570f C:\WINDOWS\system32\mfevtps.exe MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll MD5: 9333dbaedd617899c3562e937949d068 c:\windows\system32\mscms.dll MD5: 671588889ca19ba4dcd7be6e937195c5 C:\WINDOWS\system32\msfeeds.dll MD5: c9158d1a97bc96ca728f721237dee9aa C:\WINDOWS\system32\mshtml.dll MD5: 8c5257a25949445badb8a5c8dfa2193b C:\WINDOWS\system32\mshtmled.dll MD5: 8c22083ed515dc94d575438662f0be6a C:\WINDOWS\system32\msi.dll MD5: 85ac5f11d4759d13674b3e92eac3f140 C:\WINDOWS\system32\msident.dll MD5: 7ed041c7f82a381417aa3f43ab55f95a C:\WINDOWS\system32\msidntld.dll MD5: 7a660edc0757849df5f8706fb6e9f740 C:\WINDOWS\system32\MSVCRT40.dll MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll MD5: 7ae1b12c29b35f391bfcefce8776f9d2 C:\WINDOWS\system32\msxml6.dll MD5: 72cd04a8789befab99f06658a41d10c9 C:\WINDOWS\system32\MTXCLU.DLL MD5: 6db7788fa7e2566267516fa635c3797e C:\WINDOWS\system32\NETAPI32.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll MD5: 03c76895f47a1339a697269000675266 C:\WINDOWS\system32\newdev.dll MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll MD5: 5454607f90878d7cd0bcdb6e0d3f235f C:\WINDOWS\system32\pdh.dll MD5: 3712adec940703762f1cceb5fe360d82 C:\WINDOWS\system32\pngfilt.dll MD5: a5c406dbf27162196cd5e18eb0c6e521 C:\WINDOWS\system32\Prot_srv.exe MD5: a300004934396356164b9cb0448ac0d8 C:\WINDOWS\system32\pssogina.dll MD5: 991836babee8a9de65f59b35bc803460 C:\WINDOWS\system32\pstartSr.exe MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll MD5: 7459c16cc3ef4651cab7c9260e43fc58 C:\WINDOWS\system32\Secur32.dll MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\System32\security.dll MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll MD5: 77b5ad8da287b4f5b90b8f2a828fe68c C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BiCUifNT.dll MD5: 49bd52a1a3891b895d38850f7e5a379b C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BiMUifNT.dll MD5: 5e07e1245b13299b96bba6b671038f19 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XDDM3208.DLL MD5: ed1663a7f4fb39e7463bd53cad10b895 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XDDMUI08.DLL MD5: 14deeb6c5892c0b4140fb798fee28889 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XGDI3208.dll MD5: fa47f1b9913e44bc7ec44d1076fe6e58 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XIMF3208.dll MD5: c78508aa076a14a4bb47457c649dc360 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XIMFN508.DLL MD5: e8deccab435313c992dde06935e7b69f C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XLTSRV08.dll MD5: 5a5fa097664ba4819d5be897e8aa4e4e C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XNT5UI08.DLL MD5: bfa9dc8abcd4e5ab344ed8d9f8170a9f C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XSPOOL08.dll MD5: 74cb82951e275a73afe3c56c2ac64ab2 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XSR32_08.dll MD5: faa25125e01f9bf835ab550c3c2d6c94 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XTAG3208.dll MD5: caf55b5eabbea18585f526cbb9e86798 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BiCProNT.dll MD5: aa6c9db9faa73f15ca63b498ed1825aa C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BiMProNT.dll MD5: fec3ace4d5e9b8b13c401941ee50f476 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD7Q.DLL MD5: a8aff61c1533745ef2932e57fedd2ff7 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmdippr8.dll MD5: 07eb76e8b839190247a3a6481b8b204b C:\WINDOWS\System32\spool\PRTPROCS\W32X86\XIMFPR08.DLL MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe MD5: e701266af99ce316fbd5993da0201ba4 C:\WINDOWS\system32\stacapi.dll MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll MD5: fd127070aec77d461098dee9a6e98900 C:\WINDOWS\system32\STLang.dll MD5: 8357809e111e09393633039769d96281 C:\WINDOWS\system32\tcpmib.dll MD5: 6a3c6e768ff117d30fa148e9ad81db0f C:\WINDOWS\system32\urlmon.dll MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll MD5: 142e08e570d8fcd87e845f1463c1aece C:\WINDOWS\system32\VBScript.dll MD5: 5cc39a49069eea854d3d0546dc634599 C:\WINDOWS\system32\VXDIF.DLL MD5: 60027bea3e76d7dd8d96c02432bfde82 C:\WINDOWS\system32\wbem\FastProx.dll MD5: 4306fa2f1099d7c606139255fdb62b19 C:\WINDOWS\system32\wbem\framedyn.dll MD5: 63d151a73679bb5bd7cf98bda1ae5f5b C:\WINDOWS\system32\wbem\stdprov.dll MD5: f03a08e8826afa7dd3c0383359d677ac C:\WINDOWS\system32\wbem\wmidcprv.dll MD5: 960f6d3cd9a1ba6435d7aadd102b297f C:\WINDOWS\system32\wbem\wmiprov.dll MD5: 0ffae66e6d5b1c87cbd22d1f3b6079fd C:\WINDOWS\system32\wbem\wmiprvse.exe MD5: 990248d5fc079af7bbe21199e60ef4da C:\WINDOWS\system32\webcheck.dll MD5: d29f2889baa10e19ad9ff70c8d5ecf50 C:\WINDOWS\system32\WINHTTP.dll MD5: 2f7a5408260cd0d3d2e916f811e166f5 C:\WINDOWS\system32\WININET.dll MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll MD5: fa47f1b9913e44bc7ec44d1076fe6e58 C:\WINDOWS\system32\XIMF3208.dll MD5: 364228a693534140dd56acb22a138407 C:\WINDOWS\system32\XLMON_08.DLL MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll MD5: 5b718357eb1da40745b7c7e789af525f C:\WINDOWS\system32\XMobPM.dll MD5: 645259875c31090345e41e57934bd442 C:\WINDOWS\system32\xprslib.dll MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll MD5: bfa9dc8abcd4e5ab344ed8d9f8170a9f C:\WINDOWS\system32\XSPOOL08.dll MD5: faa25125e01f9bf835ab550c3c2d6c94 C:\WINDOWS\system32\XTAG3208.dll MD5: d20da789c445936988c8b83f53522374 C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll MD5: 03526b2fa2a800415e1ae3eac0dd166b C:\WINDOWS\UMCSTUB.EXE MD5: 8d25a3bf9d0005d264f105414ae2cde6 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCP80.dll MD5: 0ef2917efd6d96e4c9cf121738cf5409 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll The following file(s) must be uploaded for server-side scanning: C:\Program Files\Eupr\xrxacm_pares410.dll Upload started - 1 file(s) xrxacm_pares410.dll (4608) Upload speed - 10 KB/s Upload finished - 1 uploaded, 0 failed The uploaded file(s) were found clean. Scan finished - communication took 3 sec Total traffic - 0.03 MB sent, 1.46 KB recvd Scanned 885 files and modules - 28 seconds ==============================================================================
  3. Results of ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=8c1e214bb1ab324fabdcbf7c3fbbfff9 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-03 04:45:13 # local_time=2011-07-03 12:45:13 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=4864 16777215 100 0 90322670 90322670 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=98970 # found=3 # cleaned=3 # scan_time=3820 C:\Qoobox\Quarantine\C\WINDOWS\system32\audiodev32.dll.vir a variant of Win32/Kryptik.OKQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{1569C186-FD91-4CF2-8804-C8084F7FD95E}\RP7\A0001395.dll a variant of Win32/Kryptik.PQF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{1569C186-FD91-4CF2-8804-C8084F7FD95E}\RP9\A0002041.dll a variant of Win32/Kryptik.OKQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  4. Thanks - here are the results - the temp file didn't appear, so I hope it did the trick: ComboFix 11-07-02.03 - US883862 07/03/2011 11:06:31.10.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1309 [GMT -4:00] Running from: c:\documents and settings\US883862\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\US883862\Desktop\CFScript.txt . FILE :: "c:\documents and settings\US883862\oshxjmencw.tmp" "c:\windows\system32\audiodev32.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\US883862\oshxjmencw.tmp c:\windows\system32\audiodev32.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 ))))))))))))))))))))))))))))))) . . 2011-07-02 23:19 . 2011-07-02 23:19 -------- d-----w- c:\program files\temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2009-06-05 13:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-06-05 13:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-17 13:23 . 2011-05-17 13:24 145936 ----a-w- c:\windows\system32\mfevtps.exe 2011-05-17 13:23 . 2011-05-17 13:24 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-05-17 13:23 . 2011-05-17 13:24 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-05-17 13:23 . 2011-05-17 13:24 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-05-17 13:23 . 2011-05-17 13:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-05-17 13:23 . 2011-05-17 13:24 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-05-17 13:23 . 2011-05-17 13:24 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-05-17 13:23 . 2011-05-17 13:24 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-05-12 21:32 . 2008-08-12 14:02 82696 ----a-w- c:\windows\system32\lmdimon8.dll 2011-05-12 21:32 . 2008-08-12 14:02 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll 2008-10-08 17:18 . 2007-10-01 18:54 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2008-10-08 17:18 . 2007-10-01 18:54 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2008-10-08 17:18 . 2007-10-01 18:54 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2008-10-08 17:18 . 2007-10-01 18:54 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx . . ((((((((((((((((((((((((((((( SnapShot@2011-06-27_18.53.02 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-03 15:13 . 2011-07-03 15:13 16384 c:\windows\temp\Perflib_Perfdata_1a4.dat + 2007-10-01 14:13 . 2011-07-03 15:18 72824 c:\windows\system32\perfc009.dat - 2007-10-01 14:13 . 2011-06-27 17:52 72824 c:\windows\system32\perfc009.dat - 2011-06-27 17:47 . 2011-06-27 17:50 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll + 2011-07-03 15:13 . 2008-12-17 02:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll + 2007-10-01 14:13 . 2011-07-03 15:18 445878 c:\windows\system32\perfh009.dat - 2007-10-01 14:13 . 2011-06-27 17:52 445878 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Sxplog"="c:\sxpinst\sxpstub.exe" [2004-09-08 20480] "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2007-12-07 5720072] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-10-20 36864] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-10-20 40960] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-10-15 670272] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-03-01 148888] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247] . c:\documents and settings\US883862\Start Menu\Programs\Startup\ Yammer.lnk - c:\program files\Yammer\Yammer.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-1202660629-839522115-48216\Scripts\Logon\0\0] "Script"=DomUsr.exe . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "websrvx"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "iPod Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"= "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplgpad.exe"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "798:TCP"= 798:TCP:CA RCO 798-TCP . R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [10/15/2008 8:40 AM 217024] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/17/2011 9:24 AM 88544] R2 EPAService;EPAService;c:\epa.epa\EPAService.exe [8/11/2008 10:04 AM 221184] R2 Euprsvc;Eupr Service;c:\program files\Eupr\xrxacm_euprsvc.exe [1/19/2008 3:12 PM 204800] R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [8/6/2003 12:18 PM 49152] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/17/2011 9:24 AM 145936] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [10/15/2008 8:41 AM 621120] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [10/15/2008 8:41 AM 150080] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [8/11/2008 10:02 AM 26137] R3 RCSpyDDML;RCSpyDDML;c:\windows\system32\drivers\RCSpyMP.sys [12/6/2004 4:09 AM 14336] S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [8/6/2003 12:18 PM 73728] S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [8/6/2003 12:18 PM 73728] S3 EracentARPC;EracentARPC;c:\epa.epa\arpcollector.sys [8/11/2008 10:32 AM 16640] S3 ExtranetAccess;Contivity VPN Service;c:\program files\Xerox External Access Network\Extranet_serv.exe [8/11/2008 10:02 AM 811008] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [8/11/2008 10:02 AM 155152] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/5/2009 9:02 AM 39984] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/17/2011 9:24 AM 85152] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S4 SDService;Unicenter Software Delivery;c:\tngsd\BIN\SDServ.exe [2/22/2006 5:43 PM 32768] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}] 2011-02-17 19:00 124928 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2009-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://xww.internal.xerox.com/ uInternet Connection Wizard,ShellNext = hxxp://xww.internal.world.xerox.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: centrewareweb.com\portal Trusted Zone: livemeeting.com Trusted Zone: xerox.com Trusted Zone: xerox.net TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . BHO-{01CE8B7C-036A-4F89-BE62-4BEE3A922940} - c:\windows\system32\audiodev32.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-03 11:14 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMPrimer] "ImagePath"="\"c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe\" -DMPRIMER_SERVICE_:" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1704) c:\windows\system32\pssogina.dll . - - - - - - - > 'explorer.exe'(7544) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Eupr\xrxacm_pa.exe c:\windows\System32\SCardSvr.exe c:\program files\CA\SharedComponents\CAM\bin\cam.exe c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\CA\Unicenter Remote Control\rcHost.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\windows\system32\CCM\CcmExec.exe c:\windows\system32\msiexec.exe c:\windows\system32\igfxsrvc.exe c:\windows\stsystra.exe c:\program files\Apoint\ApMsgFwd.exe c:\sxpinst\sxplog32.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2011-07-03 11:22:15 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-03 15:22 ComboFix2.txt 2011-07-03 14:20 ComboFix3.txt 2011-07-02 23:38 ComboFix4.txt 2011-06-29 22:39 ComboFix5.txt 2011-07-03 15:05 . Pre-Run: 41,944,895,488 bytes free Post-Run: 41,960,202,240 bytes free . - - End Of File - - E31DEA313A04A37A667589311A2A3332
  5. Per your request - when I came to the link, that darn oshxjmencw temp file created itself on my desktop again: ComboFix 11-07-02.03 - US883862 07/03/2011 10:13:52.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1353 [GMT -4:00] Running from: c:\documents and settings\US883862\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 ))))))))))))))))))))))))))))))) . . 2011-07-02 23:19 . 2011-07-02 23:19 -------- d-----w- c:\program files\temp 2011-06-29 22:48 . 2011-06-29 22:48 0 ---ha-w- c:\documents and settings\US883862\oshxjmencw.tmp 2011-06-13 12:17 . 2011-06-13 12:17 365056 ----a-w- c:\windows\system32\audiodev32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2009-06-05 13:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-06-05 13:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-17 13:23 . 2011-05-17 13:24 145936 ----a-w- c:\windows\system32\mfevtps.exe 2011-05-17 13:23 . 2011-05-17 13:24 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-05-17 13:23 . 2011-05-17 13:24 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-05-17 13:23 . 2011-05-17 13:24 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-05-17 13:23 . 2011-05-17 13:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-05-17 13:23 . 2011-05-17 13:24 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-05-17 13:23 . 2011-05-17 13:24 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-05-17 13:23 . 2011-05-17 13:24 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-05-12 21:32 . 2008-08-12 14:02 82696 ----a-w- c:\windows\system32\lmdimon8.dll 2011-05-12 21:32 . 2008-08-12 14:02 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll 2008-10-08 17:18 . 2007-10-01 18:54 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2008-10-08 17:18 . 2007-10-01 18:54 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2008-10-08 17:18 . 2007-10-01 18:54 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2008-10-08 17:18 . 2007-10-01 18:54 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx . . ((((((((((((((((((((((((((((( SnapShot@2011-06-27_18.53.02 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-02 23:26 . 2011-07-02 23:26 16384 c:\windows\Temp\Perflib_Perfdata_170.dat + 2007-10-01 14:13 . 2011-07-02 23:32 72824 c:\windows\system32\perfc009.dat - 2007-10-01 14:13 . 2011-06-27 17:52 72824 c:\windows\system32\perfc009.dat + 2011-07-02 23:26 . 2011-07-02 23:29 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll - 2011-06-27 17:47 . 2011-06-27 17:50 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll + 2007-10-01 14:13 . 2011-07-02 23:32 445878 c:\windows\system32\perfh009.dat - 2007-10-01 14:13 . 2011-06-27 17:52 445878 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CE8B7C-036A-4F89-BE62-4BEE3A922940}] 2011-06-13 12:17 365056 ----a-w- c:\windows\system32\audiodev32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Sxplog"="c:\sxpinst\sxpstub.exe" [2004-09-08 20480] "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2007-12-07 5720072] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-10-20 36864] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-10-20 40960] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-10-15 670272] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-03-01 148888] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247] . c:\documents and settings\US883862\Start Menu\Programs\Startup\ Yammer.lnk - c:\program files\Yammer\Yammer.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-1202660629-839522115-48216\Scripts\Logon\0\0] "Script"=DomUsr.exe . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "websrvx"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "iPod Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"= "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplgpad.exe"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "798:TCP"= 798:TCP:CA RCO 798-TCP . R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [10/15/2008 8:40 AM 217024] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/17/2011 9:24 AM 88544] R2 EPAService;EPAService;c:\epa.epa\EPAService.exe [8/11/2008 10:04 AM 221184] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/17/2011 9:24 AM 145936] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [10/15/2008 8:41 AM 621120] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [10/15/2008 8:41 AM 150080] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [8/11/2008 10:02 AM 26137] R3 RCSpyDDML;RCSpyDDML;c:\windows\system32\drivers\RCSpyMP.sys [12/6/2004 4:09 AM 14336] S2 Euprsvc;Eupr Service;c:\program files\Eupr\xrxacm_euprsvc.exe [1/19/2008 3:12 PM 204800] S2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [8/6/2003 12:18 PM 49152] S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [8/6/2003 12:18 PM 73728] S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [8/6/2003 12:18 PM 73728] S3 EracentARPC;EracentARPC;c:\epa.epa\arpcollector.sys [8/11/2008 10:32 AM 16640] S3 ExtranetAccess;Contivity VPN Service;c:\program files\Xerox External Access Network\Extranet_serv.exe [8/11/2008 10:02 AM 811008] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [8/11/2008 10:02 AM 155152] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/5/2009 9:02 AM 39984] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/17/2011 9:24 AM 85152] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S4 SDService;Unicenter Software Delivery;c:\tngsd\BIN\SDServ.exe [2/22/2006 5:43 PM 32768] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}] 2011-02-17 19:00 124928 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2009-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://xww.internal.xerox.com/ uInternet Connection Wizard,ShellNext = hxxp://xww.internal.world.xerox.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: centrewareweb.com\portal Trusted Zone: livemeeting.com Trusted Zone: xerox.com Trusted Zone: xerox.net TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-03 10:19 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMPrimer] "ImagePath"="\"c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe\" -DMPRIMER_SERVICE_:" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1708) c:\windows\system32\pssogina.dll c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(5100) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-07-03 10:20:48 ComboFix-quarantined-files.txt 2011-07-03 14:20 ComboFix2.txt 2011-07-02 23:38 ComboFix3.txt 2011-06-29 22:39 ComboFix4.txt 2011-06-29 20:22 ComboFix5.txt 2011-07-03 14:12 . Pre-Run: 42,020,077,568 bytes free Post-Run: 42,007,048,192 bytes free . - - End Of File - - 15C21F53E76501AABE11FDD5E1832009
  6. Thanks for understanding - here are the results of the scan / reboot from Combofix: ComboFix 11-07-02.02 - US883862 07/02/2011 19:18:56.8.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1482 [GMT -4:00] Running from: c:\documents and settings\US883862\Desktop\Virus Software\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\TEMP\logishrd\LVPrcInj01.dll . ----- BITS: Possible infected sites ----- . hxxp://USA0300SD006.NA.XEROX.NET:80 . ((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 ))))))))))))))))))))))))))))))) . . 2011-07-02 23:19 . 2011-07-02 23:19 -------- d-----w- c:\program files\temp 2011-06-29 22:48 . 2011-06-29 22:48 0 ---ha-w- c:\documents and settings\US883862\oshxjmencw.tmp 2011-06-13 12:17 . 2011-06-13 12:17 365056 ----a-w- c:\windows\system32\audiodev32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2009-06-05 13:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-06-05 13:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-17 13:23 . 2011-05-17 13:24 145936 ----a-w- c:\windows\system32\mfevtps.exe 2011-05-17 13:23 . 2011-05-17 13:24 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-05-17 13:23 . 2011-05-17 13:24 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-05-17 13:23 . 2011-05-17 13:24 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-05-17 13:23 . 2011-05-17 13:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-05-17 13:23 . 2011-05-17 13:24 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-05-17 13:23 . 2011-05-17 13:24 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-05-17 13:23 . 2011-05-17 13:24 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-05-12 21:32 . 2008-08-12 14:02 82696 ----a-w- c:\windows\system32\lmdimon8.dll 2011-05-12 21:32 . 2008-08-12 14:02 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll 2008-10-08 17:18 . 2007-10-01 18:54 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2008-10-08 17:18 . 2007-10-01 18:54 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2008-10-08 17:18 . 2007-10-01 18:54 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2008-10-08 17:18 . 2007-10-01 18:54 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx . . ((((((((((((((((((((((((((((( SnapShot@2011-06-27_18.53.02 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-02 23:26 . 2011-07-02 23:26 16384 c:\windows\Temp\Perflib_Perfdata_170.dat + 2007-10-01 14:13 . 2011-07-02 23:32 72824 c:\windows\system32\perfc009.dat - 2007-10-01 14:13 . 2011-06-27 17:52 72824 c:\windows\system32\perfc009.dat + 2007-10-01 14:13 . 2011-07-02 23:32 445878 c:\windows\system32\perfh009.dat - 2007-10-01 14:13 . 2011-06-27 17:52 445878 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CE8B7C-036A-4F89-BE62-4BEE3A922940}] 2011-06-13 12:17 365056 ----a-w- c:\windows\system32\audiodev32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Sxplog"="c:\sxpinst\sxpstub.exe" [2004-09-08 20480] "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2007-12-07 5720072] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-10-20 36864] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-10-20 40960] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-10-15 670272] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-03-01 148888] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247] . c:\documents and settings\US883862\Start Menu\Programs\Startup\ Yammer.lnk - c:\program files\Yammer\Yammer.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-1202660629-839522115-48216\Scripts\Logon\0\0] "Script"=DomUsr.exe . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "websrvx"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "iPod Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"= "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplgpad.exe"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "798:TCP"= 798:TCP:CA RCO 798-TCP . R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [10/15/2008 8:40 AM 217024] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/17/2011 9:24 AM 88544] R2 EPAService;EPAService;c:\epa.epa\EPAService.exe [8/11/2008 10:04 AM 221184] R2 Euprsvc;Eupr Service;c:\program files\Eupr\xrxacm_euprsvc.exe [1/19/2008 3:12 PM 204800] R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [8/6/2003 12:18 PM 49152] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/17/2011 9:24 AM 145936] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [10/15/2008 8:41 AM 621120] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [10/15/2008 8:41 AM 150080] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [8/11/2008 10:02 AM 26137] R3 RCSpyDDML;RCSpyDDML;c:\windows\system32\drivers\RCSpyMP.sys [12/6/2004 4:09 AM 14336] S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [8/6/2003 12:18 PM 73728] S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [8/6/2003 12:18 PM 73728] S3 EracentARPC;EracentARPC;c:\epa.epa\arpcollector.sys [8/11/2008 10:32 AM 16640] S3 ExtranetAccess;Contivity VPN Service;c:\program files\Xerox External Access Network\Extranet_serv.exe [8/11/2008 10:02 AM 811008] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [8/11/2008 10:02 AM 155152] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/5/2009 9:02 AM 39984] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/17/2011 9:24 AM 85152] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S4 SDService;Unicenter Software Delivery;c:\tngsd\BIN\SDServ.exe [2/22/2006 5:43 PM 32768] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}] 2011-02-17 19:00 124928 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2009-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://xww.internal.xerox.com/ uInternet Connection Wizard,ShellNext = hxxp://xww.internal.world.xerox.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: centrewareweb.com\portal Trusted Zone: livemeeting.com Trusted Zone: xerox.com Trusted Zone: xerox.net TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-02 19:28 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes . scan completed successfully hidden files: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMPrimer] "ImagePath"="\"c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe\" -DMPRIMER_SERVICE_:" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1708) c:\windows\system32\pssogina.dll . - - - - - - - > 'explorer.exe'(9140) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Eupr\xrxacm_pa.exe c:\windows\System32\SCardSvr.exe c:\program files\CA\SharedComponents\CAM\bin\cam.exe c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\CA\Unicenter Remote Control\rcHost.exe c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe c:\windows\system32\CCM\CcmExec.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\windows\system32\igfxsrvc.exe c:\windows\stsystra.exe c:\program files\Apoint\ApMsgFwd.exe c:\sxpinst\sxplog32.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2011-07-02 19:38:02 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-02 23:37 ComboFix2.txt 2011-06-29 22:39 ComboFix3.txt 2011-06-29 20:22 ComboFix4.txt 2011-06-28 23:41 ComboFix5.txt 2011-07-02 23:17 . Pre-Run: 41,921,335,296 bytes free Post-Run: 42,013,765,632 bytes free . - - End Of File - - 7C012B90C9BDAE0F3AF2C526CED09252
  7. Unfortunately I can not perform what you ask. My internal support team has told me to live with the issue as they can not fix it. I was hoping I could resolve the issue outside our normal channels. If uninstalling the app is my only choice, I thank you for your time.
  8. Is there a way to disable McAfee without un-install? I do not have a way to reload once it is gone.
  9. Thank you for the response - here are the files you've requested: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.11 Run by US883862 at 16:11:38 on 2011-07-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1452 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Eupr\xrxacm_euprsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eupr\xrxacm_pa.exe svchost.exe C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe c:\epa.epa\EPAService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\LogWatNT.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\Prot_srv.exe C:\WINDOWS\system32\pstartSr.exe C:\Program Files\CA\Unicenter Remote Control\rcHost.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\SxpInst\sxplog32.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\ctfmon.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://xww.internal.xerox.com/ uInternet Connection Wizard,ShellNext = hxxp://xww.internal.world.xerox.com/ BHO: {01ce8b7c-036a-4f89-be62-4bee3a922940} - c:\windows\system32\audiodev32.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110517092442.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [iSUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [sxplog] c:\sxpinst\sxpstub.exe mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Pointsec Tray] c:\program files\pointsec\pointsec for pc\P95Tray.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" StartupFolder: c:\docume~1\us883862\startm~1\programs\startup\yammer.lnk - c:\program files\yammer\Yammer.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: centrewareweb.com\portal Trusted Zone: livemeeting.com Trusted Zone: xerox.com Trusted Zone: xerox.net DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{05D1706C-888B-47B6-BCBF-11E86D143589} : DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{593B1463-A4BC-4BD5-A9C1-340C3E8F104C} : DhcpNameServer = 192.168.1.1 192.168.1.1 Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4 . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-5-17 436728] R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2008-10-15 217024] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-5-17 88544] R2 CA-MessageQueuing;Unicenter Message Queuing Server;c:\program files\ca\sharedcomponents\cam\bin\cam.exe [2008-8-11 168015] R2 EPAService;EPAService;c:\epa.epa\EPAService.exe [2008-8-11 221184] R2 Euprsvc;Eupr Service;c:\program files\eupr\xrxacm_euprsvc.exe [2008-1-19 204800] R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2003-8-6 49152] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-17 159320] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-17 145936] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2008-10-15 621120] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2008-10-15 150080] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-8-11 26137] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-5-17 171296] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-17 58456] R3 RCSpyDDML;RCSpyDDML;c:\windows\system32\drivers\RCSpyMP.sys [2004-12-6 14336] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [2003-8-6 73728] S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [2003-8-6 73728] S3 EracentARPC;EracentARPC;c:\epa.epa\arpcollector.sys [2008-8-11 16640] S3 ExtranetAccess;Contivity VPN Service;c:\program files\xerox external access network\Extranet_serv.exe [2008-8-11 811008] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-8-11 155152] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-5 39984] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-17 85152] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S4 SDService;Unicenter Software Delivery;c:\tngsd\bin\SDServ.exe [2006-2-22 32768] . =============== Created Last 30 ================ . 2011-06-29 22:48:11 0 ---ha-w- c:\documents and settings\us883862\oshxjmencw.tmp 2011-06-27 17:33:14 -------- d-sha-r- C:\cmdcons 2011-06-27 17:31:08 208896 ----a-w- c:\windows\MBR.exe 2011-06-27 17:31:05 98816 ----a-w- c:\windows\sed.exe 2011-06-27 17:31:05 518144 ----a-w- c:\windows\SWREG.exe 2011-06-27 17:31:05 256000 ----a-w- c:\windows\PEV.exe 2011-06-13 12:17:46 365056 ----a-w- c:\windows\system32\audiodev32.dll . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-17 13:23:17 145936 ----a-w- c:\windows\system32\mfevtps.exe 2011-05-17 13:23:16 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-05-17 13:23:16 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-05-17 13:23:15 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-05-17 13:23:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-05-17 13:23:13 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-05-17 13:23:13 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-05-17 13:23:12 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-05-12 21:32:42 82696 ----a-w- c:\windows\system32\lmdimon8.dll 2011-05-12 21:32:42 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll 2008-10-08 17:18:36 626688 ----a-w- c:\program files\common files\sapconsaccess.dll 2008-10-08 17:18:36 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx 2008-10-08 17:18:36 3125248 ----a-w- c:\program files\common files\sapxlhelper.dll 2008-10-08 17:18:36 192512 ----a-w- c:\program files\common files\sapconsr3.dll . ============= FINISH: 16:12:16.00 =============== 2011/07/02 16:18:28.0421 6936 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16 2011/07/02 16:18:28.0765 6936 ================================================================================ 2011/07/02 16:18:28.0765 6936 SystemInfo: 2011/07/02 16:18:28.0765 6936 2011/07/02 16:18:28.0765 6936 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/02 16:18:28.0765 6936 Product type: Workstation 2011/07/02 16:18:28.0765 6936 ComputerName: 8H1YRG1 2011/07/02 16:18:28.0765 6936 UserName: US883862 2011/07/02 16:18:28.0765 6936 Windows directory: C:\WINDOWS 2011/07/02 16:18:28.0765 6936 System windows directory: C:\WINDOWS 2011/07/02 16:18:28.0765 6936 Processor architecture: Intel x86 2011/07/02 16:18:28.0765 6936 Number of processors: 2 2011/07/02 16:18:28.0765 6936 Page size: 0x1000 2011/07/02 16:18:28.0765 6936 Boot type: Normal boot 2011/07/02 16:18:28.0765 6936 ================================================================================ 2011/07/02 16:18:30.0500 6936 Initialize success 2011/07/02 16:18:37.0531 7788 ================================================================================ 2011/07/02 16:18:37.0531 7788 Scan started 2011/07/02 16:18:37.0531 7788 Mode: Manual; 2011/07/02 16:18:37.0531 7788 ================================================================================ 2011/07/02 16:18:39.0703 7788 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/07/02 16:18:39.0718 7788 Boot (0x1200) (b87fee94f63a43801e7a4194e17804a2) \Device\Harddisk0\DR0\Partition0 2011/07/02 16:18:39.0718 7788 ================================================================================ 2011/07/02 16:18:39.0718 7788 Scan finished 2011/07/02 16:18:39.0718 7788 ================================================================================ 2011/07/02 16:18:39.0734 7856 Detected object count: 0 2011/07/02 16:18:39.0734 7856 Actual detected object count: 0 Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! McAfee VirusScan Enterprise McAfee Agent WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 14 Java 2 Runtime Environment, SE v1.4.2_06 Out of date Java installed! Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent McAfee VirusScan Enterprise SHSTAT.EXE US883862 Desktop Virus Software SecurityCheck.exe ``````````End of Log````````````
  10. I've tried to follow some of the threads to get rid of this nasty, but I've had no luck. time to call int he experts: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6991 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 7/1/2011 9:09:31 AM mbam-log-2011-07-01 (09-09-31).txt Scan type: Full scan (C:\|) Objects scanned: 262341 Time elapsed: 1 hour(s), 4 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.