Jump to content

malwarebytes does not run


Recommended Posts

I know i have gotten a virus because random websites start to pop every few minutes even when im not using ie...i already have malwarebytes installed but every time i run it, it gets shut down on task manager or it wont run at all. i already tried changing the file name, working on safe mode and it still does not work. can you please help me find what the problem is and how to get rid of this virus?

thank you very much

Daniel

Link to post
Share on other sites

Hello Daniel,

What is the Windows version? XP or Vista or ??

See about at least getting a log from HijackThis

see this topic about getting & running HijackThis.

Then copy and paste that log in a reply here

Does this pc have an antvirus program that is up-to-date? which one ? Has the pc ever been without an antvirus?

Link to post
Share on other sites

it is windows xp

i have installed hijack this but when i click to run it, it also gets shut down like malwarebytes.

i have mcafee anti virus which is up to date. is there anything i need t o shut down or do to bypass the virus to run the program? every time i run the malware or hijackthis, i see it for a second on task manager then it disappears. im assuming the virus keeps on shutting it down

Link to post
Share on other sites

It is most likely something more like a rootkit --- not a virus. A malicious devilish, evil thing.

Download this INF repair file by MS-MVP Miekiemoes: http://users.telenet.be/bluepatchy/miekiem...orepolicies.zip

Unzip the download. Open the folder VArestorepolicies and Right-click the file inside, VArestorepolicies.INF and choose Install.

Delete the download, the unzipped folder and all contents.

=

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

[*] Double-click FixPolicies.exe.

[*] Click the "Install" button on the bottom toolbar of the box that will open.

[*] The program will create a new Folder called FixPolicies.

[*] Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.

[*] A black box will briefly appear and then close.

[*] This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

=

HijackThis (HJT) "should" be installed in the C:\Program Files\Trend Micro\HijackThis folder by default .

Using My Computer {Windows Explorer} locate C:\Program Files\Trend Micro\HijackThis\hijackthis.exe <<--- this file

Now, do a right-click on the exe and RENAME it to findem.exe

Then start Findem. Do a Scan, and save log. Copy the contents of Hijackthis log into your next reply.

Go here and download Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious.

Reply with a copy of the Hijackthis.log and

the Silent Runners log

Link to post
Share on other sites

then i downloaded FixPolicies.exe and did everything you asked but the program would still not start. then i did the silent runners and this is the log i got from them

my bad i did the silent runners wrong sorry for the unnecessary posts. here is what the log said once it finished

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Aim6" = ""C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp" ["AOL LLC"]

"A00F1CB98.exe" = "C:\DOCUME~1\user\LOCALS~1\Temp\_A00F1CB98.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"mcagent_exe" = ""C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey" ["McAfee, Inc."]

"McENUI" = "C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide" ["McAfee, Inc."]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "Internet Explorer Version Update"

\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)

-> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)

-> {HKLM...CLSID} = "UberButton Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)

-> {HKLM...CLSID} = "PCTools Site Guard"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]

{65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = (no title provided)

-> {HKLM...CLSID} = "YahooTaggedBM Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll" ["Yahoo! Inc."]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"

-> {HKLM...CLSID} = "scriptproxy"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll" ["McAfee, Inc."]

{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided)

-> {HKLM...CLSID} = "McAfee SiteAdvisor BHO"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll" ["McAfee, Inc."]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)

-> {HKLM...CLSID} = "PCTools Browser Monitor"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SidebarAutoLaunch Class"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll" ["Yahoo! Inc."]

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SingleInstance Class"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll" ["Yahoo! Inc"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {HKLM...CLSID} = "Display Panning CPL Extension"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]

"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode"

-> {HKLM...CLSID} = "Microsoft Office Binder Explode"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"

-> {HKLM...CLSID} = "MCLiteShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"

-> {HKLM...CLSID} = "YMailShellExt Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

"{3DE5DB7C-0EA5-4337-8A5C-D0AC6D154C1B}" = "SFS_CONTEXT"

-> {HKLM...CLSID} = "Simple File Shredder Shell Context Menu"

\InProcServer32\(Default) = "C:\PROGRA~1\scar5\SIMPLE~1\sfsshell.dll" ["scar5 Software"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> 6074df77654\DLLName = "C:\WINDOWS\System32\dpv1132.dll" [null data]

<<!>> __c00BB40C\DLLName = "C:\WINDOWS\system32\__c00BB40C.dat" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"

-> {HKLM...CLSID} = "MCLiteShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]

McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}"

-> {HKLM...CLSID} = "CtxMenu Class"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."]

SFS_CONTEXT\(Default) = "{3DE5DB7C-0EA5-4337-8A5C-D0AC6D154C1B}"

-> {HKLM...CLSID} = "Simple File Shredder Shell Context Menu"

\InProcServer32\(Default) = "C:\PROGRA~1\scar5\SIMPLE~1\sfsshell.dll" ["scar5 Software"]

Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"

-> {HKLM...CLSID} = "YMailShellExt Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"

-> {HKLM...CLSID} = "MCLiteShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]

SFS_CONTEXT\(Default) = "{3DE5DB7C-0EA5-4337-8A5C-D0AC6D154C1B}"

-> {HKLM...CLSID} = "Simple File Shredder Shell Context Menu"

\InProcServer32\(Default) = "C:\PROGRA~1\scar5\SIMPLE~1\sfsshell.dll" ["scar5 Software"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Documents and Settings\user\Desktop\myshit\dann\mbamext.dll" ["Malwarebytes Corporation"]

McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}"

-> {HKLM...CLSID} = "CtxMenu Class"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Documents and Settings\user\Desktop\myshit\dann\mbamext.dll" ["Malwarebytes Corporation"]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSetActiveDesktop" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|

Prohibit changes}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"NoSetActiveDesktop" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"NoCDBurning" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

{unrecognized setting}

"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CanonCW50PicturesOnArrival\

"Provider" = "Canon CameraWindow"

"InvokeProgID" = "Cw50.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Cw50.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\CameraWindow\CameraWindowMC\CameraLauncher.exe" [empty string]

CanonZB4PicturesOnArrival\

"Provider" = "ZoomBrowser EX"

"InvokeProgID" = "Zb.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY "%1"" [empty string]

EHomeMusicDropTarget\

"Provider" = "Media Center"

"InvokeProgID" = "EHomeDropTarget.EHomeMusicDropTarget"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = "{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}"

-> {HKLM...CLSID} = "EHomeMusicDropTarget Class"

\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomePhotosHandler\

"Provider" = "Media Center"

"InvokeProgID" = "EHomeDropTarget.EHomePhotosHandler"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = "{4b7601c1-d292-4902-89f4-583a5ce0c535}"

-> {HKLM...CLSID} = "EHomePhotosHandler Class"

\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideoDropTarget\

"Provider" = "Media Center"

"InvokeProgID" = "EHomeDropTarget.EHomeVideoDropTarget"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = "{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}"

-> {HKLM...CLSID} = "EHomeVideoDropTarget Class"

\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideosHandler\

"Provider" = "Media Center"

"InvokeProgID" = "EHomeDropTarget.EHomeVideosHandler"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = "{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}"

-> {HKLM...CLSID} = "EHomeVideosHandler Class"

\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MediaCapture9Music\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture9"

"InvokeVerb" = "Audio"

HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Audio\command\(Default) = "C:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -audio %L" ["Sonic Solutions"]

MediaCapture9Photos\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture9"

"InvokeVerb" = "Photo"

HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Photo\command\(Default) = "C:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -photo %L" ["Sonic Solutions"]

MediaCapture9VideoCamera\

"Provider" = "Media Import"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Roxio\Media Import 9\MediaCapture9.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MediaCapture9Videos\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture9"

"InvokeVerb" = "Video"

HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Video\command\(Default) = "C:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -video %L" ["Sonic Solutions"]

NTIBurner\

"Provider" = "NTI CD-Maker"

"InvokeProgID" = "NTIBurnerOpen"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = ""c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe"" ["NewTech Infosystems, Inc."]

PDVDPlayCDAudioOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]

PDVDPlayDVDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

PDVDPlayVCDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

RoxioSCAudioCDTask33\

"Provider" = "Roxio Creator Audio"

"InvokeProgID" = "Roxio.RoxioCentral33"

"InvokeVerb" = "AudioCDTask"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B}" [null data]

RoxioSCCopyCD33\

"Provider" = "Sonic Creator Copy"

"InvokeProgID" = "Roxio.RoxioCentral33"

"InvokeVerb" = "ExactCopyJob"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCCopyDisc33\

"Provider" = "Sonic Creator Copy"

"InvokeProgID" = "Roxio.RoxioCentral33"

"InvokeVerb" = "ExactCopyJob"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCDataProject33\

"Provider" = "Roxio Creator Data"

"InvokeProgID" = "Roxio.RoxioCentral33"

"InvokeVerb" = "DataGuide"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch Data" [null data]

RoxioSCDataTask33\

"Provider" = "Roxio Creator Data"

"InvokeProgID" = "Roxio.RoxioCentral33"

"InvokeVerb" = "DataTask"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54}" [null data]

RPCDBurningOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.CDBurn.6"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\

"Provider" = "RealPlayer"

"ProgID" = "RealPlayer.HWEventHandler"

HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"

-> {HKLM...CLSID} = "RealNetworks Scheduler"

\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AudioCD.6"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.DVD.6"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AutoPlay.6"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

Enabled Scheduled Tasks:

------------------------

"McDefragTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f" ["McAfee, Inc."]

"McQcTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."]

"wpczbjnn" -> launches: "C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\tuvssSjk.dll",d" [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 28

%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll" ["Yahoo! Inc."]

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

-> {HKLM...CLSID} = "&Links"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll" ["Yahoo! Inc."]

"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" = "McAfee SiteAdvisor"

-> {HKLM...CLSID} = "McAfee SiteAdvisor Toolbar"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll" ["McAfee, Inc."]

"{0FBB9689-D3D7-4F7A-A2E2-585B10099BFC}" = "Veoh Web Player Video Finder"

-> {HKLM...CLSID} = "Veoh Web Player Video Finder"

\InProcServer32\(Default) = "C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll" ["Veoh Networks Inc"]

"{52836EB0-631A-47B1-94A6-61F9D9112DAE}" = "Veoh Video Compass"

-> {HKLM...CLSID} = "Veoh Video Compass"

\InProcServer32\(Default) = "C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll" ["Veoh Networks"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}\(Default) = "AT&T Yahoo! Sidebar"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Yahoo!\browser\ysidebarIE.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\

{13C1DBF6-7535-495C-91F6-8C13714ED485}\

"ButtonText" = "Absolute Poker"

"MenuText" = "Absolute Poker"

"Exec" = "C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk" [file not found]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\

"ButtonText" = "Spyware Doctor"

"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"

-> {HKLM...CLSID} = "PCTools Browser Monitor"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\

"ButtonText" = "AT&T Yahoo! Services"

"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"

-> {HKLM...CLSID} = "UberButton Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\

"ButtonText" = "AIM"

"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\

"ButtonText" = "ICQ Lite"

"MenuText" = "ICQ Lite"

"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points

------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll" ["Yahoo! Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

McAfee Network Agent, McNASvc, ""c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]

McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."]

McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."]

McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."]

McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."]

McAfee SiteAdvisor Service, McAfee SiteAdvisor Service, ""C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"" ["McAfee, Inc."]

McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."]

Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]

Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]

Yahoo! Updater, YahooAUService, ""C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"" ["Yahoo! Inc."]

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]

HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]

LIDIL hpzll054\Driver = "hpzll054.dll" ["Hewlett-Packard Company"]

Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]

---------- (launch time: 2009-08-11 13:36:05)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 68 seconds, including 25 seconds for message boxes)

Link to post
Share on other sites

Hello Daniel,

I have deleted several of your replies that just had unwanted copies.

As we go further along, if you run into a similar problem, just ask here on the forum before going further.

Ask first.

I'm going to have you run some other tools that may have better luck.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not maryamian/Daniel and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

=

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Next, also do this:

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

=

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF you should see a message like this:

Rookit_found.gif

then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

=

RE-Enable your AntiVirus and AntiSpyware applications.

=

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Reply with copy of C:\Combofix.txt

Log.txt

Info.txt

and advise, How is your system now ?

Link to post
Share on other sites

ATF-Cleaner was not able to run when i first installed it

Here is the C:\ComboFix.tx:

C:\Windows\system32\drivers\UACbrovdhosdp.sys

C:\Windows\system32\UACmyrgopyowf.dll

C:\Windows\system32\UACpktkipjeqy.dll

C:\Windows\system32\UACavbrpbiqqj.dat

C:\Windows\system32\UACkvxewpbkct.db

C:\Windows\system32\UACtxvbvtfhvw.dll

C:\Windows\system32\UACwutuwylkmy.dll

Here is the log from combofix:

ComboFix 09-08-10.06 - user 08/11/2009 18:48.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.566 [GMT -7:00]

Running from: c:\documents and settings\user\Desktop\Combo-fix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\user\APPLIC~1\020000009c5f7433654C.manifest

c:\docume~1\user\APPLIC~1\020000009c5f7433654O.manifest

c:\docume~1\user\APPLIC~1\020000009c5f7433654P.manifest

c:\docume~1\user\APPLIC~1\020000009c5f7433654S.manifest

c:\documents and settings\Administrator\Application Data\020000009c5f7433654C.manifest

c:\documents and settings\Administrator\Application Data\020000009c5f7433654O.manifest

c:\documents and settings\Administrator\Application Data\020000009c5f7433654P.manifest

c:\documents and settings\Administrator\Application Data\020000009c5f7433654S.manifest

c:\program files\Common

c:\temp\1cb

c:\temp\1cb\syscheck.log

c:\temp\DIV55

c:\temp\DIV55\xDb.log

c:\temp\tn3

c:\windows\GnuHashes.ini

c:\windows\kb913800.exe

c:\windows\run.log

c:\windows\system32\__c0027212.dat

c:\windows\system32\__c0062B4F.dat

c:\windows\system32\__c0083900.dat

c:\windows\system32\__c00899FC.dat

c:\windows\system32\__c008AAAC.dat

c:\windows\system32\__c00BB40C.dat

c:\windows\system32\__c00E8A84.dat

c:\windows\system32\bin

c:\windows\system32\drivers\UACbrovdhosdp.sys

c:\windows\system32\drivers\vsfocevbxxukrq.sys

c:\windows\system32\GroupPolicy000.dat

c:\windows\system32\ki3

c:\windows\system32\kn8Tb3oSKRAKbcE.vbs

c:\windows\system32\SystemX86

c:\windows\system32\SystemX86\245.crack.zip

c:\windows\system32\SystemX86\245.crack.zip.kwd

c:\windows\system32\SystemX86\246.keygen.zip

c:\windows\system32\SystemX86\246.keygen.zip.kwd

c:\windows\system32\SystemX86\247.serial.zip

c:\windows\system32\SystemX86\247.serial.zip.kwd

c:\windows\system32\SystemX86\248.setup.zip

c:\windows\system32\SystemX86\248.setup.zip.kwd

c:\windows\system32\SystemX86\249.music.au

c:\windows\system32\SystemX86\249.music.au.kwd

c:\windows\system32\SystemX86\250.music2.au

c:\windows\system32\SystemX86\250.music2.au.kwd

c:\windows\system32\SystemX86\251.music3.au

c:\windows\system32\SystemX86\251.music3.au.kwd

c:\windows\system32\SystemX86\252.music.snd

c:\windows\system32\SystemX86\252.music.snd.kwd

c:\windows\system32\UACavbrpbiqqj.dat

c:\windows\system32\uacinit.dll

c:\windows\system32\UACkvxewpbkct.db

c:\windows\system32\UACmyrgopyowf.dll

c:\windows\system32\UACpktkipjeqy.dll

c:\windows\system32\UACrqhrkgudup.dll

c:\windows\system32\UACtxvbvtfhvw.dll

c:\windows\system32\UACwutuwylkmy.dll

c:\windows\system32\uniq.tll

c:\windows\system32\uv9

c:\windows\system32\VC

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

-------\Legacy_UACd.sys

-------\Legacy_OREANS32

-------\Service_oreans32

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))

.

2009-08-12 01:26 . 2009-08-12 01:26 -------- d-----w- c:\program files\ERUNT

2009-08-11 20:08 . 2009-08-11 20:08 -------- d-----w- c:\program files\Trend Micro

2009-08-11 19:10 . 2009-08-11 19:10 -------- d--h--w- c:\windows\PIF

2009-08-11 18:45 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-11 18:45 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-11 18:28 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2009-08-11 18:28 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2009-08-11 18:28 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2009-08-11 18:28 . 2001-08-18 05:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2009-08-11 18:28 . 2001-08-18 05:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2009-08-11 18:28 . 2001-08-18 05:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2009-08-11 18:28 . 2001-08-17 19:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2009-08-11 18:28 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2009-08-11 18:28 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2009-08-11 18:26 . 2004-08-10 20:00 5376 ----a-w- c:\windows\system32\dllcache\viaide.sys

2009-08-11 18:25 . 2001-08-18 05:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll

2009-08-11 18:24 . 2001-08-17 19:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys

2009-08-11 18:23 . 2001-08-17 20:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys

2009-08-11 18:22 . 2008-04-13 18:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys

2009-08-11 18:21 . 2001-08-17 19:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys

2009-08-11 18:20 . 2001-08-17 20:57 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys

2009-08-11 18:19 . 2001-08-18 05:36 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll

2009-08-11 18:18 . 2001-08-18 05:36 44544 ----a-w- c:\windows\system32\dllcache\ovui2.dll

2009-08-11 18:17 . 2001-08-17 19:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys

2009-08-11 18:16 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2009-08-11 18:15 . 2001-08-18 05:36 58880 ----a-w- c:\windows\system32\dllcache\m3092dc.dll

2009-08-11 18:14 . 2001-08-17 20:50 38784 ----a-w- c:\windows\system32\dllcache\io8.sys

2009-08-11 18:13 . 2001-08-17 20:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys

2009-08-11 18:12 . 2001-08-18 05:36 119296 ----a-w- c:\windows\system32\dllcache\hpdigwia.dll

2009-08-11 18:11 . 2001-08-18 05:36 45568 ----a-w- c:\windows\system32\dllcache\esuni.dll

2009-08-11 18:10 . 2004-08-10 20:00 20192 ----a-w- c:\windows\system32\dllcache\dpti2o.sys

2009-08-11 18:09 . 2001-08-17 19:19 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys

2009-08-11 18:08 . 2001-08-17 19:11 31529 ----a-w- c:\windows\system32\dllcache\brzwlan.sys

2009-08-11 18:07 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2009-08-11 04:15 . 2009-08-11 04:15 0 ----a-w- c:\documents and settings\user\settings.dat

2009-08-10 09:45 . 2009-08-10 09:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-08-10 09:39 . 2009-08-10 09:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-08-10 09:39 . 2009-08-10 09:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-08-10 05:18 . 2009-08-10 05:18 122368 ----a-w- c:\windows\system32\dpv1132.dll

2009-08-08 10:03 . 2009-08-08 10:03 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2009-08-08 10:03 . 2009-08-08 10:03 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-08 10:03 . 2009-08-08 10:03 -------- d-----w- c:\program files\MSBuild

2009-08-08 10:03 . 2009-08-08 10:03 -------- d-----w- c:\program files\Reference Assemblies

2009-08-08 10:02 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-08 10:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-08 10:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-08 10:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-08 10:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-08 10:02 . 2009-08-08 10:03 -------- d-----w- C:\cd0d44575f881c8ea98d12d804cf

2009-08-08 10:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-08 10:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-08 10:00 . 2009-08-08 10:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-08-05 10:16 . 2009-08-05 10:16 -------- d-----w- C:\Cache

2009-07-21 04:03 . 2009-07-21 04:03 -------- d-----w- c:\program files\ASIO4ALL v2

2009-07-21 02:13 . 2009-07-21 04:03 -------- d-----w- c:\program files\VstPlugins

2009-07-21 02:13 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll

2009-07-21 02:13 . 2009-07-21 02:13 -------- d-----w- c:\program files\Outsim

2009-07-21 02:11 . 2009-08-11 08:24 -------- d-----w- c:\program files\Image-Line

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-12 01:56 . 2009-08-12 01:56 518144 --sha-w- c:\windows\system32\9.tmp

2009-08-12 01:20 . 2007-11-07 20:40 56 ----a-w- c:\windows\sfshell.tmp

2009-08-11 18:43 . 2009-08-10 06:36 122 ----a-w- c:\documents and settings\user\udpcrawl.tmp

2009-08-11 07:33 . 2006-05-12 06:59 -------- d-----w- c:\program files\Steam

2009-08-11 04:47 . 2008-02-10 02:22 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP

2009-08-10 05:18 . 2009-08-10 05:18 518144 --sha-w- c:\windows\system32\2A.tmp

2009-08-10 05:05 . 2007-06-11 10:03 -------- d-----w- c:\docume~1\user\APPLIC~1\Azureus

2009-08-10 05:04 . 2006-02-05 22:37 57984 -c--a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-10 04:20 . 2006-10-13 21:08 -------- d-----w- c:\docume~1\user\APPLIC~1\Skype

2009-08-10 01:25 . 2009-02-27 23:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-08-05 05:39 . 2009-04-05 00:31 -------- d-----w- c:\program files\Vuze

2009-08-04 00:31 . 2009-08-04 00:31 1215513 ----a-w- c:\windows\system32\xa.tmp

2009-07-31 18:27 . 2009-02-27 22:33 -------- d-----w- c:\program files\McAfee

2009-07-31 04:46 . 2009-02-27 22:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee

2009-06-25 04:12 . 2008-03-03 07:37 256 ----a-w- c:\windows\system32\pool.bin

2009-06-19 00:58 . 2007-06-06 22:39 -------- d-----w- c:\program files\DivX

2009-06-16 14:36 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-10 20:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-13 22:56 . 2006-12-18 03:32 -------- d-----w- c:\program files\AIM6

2009-06-13 22:56 . 2006-05-12 04:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint

2009-06-13 22:55 . 2006-05-12 04:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL Downloads

2009-06-03 19:09 . 2005-06-29 01:55 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-05-14 06:25 . 2009-02-27 22:34 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-05-14 06:25 . 2009-02-27 22:34 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2009-05-14 06:25 . 2009-02-27 22:34 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-05-14 06:25 . 2009-02-27 22:34 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-05-14 06:24 . 2009-02-27 22:34 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-15 7307264]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-10 1176808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\6074df77654]

2009-08-10 05:18 122368 ----a-w- c:\windows\system32\dpv1132.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk

backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless 802.11g USB Adapter.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless 802.11g USB Adapter.lnk

backup=c:\windows\pss\Wireless 802.11g USB Adapter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]

path=c:\documents and settings\user\Start Menu\Programs\Startup\Microsoft Find Fast.lnk

backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Office Startup.lnk]

path=c:\documents and settings\user\Start Menu\Programs\Startup\Office Startup.lnk

backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SPBBCSvc"=3 (0x3)

"SNDSrvc"=3 (0x3)

"SBService"=2 (0x2)

"SAVScan"=3 (0x3)

"NPFMntor"=2 (0x2)

"navapsvc"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted PC Demo\\speedDemo.exe"=

"c:\\Program Files\\ICQLite\\ICQLite.exe"=

"c:\\Program Files\\Steam\\SteamApps\\prsnstowart987@sbcglobal.net\\counter-strike\\hl.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/27/2009 3:37 PM 203280]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/23/2007 4:46 PM 24652]

S1 viaagpp;viaagpp;c:\windows\system32\drivers\viaagpp.sys --> c:\windows\system32\drivers\viaagpp.sys [?]

S3 VM30xx86;Vimicro USB PC Camera (ZC030x);c:\windows\system32\drivers\vm30xx86.sys [1/31/2008 11:03 PM 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Spyware Doctor - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

Trusted Zone: amaena.com

Trusted Zone: avsystemcare.com

Trusted Zone: onerateld.com

Trusted Zone: safetydownload.com

Trusted Zone: trustedantivirus.com

Trusted Zone: virusschlacht.com

Trusted Zone: amaena.com

Trusted Zone: avsystemcare.com

Trusted Zone: onerateld.com

Trusted Zone: safetydownload.com

Trusted Zone: trustedantivirus.com

Trusted Zone: virusschlacht.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\docume~1\user\APPLIC~1\Mozilla\Firefox\Profiles\6xjsuede.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll

FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-11 18:56

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\GroupPolicy000.dat 0 bytes

c:\windows\system32\SystemX86

scan completed successfully

hidden files: 2

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)

c:\windows\System32\dpv1132.dll

- - - - - - - > 'explorer.exe'(6112)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\windows\System32\dpv1132.dll

c:\windows\system32\9.tmp

.

------------------------ Other Running Processes ------------------------

.

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\AIM6\aolsoftware.exe

c:\program files\Spyware Doctor\sdhelp.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\dllhost.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2009-08-12 19:00 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-12 02:00

Pre-Run: 17,978,167,296 bytes free

Post-Run: 18,056,204,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Here is the Log.txt:

Logfile of random's system information tool 1.06 (written by random/random)

Run by user at 2009-08-11 19:07:06

Microsoft Windows XP Professional Service Pack 3

System drive C: has 17 GB (27%) free of 63 GB

Total RAM: 958 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:07:31 PM, on 8/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\AIM6\aim6.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Documents and Settings\user\Desktop\RSIT.exe

C:\Program Files\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.onerateld.com

O15 - Trusted Zone: *.safetydownload.com

O15 - Trusted Zone: *.trustedantivirus.com

O15 - Trusted Zone: *.virusschlacht.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: 6074df77654 - C:\WINDOWS\System32\dpv1132.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 10078 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

C:\WINDOWS\tasks\wpczbjnn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]

UberButton Class - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2006-03-21 788664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]

YahooTaggedBM Class - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll [2006-07-28 120312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-05-13 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]

PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2006-03-01 833240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]

SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2008-11-20 911600]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424]

{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-02-24 429816]

{52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-02-13 404216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-14 7307264]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-05-01 645328]

"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-04-09 1176808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-18 49968]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6074dfd8]

C:\WINDOWS\system32\uwjhrori.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F275F1.exe]

C:\DOCUME~1\user\LOCALS~1\Temp\_A00F275F1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

C:\Program Files\AIM\aim.exe [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

C:\Program Files\AIM6\aim6.exe [2009-05-18 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]

C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-10-31 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework Windows]

frmwrk32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

C:\Program Files\Microsoft ActiveSync\wcescomm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

C:\Program Files\ICQLite\ICQLite.exe [2006-07-11 3144800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]

Alaunch []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

??z? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod]

C:\DOCUME~1\user\LOCALS~1\Temp\b.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe [2003-12-10 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]

C:\Program Files\Norton AntiVirus\CfgWiz.exe /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net]

C:\WINDOWS\system32\net.net []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]

c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2005-11-14 7307264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2005-11-14 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]

C:\WINDOWS\system32\prunnet.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

??z? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2006-09-25 20053544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [2005-08-26 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-01 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-02-24 3558136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2007-01-04 112336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VM30xSnap]

VM30xSnap.exe Vimicro USB PC Camera (ZC030x) []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-10-26 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]

C:\PROGRA~1\SBCLIG~1\bin\matcli.exe [2003-10-10 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless 802.11g USB Adapter.lnk]

C:\PROGRA~1\WIRELE~1.11~\ZDWlan.exe [2004-11-19 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]

C:\PROGRA~1\MICROS~2\Office\FINDFAST.EXE [1996-11-17 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Office Startup.lnk]

C:\PROGRA~1\MICROS~2\Office\OSA.EXE [1996-11-17 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SPBBCSvc"=3

"SNDSrvc"=3

"SBService"=2

"SAVScan"=3

"NPFMntor"=2

"navapsvc"=2

"ccSetMgr"=2

"ccPwdSvc"=3

"ccEvtMgr"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\6074df77654]

C:\WINDOWS\System32\dpv1132.dll [2009-08-09 122368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\EA GAMES\Need for Speed Most Wanted PC Demo\speedDemo.exe"="C:\Program Files\EA GAMES\Need for Speed Most Wanted PC Demo\speedDemo.exe:*:Enabled:speedDemo"

"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"

"C:\Program Files\Steam\SteamApps\prsnstowart987@sbcglobal.net\counter-strike\hl.exe"="C:\Program Files\Steam\SteamApps\prsnstowart987@sbcglobal.net\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

======List of files/folders created in the last 1 months======

2009-08-11 19:07:16 ----A---- C:\WINDOWS\GnuHashes.ini

2009-08-11 19:07:06 ----D---- C:\rsit

2009-08-11 19:00:41 ----A---- C:\ComboFix.txt

2009-08-11 18:56:49 ----SHD---- C:\WINDOWS\system32\SystemX86

2009-08-11 18:56:46 ----ASH---- C:\WINDOWS\system32\9.tmp

2009-08-11 18:39:04 ----A---- C:\Boot.bak

2009-08-11 18:38:58 ----RASHD---- C:\cmdcons

2009-08-11 18:36:41 ----A---- C:\WINDOWS\zip.exe

2009-08-11 18:36:41 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-08-11 18:36:41 ----A---- C:\WINDOWS\SWSC.exe

2009-08-11 18:36:41 ----A---- C:\WINDOWS\SWREG.exe

2009-08-11 18:36:41 ----A---- C:\WINDOWS\sed.exe

2009-08-11 18:36:41 ----A---- C:\WINDOWS\PEV.exe

2009-08-11 18:36:41 ----A---- C:\WINDOWS\NIRCMD.exe

2009-08-11 18:36:41 ----A---- C:\WINDOWS\grep.exe

2009-08-11 18:36:12 ----SD---- C:\Combo-fix

2009-08-11 18:35:04 ----D---- C:\Qoobox

2009-08-11 18:27:18 ----D---- C:\WINDOWS\ERDNT

2009-08-11 18:26:27 ----D---- C:\Program Files\ERUNT

2009-08-11 13:08:41 ----D---- C:\Program Files\Trend Micro

2009-08-11 12:10:49 ----HD---- C:\WINDOWS\PIF

2009-08-10 02:37:38 ----A---- C:\WINDOWS\ntbtlog.txt

2009-08-09 22:18:49 ----ASH---- C:\WINDOWS\system32\2A.tmp

2009-08-09 22:18:48 ----A---- C:\WINDOWS\system32\dpv1132.dll

2009-08-09 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2009-08-08 03:05:04 ----SHD---- C:\Config.Msi

2009-08-08 03:03:26 ----D---- C:\WINDOWS\system32\XPSViewer

2009-08-08 03:03:23 ----D---- C:\Program Files\MSBuild

2009-08-08 03:03:17 ----D---- C:\Program Files\Reference Assemblies

2009-08-08 03:02:49 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2009-08-08 03:02:49 ----N---- C:\WINDOWS\system32\prntvpt.dll

2009-08-08 03:02:48 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2009-08-08 03:02:48 ----D---- C:\cd0d44575f881c8ea98d12d804cf

2009-08-05 03:16:20 ----D---- C:\Cache

2009-08-04 23:37:03 ----A---- C:\MYSERVICES.TXT

2009-08-03 17:31:24 ----A---- C:\WINDOWS\system32\xa.tmp

2009-07-20 21:03:47 ----D---- C:\Program Files\ASIO4ALL v2

2009-07-20 19:13:51 ----D---- C:\Program Files\VstPlugins

2009-07-20 19:13:51 ----A---- C:\WINDOWS\system32\rewire.dll

2009-07-20 19:13:18 ----D---- C:\Program Files\Outsim

2009-07-20 19:11:07 ----D---- C:\Program Files\Image-Line

2009-07-14 20:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$

2009-07-14 20:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-07-14 20:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-11 19:07:17 ----D---- C:\WINDOWS\temp

2009-08-11 19:07:16 ----AD---- C:\WINDOWS

2009-08-11 19:07:09 ----D---- C:\WINDOWS\Prefetch

2009-08-11 19:05:13 ----D---- C:\Program Files\Mozilla Firefox

2009-08-11 19:00:43 ----AD---- C:\WINDOWS\system32\drivers

2009-08-11 19:00:43 ----AD---- C:\WINDOWS\system32

2009-08-11 18:58:48 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-11 18:56:52 ----A---- C:\WINDOWS\system.ini

2009-08-11 18:56:43 ----D---- C:\WINDOWS\Registration

2009-08-11 18:56:39 ----AC---- C:\WINDOWS\ModemLog_Standard Modem.txt

2009-08-11 18:54:26 ----D---- C:\WINDOWS\system32\config

2009-08-11 18:53:44 ----D---- C:\Temp

2009-08-11 18:53:43 ----D---- C:\Program Files

2009-08-11 18:52:30 ----D---- C:\WINDOWS\AppPatch

2009-08-11 18:52:26 ----D---- C:\Program Files\Common Files

2009-08-11 18:48:20 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-11 18:39:04 ----RASH---- C:\boot.ini

2009-08-11 18:20:47 ----A---- C:\WINDOWS\sfshell.tmp

2009-08-11 16:00:10 ----HD---- C:\WINDOWS\inf

2009-08-11 15:59:20 ----HD---- C:\WINDOWS\$hf_mig$

2009-08-11 11:34:22 ----RSHD---- C:\WINDOWS\system32\dllcache

2009-08-11 10:55:54 ----A---- C:\WINDOWS\win.ini

2009-08-11 01:33:20 ----D---- C:\WINDOWS\system32\en-US

2009-08-11 01:33:20 ----D---- C:\WINDOWS\Media

2009-08-11 01:33:20 ----D---- C:\WINDOWS\Help

2009-08-11 01:33:20 ----D---- C:\Program Files\Internet Explorer

2009-08-11 01:29:44 ----D---- C:\WINDOWS\ie8updates

2009-08-11 00:33:50 ----D---- C:\Program Files\Steam

2009-08-10 21:47:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-08-09 23:12:02 ----D---- C:\WINDOWS\Minidump

2009-08-09 22:05:25 ----D---- C:\Documents and Settings\user\Application Data\Azureus

2009-08-09 21:20:26 ----D---- C:\Documents and Settings\user\Application Data\Skype

2009-08-09 03:00:50 ----A---- C:\WINDOWS\imsins.BAK

2009-08-09 03:00:47 ----D---- C:\WINDOWS\system32\CatRoot

2009-08-08 16:39:08 ----SD---- C:\WINDOWS\Tasks

2009-08-08 14:12:40 ----D---- C:\WINDOWS\Microsoft.NET

2009-08-08 03:11:41 ----RSD---- C:\WINDOWS\assembly

2009-08-08 03:06:30 ----SHD---- C:\WINDOWS\Installer

2009-08-08 03:05:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-08-08 03:05:39 ----D---- C:\WINDOWS\WinSxS

2009-08-08 03:03:20 ----RSD---- C:\WINDOWS\Fonts

2009-08-08 03:03:07 ----D---- C:\WINDOWS\system32\spool

2009-08-08 03:03:01 ----AD---- C:\I386

2009-08-04 22:39:26 ----D---- C:\Program Files\Vuze

2009-08-03 17:43:34 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt

2009-07-31 11:27:26 ----D---- C:\Program Files\McAfee

2009-07-30 21:46:57 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]

R1 ikhfile;File Security Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhfile.sys []

R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhlayer.sys []

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-05-13 214024]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-04-09 120136]

R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []

R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 catchme;catchme; \??\C:\Combo-fix\catchme.sys []

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-05-13 79816]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-05-13 35272]

R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-05-13 40552]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-15 6144]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-14 3530880]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S1 viaagpp;viaagpp; C:\WINDOWS\System32\drivers\viaagpp.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

S3 KLIF;KLIF; \??\C:\PROGRA~1\PCTOOL~1\KLIF.SYS []

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-05-13 34248]

S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]

S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-04-16 22784]

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 VM30xx86;Vimicro USB PC Camera (ZC030x); C:\WINDOWS\System32\Drivers\vm30xx86.sys [2007-01-29 1294336]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 247296]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]

R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]

R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-05-01 865832]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-04-09 2482848]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-04-09 359952]

R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-05-13 144704]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-14 131139]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]

R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2006-03-01 869048]

R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-05-08 606736]

R3 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-05-08 893112]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]

S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]

S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-05-08 365072]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23 1010424]

S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Here is the Info.txt:

info.txt logfile of random's system information tool 1.06 2009-08-11 19:07:33

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

-->C:\Program Files\SBC LightSpeed Self Support Tool\CustomUninstall.exe SBC

-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}

-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}

-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}

-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}

-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

AIM 6-->C:\Program Files\AIM6\uninst.exe

AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe

AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe

Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"

AVS DVDMenu Editor 1.2.1.19-->"C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"

AVS Video Converter 5.6-->"C:\Program Files\AVS4YOU\AVSVideoConverter\unins000.exe"

BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{9B449C1A-4F64-4ED4-8C96-31B222E8377F}

BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{9B449C1A-4F64-4ED4-8C96-31B222E8377F}

BlackBerry v4.2.1 for the 8800 Series Wireless Handheld-->MsiExec.exe /X{596F2287-ACD9-4E5F-978C-43A00A7A98B8}

Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033

Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001AB29C-5468-4972-8D24-2EBDB2B12133}

Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}

Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{89EB3ED7-225A-412E-B048-623D502C000F}

Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68D27126-BF6A-457D-8DD0-5F35E8D41310}

Canon PhotoRecord-->MsiExec.exe /X{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}

Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001EB665-D9EC-415E-9E13-AD2125B2B992}

Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}

Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe

Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}

HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat

HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

ICQ 5.1-->C:\Program Files\ICQLite\ICQLiteUninstall.EXE

IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe

InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe

IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe

iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}

J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}

LimeWire PRO 4.10.9-->"C:\Program Files\LimeWire\uninstall.exe"

Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Malwarebytes' Anti-Malware-->"C:\Documents and Settings\user\Desktop\myshit\dann\unins000.exe"

McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF

Microsoft Outlook 2002-->MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}

Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Movavi Video Converter 5.5-->C:\Program Files\Movavi Video Converter 5.5\uninst.exe

Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Need for Speed

Link to post
Share on other sites

for now the computer seems to be working fine the way it was before. from what i have noticed, while i had the virus, many of the programs in my task manager was missing but now they are back. malwarebytes works now along with highjack this. THANK YOU SO MUCH FOR YOUR HELP you are a GENIOUS my friend. do you want me to run malware and hijack this and give you the logs or is everything ok now?

Link to post
Share on other sites

I am still getting pop ups from iexplore.exe even though it is not running. the virus is disguising itself under iexplre.exe and ycommon.exe. right now i am running malwarebytes so when that finishing running, i will send you the log. hopefully malware will find these viruses and remove them for me.

Link to post
Share on other sites

here is my logfile for hijackthis. malwarebytes is still in the process of running.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:41:06 PM, on 8/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.onerateld.com

O15 - Trusted Zone: *.safetydownload.com

O15 - Trusted Zone: *.trustedantivirus.com

O15 - Trusted Zone: *.virusschlacht.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: 6074df77654 - C:\WINDOWS\System32\dpv1132.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 10373 bytes

Link to post
Share on other sites

Here is my log file for malwarebytes. should i delete any of the programs you told me to download?

Malwarebytes' Anti-Malware 1.40

Database version: 2608

Windows 5.1.2600 Service Pack 3

8/11/2009 8:20:39 PM

mbam-log-2009-08-11 (20-20-27).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 200598

Time elapsed: 58 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 3

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 41

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\dpv1132.dll (Trojan.Tracur) -> No action taken.

C:\WINDOWS\system32\9.tmp (Trojan.Tracur) -> No action taken.

C:\Documents and Settings\user\Local Settings\temp\17.tmp (Trojan.Agent) -> No action taken.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\6074df77654 (Trojan.Tracur) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Tracur) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> No action taken.

Files Infected:

C:\WINDOWS\system32\dpv1132.dll (Trojan.Tracur) -> No action taken.

C:\WINDOWS\system32\9.tmp (Trojan.Tracur) -> No action taken.

C:\Documents and Settings\user\Local Settings\temp\17.tmp (Trojan.Agent) -> No action taken.

C:\Documents and Settings\user\Shared\blackberry 8310 unlock code including crack\CORE10k.exe (Trojan.Tracur) -> No action taken.

C:\Documents and Settings\user\Shared\blackberry 8310 unlock code including crack\CRACK_BY_CORE.exe (Trojan.Tracur) -> No action taken.

C:\Documents and Settings\user\Shared\blackberry 8310 unlock code including crack\setup.exe (Trojan.Tracur) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtxvbvtfhvw.dll.vir (Trojan.TDSS) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmyrgopyowf.dll.vir (Trojan.TDSS) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpktkipjeqy.dll.vir (Rogue.Agent) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwutuwylkmy.dll.vir (Trojan.TDSS) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0027212.dat.vir (Trojan.Downloader) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0062B4F.dat.vir (Trojan.Downloader) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0083900.dat.vir (Trojan.Downloader) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00899FC.dat.vir (Trojan.Downloader) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\__c008AAAC.dat.vir (Trojan.Downloader) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00BB40C.dat.vir (Trojan.Downloader) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00E8A84.dat.vir (Trojan.Downloader) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACbrovdhosdp.sys.vir (Trojan.TDSS) -> No action taken.

C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP1222\A0147608.sys (Trojan.TDSS) -> No action taken.

C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP1222\A0147609.dll (Trojan.TDSS) -> No action taken.

C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP1222\A0147610.dll (Rogue.Agent) -> No action taken.

C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP1222\A0147612.dll (Trojan.TDSS) -> No action taken.

C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP1222\A0147613.dll (Trojan.TDSS) -> No action taken.

C:\WINDOWS\system32\2A.tmp (Trojan.Tracur) -> No action taken.

C:\WINDOWS\system32\xa.tmp (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\SystemX86\245.crack.zip (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\245.crack.zip.kwd (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\246.keygen.zip (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\246.keygen.zip.kwd (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\247.serial.zip (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\247.serial.zip.kwd (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\248.setup.zip (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\248.setup.zip.kwd (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\249.music.au (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\249.music.au.kwd (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\250.music2.au (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\250.music2.au.kwd (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\251.music3.au (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\251.music3.au.kwd (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\252.music.snd (Worm.Archive) -> No action taken.

C:\WINDOWS\system32\SystemX86\252.music.snd.kwd (Worm.Archive) -> No action taken.

Link to post
Share on other sites

You are not out of the woods ! When MBAM has completed it's scan, go ahead and make a new reply with that log !

and then do the following things:

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not maryamian and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.onerateld.com

O15 - Trusted Zone: *.safetydownload.com

O15 - Trusted Zone: *.trustedantivirus.com

O15 - Trusted Zone: *.virusschlacht.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O20 - Winlogon Notify: 6074df77654 - C:\WINDOWS\System32\dpv1132.dll

Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

=

  • Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :filesc:\windows\System32\dpv1132.dllc:\windows\system32\*.tmpc:\windows\system32\GroupPolicy000.datc:\windows\system32\SystemX86C:\recyclerD:\recyclere:\recyclerf:\recyclerg:\recyclerh:\recycler:Commands[purity][emptytemp][reboot]


  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=

Download and save to your Dekstop: PrevX CSI: http://www.prevx.com/freescan.asp

Run Prevx CSI.

If it wants to reboot when finished, do so.

=

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.
    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.

How To Use Compressed (Zipped) Folders in Windows XP

Compress and uncompress files (zip files) in Vista

Reply with copy of OTL MovedFiles log,

the Sysclean log

and tell me, How is your system now ?

Link to post
Share on other sites

You did not tell MBAM to remove items it tagged as malware.

Please follow these directions very carefully.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

(Allow the restart if so prompted !)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Then post the new log when done and then (providing items are removed) you can proceed and do the items in my previous reply.

Link to post
Share on other sites

Prevx Scan Log - Version v3.0.1.65

Log Generated: 11/8/2009 20:58, Type: 0,1

Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033

Some non-malicious files are not included in this log.

Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)

Last Scan: Tue 2009-08-11 20:53:56 Pacific Daylight Time. Number of Scans: 1. Last Scan Duration: 5 minutes 16 seconds.

[bP] c:\program files\seabyrd technologies\video converter\bbvc_uninstaller.exe [PX5: 02116512ADF1406B33A00412954EA2007BCDFA49] Malware Group: Medium Risk Malware

[bP] c:\program files\seabyrd technologies\video converter\sd finder.exe [PX5: 02116512B4E9A0160872050A8C116D0013C7BD6D] Malware Group: Medium Risk Malware

[bP] c:\program files\avs4you\registration.exe [PX5: D90235D00047B029C22629BF64F76300F4340587] Malware Group: Medium Risk Malware

[bP] c:\program files\movavi video converter 5.5\videoconverter.exe [PX5: 3DAFE8A900C831E090585701FC745C0028E4DFF7] Malware Group: High Risk Worm

[uPN] c:\documents and settings\user\desktop\otl.exe [PX5: E6365D18004DE0B9D66B077DE882D400282A9B77]

[uP] c:\documents and settings\user\desktop\avast_pro_setup.exe [PX5: 9EC0905FC0604A4BB3FC0486A0278000140F4631]

c:\program files\malwarebytes' anti-malware\unins000.exe [PX5: 57C587C410E2A48B914D0AA72B9B40003AAAB309]

c:\program files\malwarebytes' anti-malware\ssubtmr6.dll [PX5: 98897C80105A5F79B5280051E4E68100822B1660]

c:\program files\aim6\services\compression\ver4_1_1_1\zipper.dll [PX5: 5AEA4EC1009069E558C801229FE68000839D4843]

c:\program files\aim6\services\htmlrenderer\ver3_1_3_1\htmlrenderer.dll [PX5: A2481D380065B0D1BA3501170A04D800BB040593]

c:\program files\aim6\services\imapp\ver6_9_15_1\aimbrowser.dll [PX5: 9843F4150050F0338656017636544A00B280452B]

c:\program files\aim6\services\imapp\ver6_9_15_1\isaim.dll [PX5: ED29747430E99C38F3F200D6D6F23400287E3033]

c:\program files\aim6\services\osinfo\ver2_1_1_1\aolidlemon.dll [PX5: F52944E100EE46CE2614000428C609006509BB3A]

c:\program files\aim6\aolsoftware.exe [PX5: 4C721B44306FA703A17B003B3C2E07005809D66F]

c:\program files\aim6\uninst.exe [PX5: 9D2AF9B3F80F6DF3F04E014210826D00BC28D582]

c:\program files\aim6\services\notification\ver7_1_1_1\notify.dll [PX5: CD520A6600057D87FED101F4990DAD00DD556689]

c:\program files\aim6\services\preferences\ver6_1_1_1\preferences.dll [PX5: 87AFDA1D00DA53427260018924EDB2005E4B6840]

c:\program files\aim6\services\osinfo\ver2_1_1_1\osinfo.dll [PX5: 0E85FDD500AFA258802B02324E371500BC85F66A]

c:\program files\aim6\services\http\ver3_1_10_1\http.dll [PX5: 0F42B26700F9111B68910122AC777A0060FEC075]

c:\program files\aim6\xprt6.dll [PX5: 83E3A38C00A8B70ACADA03C200EAE400906D11D3]

c:\program files\coolsoft\vasa video converter v5.0\vasavideoconverter.exe [PX5: FD3265E000A79AD940860424B88F72000E4A1C6A]

c:\program files\aim6\image.dll [PX5: 83384CC1004458D4C853042188121A00C7866A00]

c:\program files\aim6\services\localstorage\ver8_1_1_1\clssvc.dll [PX5: C82439CD00CBC665D88504B873FE74009F3E7774]

c:\program files\divx\divxwebplayeruninstall.exe [PX5: 6F68B2ECB05BE6A0A2940785E64EAB00588B028B]

c:\program files\aim6\services\sync\ver5_1_1_1\sync.dll [PX5: 1BB63B73002E956ACAC404CBB65E9A000ED12D5B]

c:\program files\aim6\services\addressbook\ver1_12_1_1\absvc.dll [PX5: 5E2F29820068632548160560B29CF50008F3579D]

c:\program files\aim6\services\bfts\ver3_1_1_1\bfts.dll [PX5: 8C4ABD6D00C2EE63E245025327B50D004CDE4BBD]

c:\program files\aim6\aolsvcmgr.dll [PX5: 180307C40033CA4BD2BC08B7FA9451009066381D]

c:\program files\aim6\services\softwareupdate\ver2_14_16_3\stic.dll [PX5: 89953EB500C6F9B1205809590771F700ABD2DC10]

c:\program files\microsoft office\office\powerpnt.exe [PX5: 5BC47B2510A90FCB491C35137C1D03000B253A44]

c:\program files\microsoft office\office\excel.exe [PX5: 90026B7F10E4BB9F71B955D1DE8EC6006AC516CB]

c:\program files\aim6\acccore.dll [PX5: 219EA9C6005D8A618EFA0B1A6965E300D964DFAB]

c:\program files\aim6\coolcore57.dll [PX5: 5D0E9E8C0044AE5A5CE21186FCA64400CC2146C8]

c:\program files\veoh networks\veoh video compass\searchrecsplugin.dll [PX5: 44614563F8C6EBD72A5F06F42EACEC00D9470592]

c:\program files\aim6\services\imapp\ver6_9_15_1\imappservice.dll [PX5: 1D6F38D8002DE8EA28D3372390F6EE00A97A15A9]

c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe [PX5: FFCAD143F8FFA3574A6A36239313C300C6500B4A]

[uP] c:\windows\pev.exe [PX5: 9E58577300E2CE714CD603E556919C00E82AA77C]

c:\program files\malwarebytes' anti-malware\vbalsgrid6.ocx [PX5: 928AD74810B32EA3952A072600C60C009BD30A2A]

[G] (ACTIVE) c:\program files\mozilla firefox\js3250.dll [PX5: 2F8C1524F81FAD5AB1C40A7C6117CD00B9B182DF]

[G] (ACTIVE) c:\program files\mozilla firefox\ssl3.dll [PX5: 0A70A7D7F884DA43152402424201E4004B91715B]

[G] (ACTIVE) c:\program files\mozilla firefox\softokn3.dll [PX5: CCCDFA4500FE9B93607A02228B24730060AFDF0E]

[G] (ACTIVE) c:\program files\mozilla firefox\nssutil3.dll [PX5: 7FCC206DF85FE34E5596016A522A8900591F3428]

[G] (ACTIVE) c:\program files\mozilla firefox\nssdbm3.dll [PX5: EECD9263F82971C495D60181C65F11000E9D29FE]

[G] (ACTIVE) c:\program files\mozilla firefox\nss3.dll [PX5: 6B3B93C6F86EA480A576096AF09C26002C9C7C28]

[G] (ACTIVE) c:\program files\mozilla firefox\freebl3.dll [PX5: 87E49BD000F93D18D0E8038C441ED9006AD7FADE]

[G] (ACTIVE) c:\program files\mozilla firefox\xul.dll [PX5: E198DC7EF8C1FB2EBD2994846E9777009F795536]

[G] (ACTIVE) c:\program files\mozilla firefox\nspr4.dll [PX5: DBDBEEA8F8B81B3C05FB03D85761F5006ACCA03A]

[G] (ACTIVE) c:\windows\system32\ntlsapi.dll [PX5: E94C126B006C52E520B8003B3C2E0700D3595FCB]

[G] (ACTIVE) c:\program files\mozilla firefox\components\browserdirprovider.dll [PX5: 4CA52185F8ED930E592E007E1958B700C45BF09D]

[G] (ACTIVE) c:\program files\mozilla firefox\components\brwsrcmp.dll [PX5: 7B8BD5B6F8BE82A90D13027F812F8200B790A199]

[G] (ACTIVE) c:\program files\mozilla firefox\plc4.dll [PX5: 03C54E79F89501F44F4700A3EF63E5002701F8BB]

[G] (ACTIVE) c:\program files\mozilla firefox\plds4.dll [PX5: 506855D6F89590BB431100FD8AD9860028813A3E]

[G] (ACTIVE) c:\program files\mcafee\virusscan\1033\vscobres.dll [PX5: 74FE183110ED3B732C39008F67756A00F465D7CB]

[G] (ACTIVE) c:\windows\system32\rsaenh.dll [PX5: 47100BA200180DA62E1F0385EB4B3E0076D11132]

[G] (ACTIVE) c:\program files\mozilla firefox\xpcom.dll [PX5: C873BC0DF8F4D88B45A6003AE2DAF9005F57E7B0]

[G] (ACTIVE) c:\windows\system32\iertutil.dll [PX5: 0A5246410061B91F1684049BF2D840000BB02909]

[G] (ACTIVE) c:\windows\system32\wininet.dll [PX5: CE4A527000E60CFA9C170CEF2F1462001AD5E095]

[G] (ACTIVE) c:\windows\system32\wmi.dll [PX5: AB9E5BB400093C6E16D600F942A73D00BF48C748]

[G] (ACTIVE) c:\windows\system32\nddeapi.dll [PX5: 1F889ACE00FDB4F1464D00C8C0361800BA0B183D]

[G] (ACTIVE) c:\windows\system32\msimg32.dll [PX5: 7936975300B67C53127B00CC1C82B700B87DA746]

[G] (ACTIVE) c:\windows\system32\msidle.dll [PX5: CD94EA0F00806EB01A5E00B55B042C009D2639B2]

[G] (ACTIVE) c:\windows\system32\csrss.exe [PX5: B4E7351200C6D8C218E800665DD0AE001975146F]

[G] (ACTIVE) c:\windows\system32\lz32.dll [PX5: 93670382006E627E0AA70031FB056300B79BCD14]

[G] (ACTIVE) c:\windows\system32\icaapi.dll [PX5: 1377036700F33C1F2CA9008DAB5E160066A70D7F]

[G] (ACTIVE) c:\windows\system32\sfc.dll [PX5: 9285BE2900B7F5311459004526F09B00691446CB]

[G] (ACTIVE) c:\windows\system32\rasadhlp.dll [PX5: F1677B420035502F1E80003B3C2E0700C67CDEEC]

[G] (ACTIVE) c:\windows\system32\version.dll [PX5: 2B3AB81700228B634AAF00E471314F00A12E463A]

[G] (ACTIVE) c:\windows\system32\dot3dlg.dll [PX5: 19C48D3D00EA4C57243000DE440E5B0082F3E0CE]

[G] (ACTIVE) c:\windows\system32\sensapi.dll [PX5: A280DCE6008648A41C56005F0987030072A5722E]

[G] (ACTIVE) c:\windows\system32\ncobjapi.dll [PX5: 7640139B002380818EC8000E5676E10095BE0EDC]

[G] (ACTIVE) c:\windows\system32\smss.exe [PX5: 33A0AB030064EFA6C69B00AD18ED030054CE3826]

[G] (ACTIVE) c:\windows\system32\linkinfo.dll [PX5: 9CCAFD8B005FA0244E9300D512676900AD9C6499]

[G] (ACTIVE) c:\windows\system32\pjlmon.dll [PX5: E895C65E004DC4E63C0D006993AF9900188921D5]

[G] (ACTIVE) c:\windows\system32\powrprof.dll [PX5: 9669CD6C0025AF4D446300FD98850E00C88125E5]

[G] (ACTIVE) c:\windows\system32\netrap.dll [PX5: 3FB35879001E3A272E4A00D57DDC3B0040450EC8]

[G] (ACTIVE) c:\windows\system32\csrsrv.dll [PX5: 1323B5FE00AD22857E9100EE191F3F00678CCCC3]

[G] (ACTIVE) c:\windows\system32\dot3api.dll [PX5: 7322E26700CA9A7666B30041C98D4200B6F179C9]

[G] (ACTIVE) c:\windows\system32\normaliz.dll [PX5: E3FC1A7000BA1C775C420052AC60C600F74EBAFC]

[G] (ACTIVE) c:\windows\system32\msacm32.drv [PX5: 0A0C500500C4AB055058007FB94555005B041DD7]

[G] (ACTIVE) c:\windows\system32\mgmtapi.dll [PX5: FA5916D1006439163AED00A665C11400A282C57D]

[G] (ACTIVE) c:\windows\system32\profmap.dll [PX5: 8DA95D26004F34626CB90056026C360040388648]

[G] (ACTIVE) c:\windows\system32\wdmaud.drv [PX5: 53B9674D00E00AB25C2E00EE5C271D00F0BBC4E1]

[G] (ACTIVE) c:\windows\system32\midimap.dll [PX5: FC9F81460008E4CA4A4F00CEA87CE90019904742]

[G] (ACTIVE) c:\windows\system32\winrnr.dll [PX5: 35A5FD3400F7119E42F2002D05D06500AAF4825B]

[G] (ACTIVE) c:\windows\system32\cryptdll.dll [PX5: F7FBE72E008D42C3823B00473FC2D70080D5C759]

[G] (ACTIVE) c:\windows\system32\msdmo.dll [PX5: 2D62F1D800E7C90538CA00576A37520084135DD0]

[G] (ACTIVE) c:\windows\system32\wtsapi32.dll [PX5: 0C5CF72C00D5C1E74887004CE4E82E0016E7B472]

[G] (ACTIVE) c:\windows\ehome\ehtrace.dll [PX5: 966589BF002C17602E35003B796DBA005CC8A4D4]

[G] (ACTIVE) c:\windows\system32\ws2help.dll [PX5: 44EDFBA3006D72BC4E23001F9EE8E1002956FA49]

[G] (ACTIVE) c:\windows\system32\psapi.dll [PX5: 1649B70C004458CC5A7000857EF83A00C6E43596]

[G] (ACTIVE) c:\windows\system32\imagehlp.dll [PX5: 644C11D300AAA0373406022D62D77000BFA64399]

[G] (ACTIVE) c:\windows\system32\lpk.dll [PX5: 072C9387008AE8E956740015327150004F788390]

[G] (ACTIVE) c:\windows\system32\usbmon.dll [PX5: 6E436BC30057E17A42BE00DDE9919000CEA0FA84]

[G] (ACTIVE) c:\windows\system32\eappprxy.dll [PX5: 42C0A48600A0143FA0B8008B339D67001A5CC348]

[G] (ACTIVE) c:\windows\system32\imm32.dll [PX5: 17B0B838000EEB5CAEB601E0A6755C00267C07A3]

[G] (ACTIVE) c:\windows\system32\wsock32.dll [PX5: 78B41EAA007169C958BA00EE43B42D00EA47D3DB]

[G] (ACTIVE) c:\windows\system32\odbcint.dll [PX5: 617A1828003E9ABB70E501C15CEA1600DC317E51]

[G] (ACTIVE) c:\windows\apppatch\acadproc.dll [PX5: 6D9EEAA2006BDDB69ABC00C90F1324000FA995A8]

[G] (ACTIVE) c:\windows\system32\rasman.dll [PX5: 8D664DFC009B896EF0DC00924F4584008B40D1EA]

[G] (ACTIVE) c:\windows\system32\eventlog.dll [PX5: A5A8F21C00F0F057DC940002CD277900CD5740D6]

[G] (ACTIVE) c:\windows\system32\wldap32.dll [PX5: E92F0F5D003C9B62A08D0226C715E0006614504A]

[G] (ACTIVE) c:\program files\mcafee\siteadvisor\sahook.dll [PX5: 8DE85FB6100CE2BC36940055D102EA007FAB3965]

[G] (ACTIVE) c:\windows\system32\ipconf.tsp [PX5: 9B300F8900FFAA6244E600B9204CC700E80BC907]

[G] (ACTIVE) c:\windows\system32\samlib.dll [PX5: 9C1CF90F00588916FA930022FC33800072D652F6]

[G] (ACTIVE) c:\windows\system32\msacm32.dll [PX5: 87FEA7590077112018D0018EF5F1B800B276D5CF]

[G] (ACTIVE) c:\windows\system32\basesrv.dll [PX5: 2CCD9FEA004A46C5CEA900EC02AA35007486F19E]

[G] (ACTIVE) c:\windows\system32\rtutils.dll [PX5: 008AAE06003EF165ACFF003CE3C8FC00536BF026]

[G] (ACTIVE) c:\windows\system32\msasn1.dll [PX5: 3C2F4D7B006DCF40E05B00B5DF44490036D1D805]

[G] (ACTIVE) c:\windows\system32\authz.dll [PX5: 8CDA23570030FC32F4AC0081A658E900C21FE849]

[G] (ACTIVE) c:\windows\system32\ntdsapi.dll [PX5: 891FACAC009EE2EA0630018A299F19001F34C040]

[G] (ACTIVE) c:\windows\system32\cfgmgr32.dll [PX5: A2A1178400414DC342DE0050939AA300D9C5C9B1]

[G] (ACTIVE) c:\windows\system32\uniplat.dll [PX5: E6B6557600025D9136BC002562779F0066CA2BB7]

[G] (ACTIVE) c:\windows\system32\msprivs.dll [PX5: 10CAD90A00073085BC3600D4B298BF0006BB0264]

[G] (ACTIVE) c:\windows\system32\shfolder.dll [PX5: 165E12EC008B0A27624000373F970B00A89ADFDD]

[G] (ACTIVE) c:\windows\system32\fxsmon.dll [PX5: 4F5EAD0700EBD6015CEE00B188340500B578D018]

[G] (ACTIVE) c:\windows\system32\ws2_32.dll [PX5: BF73F5650083E24D42E501BC97875F00BAB7518E]

[G] (ACTIVE) c:\windows\system32\regapi.dll [PX5: DDC2012900E4A3ABC2F9004C2BFF28003994A545]

[G] (ACTIVE) c:\windows\system32\mpr.dll [PX5: 78EE1189004B3C31EAD0007F26A69F002230F807]

[G] (ACTIVE) c:\windows\system32\shimeng.dll [PX5: E6FD0BE50018B651FE5F004505CE8A00106D091D]

[G] (ACTIVE) c:\windows\system32\hid.dll [PX5: 719A477A007AC63652A600216DCC8700D238C655]

[G] (ACTIVE) c:\windows\system32\wdigest.dll [PX5: BFAF2ADA00595713C0E50063E912B4006485D7D5]

[G] (ACTIVE) c:\windows\system32\snmpapi.dll [PX5: 2499C5E800BA58274A0B0035941AE20065B5D6E7]

[G] (ACTIVE) c:\windows\system32\apphelp.dll [PX5: 2345C476004DED8CEC91015CCE991500270F7866]

[G] (ACTIVE) c:\windows\system32\winsta.dll [PX5: 67E2CDE0000B4FE0D27A00A2C01AC8008298ADA8]

[G] (ACTIVE) c:\windows\system32\winipsec.dll [PX5: A7480DD800FA4B3B7E990047A702A400CAB9AA7B]

[G] (ACTIVE) c:\windows\system32\batmeter.dll [PX5: 6C7D745F0073ED4972A600EE3311DE007F7013A8]

[G] (ACTIVE) c:\windows\system32\comdlg32.dll [PX5: 079F762300203CBA3A7004F64B0EED00195BCD74]

[G] (ACTIVE) c:\windows\system32\secur32.dll [PX5: 6516C22700ADC6EDDEED00A41A9DEC0070E6DE41]

[G] (ACTIVE) c:\windows\system32\sfc_os.dll [PX5: 488FA7A000B052FC24AA022F015E2200B67E7BD2]

[G] (ACTIVE) c:\windows\system32\winsrv.dll [PX5: 28B9CD02007540A07ACD04E0F391B40017AB20E4]

[G] (ACTIVE) c:\windows\system32\user32.dll [PX5: 083DA59600CA3828D49208485E7D7A00EDE72044]

[G] (ACTIVE) c:\windows\system32\msctfime.ime [PX5: E6BF2D0A00836C5FB4DF0239B19F4F00DDAD7FE0]

[G] (ACTIVE) c:\program files\mcafee\virusscan\1033\esplgres.dll [PX5: 14F87178105D25033EB3009B6073C400455B4B30]

[G] (ACTIVE) c:\windows\system32\wintrust.dll [PX5: 210B888E00EFA348B23C023EB915930042A02D1C]

[G] (ACTIVE) c:\windows\system32\iphlpapi.dll [PX5: 1F0BA6E600DB457772C6018676EAF0001523276F]

[G] (ACTIVE) c:\windows\system32\odbc32.dll [PX5: 47D3E10900BE753CD06C03BF86F9EE0027AB06A6]

[G] (ACTIVE) c:\windows\system32\cryptui.dll [PX5: 997BF201004C8F65D2C607F50DB55E005C5EEDF6]

[G] (ACTIVE) c:\windows\system32\cnbjmon.dll [PX5: 5E5C3D8D00970E77B83E00A93E8C1500DD7C5B87]

[G] (ACTIVE) c:\windows\system32\schannel.dll [PX5: C3CEE21900631D57369002FAC3C08D00F389A741]

[G] (ACTIVE) c:\windows\system32\wsnmp32.dll [PX5: 2E57D04E00F0FB19A44A001F02B24500386041EC]

[G] (ACTIVE) c:\windows\system32\kmddsp.tsp [PX5: 76B73C01002B5E47827E002FD5F94400F0CCD23A]

[G] (ACTIVE) c:\windows\system32\mspatcha.dll [PX5: 88299E89007F579A74DF005613930A004DC4A0F4]

[GP] (ACTIVE) c:\windows\system32\shlwapi.dll [PX5: FF089D24007AF8693C7A07111CD799009A369BD5]

[G] (ACTIVE) c:\windows\system32\msv1_0.dll [PX5: 4ECE25A7003C4DB606FD02E5BC440A00456DC60A]

[G] (ACTIVE) c:\windows\system32\ntmarta.dll [PX5: 5164AB0B00C5C8E8D017010B1AF3730057BA199E]

[G] (ACTIVE) c:\windows\system32\umpnpmgr.dll [PX5: 921D3CA30081FB7BE213017131F60A0036E2766F]

[G] (ACTIVE) c:\windows\system32\gdi32.dll [PX5: C6E052840056C091602B041594E09600E270F7EE]

[G] (ACTIVE) c:\windows\system32\hpzll054.dll [PX5: C24C4427004612FBBCE9007A03C2DD00159E32CE]

[G] (ACTIVE) c:\windows\system32\winmm.dll [PX5: 7711891700D1E137B05D0251B7723200CF875BAF]

[G] (ACTIVE) c:\windows\system32\netapi32.dll [PX5: 7462A9A4006191F4267805A32CF9030033B5E5E4]

[G] (ACTIVE) c:\windows\system32\usp10.dll [PX5: 6F63F249001BEF843217069E761587001C6AFE14]

[G] (ACTIVE) c:\windows\system32\comctl32.dll [PX5: 42924BDF0031D0D66C9109620812280022B97561]

[G] (ACTIVE) c:\windows\system32\msvcrt.dll [PX5: 0E02682700F2B5393C40053E754F9C0067E6BFFA]

[G] (ACTIVE) c:\windows\system32\uxtheme.dll [PX5: 98E86A6600484E9056CE030D3745ED002AD188ED]

[G] (ACTIVE) c:\windows\system32\hidphone.tsp [PX5: D33AF4B000A508A5743B0021F0E45E00053AFD5B]

[G] (ACTIVE) c:\windows\system32\cabinet.dll [PX5: 5373CB4000D95514ECB900DF7CCBA30003CA272F]

[G] (ACTIVE) c:\windows\system32\ssdpapi.dll [PX5: F2D6764000C1749D88B800335BE70A009FEC7F6E]

[G] (ACTIVE) c:\windows\system32\pstorsvc.dll [PX5: 312171EF00638D4D861A00929045E30032C004C9]

[G] (ACTIVE) c:\windows\system32\winscard.dll [PX5: CFCED1C2006C53F18428018F23FF5C006DEDACF6]

[G] (ACTIVE) c:\windows\system32\dnsapi.dll [PX5: AAB816C7003A92D74260022E29C3560009ED9F00]

[G] (ACTIVE) c:\windows\system32\tcpmon.dll [PX5: 91A6811F0001B79FB2A100B552D5300050AC7B1C]

[G] (ACTIVE) c:\windows\system32\mprapi.dll [PX5: F4A20A9A007FE40754A301CEF32463001343BBCB]

[G] (ACTIVE) c:\windows\system32\wzcsapi.dll [PX5: F56B769000DCF7FECE510026781581007EB40694]

[G] (ACTIVE) c:\windows\system32\netlogon.dll [PX5: 13AF74A80003231C363A06158CAD1E0090DC0800]

[G] (ACTIVE) c:\windows\system32\eappcfg.dll [PX5: 54892FCE000A6984F079014F92793C001507210A]

[G] (ACTIVE) c:\windows\system32\wuauclt.exe [PX5: 84E432BC180DA03EC8AE001EFB581900EB96F5B8]

[G] (ACTIVE) c:\windows\system32\adsldpc.dll [PX5: A9ACA9570058C222305C0252D2DAE2001D0B4E68]

[G] (ACTIVE) c:\windows\system32\scesrv.dll [PX5: A1150DAC00354295CEEB046249624900F4DFB11C]

[G] (ACTIVE) c:\windows\system32\ndptsp.tsp [PX5: 3AC2EF3C00CF81F2DE3300525E11A500C51D7406]

[G] (ACTIVE) c:\windows\system32\setupapi.dll [PX5: 6E709DCD00EA594108E00F17F5EDD700E9776A0A]

[G] (ACTIVE) c:\windows\system32\mstlsapi.dll [PX5: C312D12500688D74C69101D9BEB3C70090E3736F]

[G] (ACTIVE) c:\windows\system32\spoolss.dll [PX5: 432879260090B7932633016C8D8F91000134FAC5]

[G] (ACTIVE) c:\windows\system32\msvcp60.dll [PX5: 6D4034BC004D251950C90628350BD700E2A3D8E6]

[G] (ACTIVE) c:\program files\mcafee\virusscan\lockdown.dll [PX5: 3DCFA71B404A5C7D612E008FA6D80400FE4DEA70]

[G] (ACTIVE) c:\windows\system32\faultrep.dll [PX5: 1323660700F761883A750104BD2955004B210B39]

[G] (ACTIVE) c:\windows\system32\samsrv.dll [PX5: 8866413D0091FC7458A606C8DAAABB00286B4E9F]

[G] (ACTIVE) c:\windows\system32\winlogon.exe [PX5: 65AC26F6009EAAB8C01307D21BFA850005C731B9]

[G] (ACTIVE) c:\windows\system32\fxsevent.dll [PX5: 2D1306DE003EBC66D8B100C14BD5DE008D5C7B43]

[G] (ACTIVE) c:\windows\system32\kerberos.dll [PX5: CA8A0C320080D5F99268045016144700460C98AB]

[G] (ACTIVE) c:\windows\system32\cnbjmon2.dll [PX5: 3A7F1EED00B512153621015C7F6E220095378DB5]

[G] (ACTIVE) c:\windows\system32\clusapi.dll [PX5: 1128ADB700BF51BAE46A00703E384E00561FED2D]

[G] (ACTIVE) c:\program files\mcafee\virusscan\res00\mcshield.dll [PX5: F543CB9F4075A4825F3200E908134C001C388BD8]

[G] (ACTIVE) c:\windows\system32\sxs.dll [PX5: 50AB6DF50017FAE1E2E40A177C972F009DD89314]

[G] (ACTIVE) c:\windows\system32\tapi32.dll [PX5: D2BF1D0C009262E8C6D9028DDB1C650047862C81]

[G] (ACTIVE) c:\windows\system32\onex.dll [PX5: 5AFACAD200BF41FB34CB02CC0942180089FBDE01]

[G] (ACTIVE) c:\windows\system32\resutils.dll [PX5: 46543F1C00FF3F35E6E8009E05882600FC91AFBF]

[G] (ACTIVE) c:\windows\system32\inetpp.dll [PX5: 5F1467940072FFD8265C01DD774B6F00B4C3087B]

[G] (ACTIVE) c:\windows\system32\hptcpmib.dll [PX5: FABC547C00CDCA7A90FE012000F777004AE7D6F2]

[G] (ACTIVE) c:\windows\system32\psbase.dll [PX5: 0D18F97100F22AEC7AA1014CA775E400DB4ABD6A]

[G] (ACTIVE) c:\windows\system32\ntdll.dll [PX5: BFF0A5040004C56CE81D0A27D3450300FB95E5BB]

[G] (ACTIVE) c:\program files\mcafee\virusscan\mfehida.dll [PX5: 885DB626406CEE61495200E7C2741E0034560005]

[G] (ACTIVE) c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [PX5: DF4164EC0065A0631618103EA2670100E1A772AD]

[G] (ACTIVE) c:\windows\system32\rasapi32.dll [PX5: 4E2039BD006AD00B9E3003FB8628D900DE5D9DE9]

[G] (ACTIVE) c:\windows\system32\mscms.dll [PX5: 8AB6A2A40028E8F6225F0154EEAF9000B3FC8030]

[G] (ACTIVE) c:\windows\system32\riched20.dll [PX5: 7BD357FB00BF177A9EE0061494AB16002FBE633E]

[G] (ACTIVE) c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll [PX5: 33017B51004F2A57228901FA8D50140014152227]

[G] (ACTIVE) c:\windows\system32\msgina.dll [PX5: 546E05D100C223D438C70F85419DF800BF79C294]

[G] (ACTIVE) c:\program files\mcafee\siteadvisor\mcfrmwk.dll [PX5: F5137A6E10D3E6D718400178616F1900703730E6]

[G] (ACTIVE) c:\windows\system32\win32spl.dll [PX5: 40F9ACC500D7A9429036016B941F080016DF48CB]

[G] (ACTIVE) c:\windows\system32\unimdmat.dll [PX5: BFF755E500EF2033227A01D6D2A0D40067D2FDCF]

[G] (ACTIVE) c:\program files\mcafee\virusscan\ftl.dll [PX5: 53A5731D4006CD5B9F8E00E3B1C02F001B735D1A]

[G] (ACTIVE) c:\windows\system32\hpzjrd01.dll [PX5: F739C899006B2CD520BF0287321092009C2DDE99]

[G] (ACTIVE) c:\windows\system32\mtxclu.dll [PX5: C6F8F7E30048B22E046E01D1E5E7A6007E308EEC]

[G] (ACTIVE) c:\program files\mcafee\msc\1033\mclocres.dll [PX5: F38FCDDC984B469AFBCA00F554B03700AF0BAD95]

[G] (ACTIVE) c:\windows\system32\hptcpmon.dll [PX5: A070A0DD0087C241605702D031C10A0066B62915]

[G] (ACTIVE) c:\windows\apppatch\acgenral.dll [PX5: 8295E35200ADB32B46FF1C01C3955A00FA8A3436]

[G] (ACTIVE) c:\windows\system32\comres.dll [PX5: 6E4AE11200670C76165D0C7CE8FD780090DCA30A]

[G] (ACTIVE) c:\windows\system32\wbem\wbemcomn.dll [PX5: 41E5ACAE00006F34465003A6F1AEDB009EB17686]

[G] (ACTIVE) c:\windows\system32\drprov.dll [PX5: 9B0C675A00AB92BA389C004B1301B0005B106E54]

[G] (ACTIVE) c:\windows\system32\lsasrv.dll [PX5: A15C11B80014E77B20A00B4C549A00009F445C59]

[G] (ACTIVE) c:\program files\mcafee\siteadvisor\apengine.dll [PX5: 2456F05210A587A5CA0901BC36D23B006BF89DE7]

[G] (ACTIVE) c:\windows\system32\kernel32.dll [PX5: 42F001390017180D1A8B0FA067FDD9005283DD8F]

[G] (ACTIVE) c:\windows\system32\dssenh.dll [PX5: 852136D500ADC2641E2C02C25D98CE00E20035FE]

[G] (ACTIVE) c:\program files\mcafee\virusscan\mfesmfa.dll [PX5: 76F251EC4027626A4338005DBD758A004692D892]

[G] (ACTIVE) c:\windows\system32\xpsp2res.dll [PX5: 66C3AF8100DC548438832C4BE2FCEB004115A816]

[G] (ACTIVE) c:\windows\system32\unimdm.tsp [PX5: 17C5A25F00F7BC682870039282340C00382EC701]

[G] (ACTIVE) c:\program files\mcafee\virusscan\mytilus3.dll [PX5: 91873E7140343D8205500109F6774100924165B5]

[G] (ACTIVE) c:\windows\system32\ntlanman.dll [PX5: 8B6B34E000D098FAAC53008EEB9785008022393A]

[G] (ACTIVE) c:\windows\system32\modemui.dll [PX5: A18DE3B400B0456B588C02D015D10300BDE0F871]

[G] (ACTIVE) c:\windows\system32\hptcpmui.dll [PX5: 35010B9D007A5B0B908E03231A9FBC0001422426]

[G] (ACTIVE) c:\windows\system32\esent.dll [PX5: 132034B40018AF1D841110D2E2E01D00C42F068A]

[G] (ACTIVE) c:\program files\mcafee\siteadvisor\cntscan.dll [PX5: C63A543B10339C8C2A6203D44A2D98001C9A1036]

[G] (ACTIVE) c:\program files\mcafee\msc\mcres.dll [PX5: E6D32CA388C1B0277E5901F814D0BD0076336D3C]

[G] (ACTIVE) c:\program files\mcafee\virusscan\mfebopa.dll [PX5: 5A26E64B40A63A06E5BA006E2633CA00E52322B6]

[G] (ACTIVE) c:\windows\system32\ipsecsvc.dll [PX5: 0313FB940089A677CE1702A52C835000A0C53FDE]

[G] (ACTIVE) c:\program files\viewpoint\viewpoint manager\viewmgr.exe [PX5: 1B9F87F0D07EEF30B691016AADD4F1006809A45B]

[G] (ACTIVE) c:\program files\mcafee\siteadvisor\saset.dll [PX5: 36CEA18610191A08BE9204E819944300CEDFC4BC]

[G] (ACTIVE) c:\windows\system32\oakley.dll [PX5: 58778CA400660B082003048E0F4DD200D44BEEFB]

[G] (ACTIVE) c:\windows\system32\h323.tsp [PX5: 911697ED005613530E940424D8467B0074B2BC02]

[G] (ACTIVE) c:\program files\viewpoint\viewpoint manager\viewmgrcore.dll [PX5: 54EB9D7AD028D164364D06E4D3C767000302613C]

[G] (ACTIVE) c:\program files\mcafee\virusscan\mfeavfa.dll [PX5: F8D3E7CD407BDA17E56900FD7FC72E00551B8FEA]

[G] (ACTIVE) c:\program files\mcafee\virusscan\mytilus3_server.dll [PX5: A7CBC20040E1B3E285AB01CE6D53B20017699F13]

[G] (ACTIVE) c:\windows\system32\rastapi.dll [PX5: 90C89BF2005A7060E41900BE4D5BC400BF7D06FD]

[G] (ACTIVE) c:\program files\mcafee\siteadvisor\components\mcffplg.dll [PX5: 52E827C71004689D2EE8015C19238100479CB735]

[G] (ACTIVE) c:\windows\system32\fxsapi.dll [PX5: 8A22D5CA00AF5E05E4330686EA231C0074C91EEA]

[G] (ACTIVE) c:\windows\system32\vssapi.dll [PX5: 75531871008C21C9922C066BE643B9008C81E820]

[G] (ACTIVE) c:\windows\system32\netui0.dll [PX5: 5B901A6D009B39813C2B0174887590001B6940C6]

[G] (ACTIVE) c:\program files\mcafee\siteadvisor\mcbrwctl.dll [PX5: B5B2B1DB10A90C5EDE66038FE20F160058D35CE0]

[G] (ACTIVE) c:\windows\system32\localspl.dll [PX5: 440975410070B4E446F005BA48BDA9006894B82B]

[G] (ACTIVE) c:\program files\common files\mcafee\msc\mcutil\9,11,100,0\mcutil.dll [PX5: D0624B5440615BB24B8D0341BBD30800BA63B75D]

[G] (ACTIVE) c:\program files\common files\mcafee\msc\sqlite3.dll [PX5: 341AE3A6D82819F2412306B7B842760088601606]

[G] (ACTIVE) c:\program files\mcafee\siteadvisor\sacore.dll [PX5: C052889010C6F1BEF41509739CD953000D795413]

[G] (ACTIVE) c:\program files\common files\mcafee\msc\misplf.dll [PX5: 8DED823170260A168FF903B88EA796001722F795]

[G] (ACTIVE) c:\program files\mcafee\virusscan\naiann.dll [PX5: 3F6D5EAA10249552C2F80477A2EFE100732E9C5C]

[G] (ACTIVE) c:\program files\mcafee\virusscan\mytilus3_worker.dll [PX5: 3C624E0F40FCE5ABE5B8038EE732E000FC826B98]

[G] (ACTIVE) c:\program files\mcafee\mpf\1033\l10n.dll [PX5: 172DAD7528C6F1915F94033B9841A600B3B1315C]

[G] (ACTIVE) c:\program files\mcafee\msc\oem\679\mccobres.dll [PX5: F4FE97F2401EDC72F5000FCCB18B6C0032C79745]

[G] (ACTIVE) c:\program files\mcafee\msc\mcaltlib.dll [PX5: D7823DADC85F8B72FD0108C8FA0CA100AE255E90]

[G] (ACTIVE) c:\program files\mcafee\virusscan\engine\5301.4018\mc5300up.001 [PX5: 5C50D1CA956C6BC7C0560BED0D320D00CE30EF05]

[G] (ACTIVE) c:\windows\system32\netui1.dll [PX5: D526E081009DAFF6C09A0359E24F19007CE88265]

[G] (ACTIVE) c:\windows\system32\dbghelp.dll [PX5: 9DBDF8E600811E7DC46609F4E5DD6200BA037578]

[G] (ACTIVE) c:\windows\system32\fxsst.dll [PX5: A322214000D13C5394EB08454DA08A00F3A986D7]

[G] (ACTIVE) c:\program files\mozilla firefox\sqlite3.dll [PX5: 36F69B11F877F7A5C3ED06A8E9153200CAD25E85]

[G] (ACTIVE) c:\windows\system32\rasdlg.dll [PX5: F93B2BCE00049C010CB70AD823CB9700B6A9FB8E]

[G] (ACTIVE) c:\program files\mcafee\msc\mcprohlp.dll [PX5: 88E7B1E500FBD479B21C03312C67F6009621F759]

[G] (ACTIVE) c:\windows\system32\wuaueng.dll [PX5: 96A8FDF31820FD8A9E1D1B88260572006ACE6A58]

[G] (ACTIVE) c:\program files\mozilla firefox\smime3.dll [PX5: 62C2F9C7F81243EA95B3014D3E4A9D000A62BFD4]

[G] (ACTIVE) c:\program files\mozilla firefox\nssckbi.dll [PX5: 1ECCD08BF8FA4CF2D5AA046588B56900FFE5CA16]

[G] (ACTIVE) c:\program files\mcafee\virusscan\engine\5301.4018\mcscan32.dll [PX5: A681E398A607FBEE303A2F7A29498D000CE23A46]

[G] (ACTIVE) c:\program files\mcafee\msc\mccobres.dll [PX5: A318EBF2001E5A3E024F10FA97FBB60038BA7A20]

[G] (ACTIVE) c:\program files\mozilla firefox\mozcrt19.dll [PX5: 7FE9272DF8C862D3D5D40A7D01277700AE2CB7EC]

[G] (ACTIVE) c:\windows\system32\advpack.dll [PX5: 9CD77958005FA759E8DD017794AFFB00B4D21B21]

[G] c:\windows\microsoft.net\framework\v1.0.3705\mscormmc.dll [PX5: 6DDD55D100FAF4747A840120C6C73800BEF6C2E4]

[G] c:\windows\system32\presentationhostproxy.dll [PX5: A525716F1890B6DFAA980078FB229600016ED455]

[G] c:\windows\system32\icardagt.exe [PX5: 9985BCE100D800A47E920973E6923E0059F70C36]

[GP] c:\windows\system32\icardres.dll [PX5: 89266B3C00053A422C4B008EEE6E5600AD363456]

[GP] c:\documents and settings\user\desktop\prevxcsifree.exe [PX5: 63FE75A53822E6D202F00CE455A0B500FABBA26D]

[G] c:\program files\mcafee\virusscan\mcvsqt.dll [PX5: 0F3D8F5C10E47E459A48028546D794007803EC31]

[G] c:\windows\system32\dswave.dll [PX5: 90F00E070024781C4C5D00C71FE32700C22187D4]

[G] c:\documents and settings\user\desktop\procexp.exe [PX5: 3EC508198060D3EA2D5C36FD5B3C6000DF1706F5]

[G] c:\program files\mcafee\mpf\mc\mpfmisp.dll [PX5: E614717C40CF58ED4CE2117B0DEFBD002B742031]

[G] c:\windows\microsoft.net\framework\v3.0\wpf\penimc.dll [PX5: EB95EB17F83ED520150C016B6772E600B7E30565]

[GP] c:\documents and settings\user\desktop\atf-cleaner.exe [PX5: 3A5DF082003D80E6C67600375B5B0300CB41E90D]

[G] c:\windows\microsoft.net\framework\v2.0.50727\mmcaspext.dll [PX5: D28A207200910B087E7501628CBD10009AA53C7D]

[G] c:\windows\system32\infocardapi.dll [PX5: 804AEDB2087D08137E110101DC45C6003F9E08DD]

[G] c:\program files\mcafee\mpf\mc\mpfaltps.dll [PX5: 632BD9EF986F215BC7F700E1E8ED39001DFF8889]

[G] c:\windows\system32\rgb9rast_2.dll [PX5: B0E13BA918A5248D4DE1026ED757E7006107C237]

[G] c:\program files\common files\microsoft shared\dw\dwdcw20.dll [PX5: 359A0181600DE0F9A974000696030C00D0D95251]

[G] c:\program files\mcafee\msc\mcnmccps.dll [PX5: 244533B5E024E39F2B1A0102A11F3900AF651088]

[G] c:\windows\system32\presentationcffrasterizernative_v0300.dll [PX5: C224A78D380F90049A6401ACFA30C800124C99F5]

[G] c:\program files\real\realplayer\ierjplug.dll [PX5: 50730D062D24AA85C071006F0237AA00B5D256A0]

[G] c:\program files\mcafee\msc\mcnmcsrv.dll [PX5: 9CE5701F4091D434877F13D6933D5A00DA621800]

[G] c:\program files\mozilla firefox\firefox.exe [PX5: 4CD34118F804ECBBB11C04523CB55200B53D9A1F]

[GP] c:\documents and settings\user\desktop\rsit.exe [PX5: FDC2281D555504A8EE310BB4DA1E8F00474DC338]

[G] c:\program files\common files\microsoft shared\dw\dwtrig20.exe [PX5: 557AD59760821403993000D277F522007EFA78FC]

[G] c:\program files\mcafee\mhn\mcenuips.dll [PX5: 8C962C42B0369DB60B4D014565EA9900200F0911]

[G] c:\program files\mcafee\msc\mcndsv.dll [PX5: F5470082C85AFDF33C4B1724BFC5D6001F1AEDF5]

[G] c:\windows\system32\presentationnative_v0300.dll [PX5: 0AE5562920164D98EC3C0B203450C800F7F2E667]

[G] c:\windows\system32\mscories.dll [PX5: 76E8FF6200CD84AC4813010C0827BE0001C979DD]

[G] c:\program files\common files\mcafee\mna\mcujguips.dll [PX5: 72DA035EB05E73880B3A018176EE5D0096C2D7F1]

[G] c:\windows\system32\drivers\atinmdxx.sys [PX5: F01147EA00BE7AB736CC00E44C302A00BEEA352D]

[G] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe [PX5: A1641FCD08C637E48661006025BFA10083500E28]

[GP] c:\program files\trend micro\hijackthis\hijackthis.exe [PX5: 3DF7D3A40061C4A70C8E069553313F002B40F674]

[G] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_perf.dll [PX5: 2DC76008087C526684F300F0609C29000BE32C80]

[GP] c:\program files\erunt\erunt.exe [PX5: FE61AD1600E06F3E686D0279B8F7850086E0CE56]

[G] c:\windows\system32\drivers\ati1pdxx.sys [PX5: E991404B0FFD6FF82F7000461A312B002816CEC0]

[G] c:\program files\mcafee\msc\mcmnumgr.dll [PX5: 3327B9D200701AD2D35C092AA410ED00E25FA050]

[G] c:\documents and settings\user\desktop\erunt-setup.exe [PX5: 8B98308C616F7D7B13CB0CB7AACF7200EC7DC6F7]

[G] c:\windows\system32\drivers\mdmxsdk.sys [PX5: F550CBF45C4DEEBE2EDE0064049C6200A1C01EF8]

[G] c:\program files\mcafee\msc\mcuihost.exe [PX5: 931EBCAD0068F047C4130B1730AA0B00CB7B6B1F]

[G] c:\program files\erunt\unins000.exe [PX5: D08D2DF2C94053ED2D1601DB2936D30005577CF7]

[G] c:\windows\system32\infocardcpl.cpl [PX5: 91A1D9E708ACE0D1923C0090491112002077AECD]

[G] c:\program files\mcafee\mhn\mcensrv.dll [PX5: DF2F177FF067AF36B4211CC2E631EC009CAB93C6]

[G] c:\program files\mcafee\virusscan\mcctxmnu.dll [PX5: 5B4D8C9F10BE5E405C5402A08D7B0F0032AA7668]

[G] c:\documents and settings\user\desktop\hijackthis-setup.exe [PX5: 4BE7F08838A9D813655F0CD02AF298007E0371EB]

[G] c:\program files\mcafee\mhn\mcenuiex.dll [PX5: EF5D544EE87C8A6BDC84010BF6C4D2008DF251A1]

[G] c:\windows\system32\tswpfwrp.exe [PX5: 1BCEB8EF00643FC566A200A7E2BFB5004DD2A429]

[G] c:\windows\system32\dfshim.dll [PX5: B61F8E51F89DD20A79E601F7468B08006786AAC7]

[G] c:\program files\mcafee\virusscan\mvsmp.dll [PX5: F2E287A9105357849AAA01F4B207F600CF4FBDB9]

[G] c:\windows\system32\icardres.dll.mui [PX5: 48466EBB00CC5289F23508EF25D43500AC067FD1]

[G] c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe [PX5: 29E1613918B5437BB4A000056BA30D0085A65364]

[G] c:\program files\mcafee\mshr\shrmisp.dll [PX5: FF96C5F110224E9C0A4906EDAA509C00AF982478]

[G] c:\program files\mcafee\virusscan\mcqtax.dll [PX5: E384E0BB109F96FCDEFA03291954670065C3C2B7]

[G] c:\windows\system32\xpsviewer\xpsviewer.exe [PX5: E3466D93004C1C249A42040AC5B56A00FD25CD70]

[G] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe [PX5: 5A664CB900910961108801DCD8DC6C004AAB9DEB]

[G] c:\windows\system32\mscorier.dll [PX5: E5D51D8800E97BDB6C8702202F4574001A474FEB]

[GP] c:\program files\erunt\ntregopt.exe [PX5: B8EA9DDA0068DC4324FA029114B8C900E19015CA]

[G] c:\windows\microsoft.net\framework\v2.0.50727\mscordacwks.dll [PX5: AEF636A35084D0A01B8B0FF6DE872B00303F4E15]

[G] c:\program files\mcafee\msc\mcnduips.dll [PX5: CA3DD027B04375240B93018C5DBA600067351FBB]

[G] c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe [PX5: EFD4B4BE00BDA0EE74510DC9EBC32100DBF077F7]

[G] c:\windows\system32\mscoree.dll [PX5: DC4D775C0056291E4EAA0496E6A5F900E88DF2B5]

[G] c:\windows\system32\drivers\pxsec.sys [PX5: 449EE65D0816D5746CFC004B8A039C005B1D0006]

[G] c:\windows\system32\evr.dll [PX5: 0CA3DDE7F893D5B5852A0794D255080043C70B3F]

[G] c:\windows\system32\drivers\atv02nt5.dll [PX5: 0547BD6E5FAE64642CF900D76F6FC700000CC411]

[G] c:\program files\mcafee\virusscan\mcavtsub.dll [PX5: 6A06043310B341708E3B02DBFB00CE00BF204F75]

[G] c:\program files\mcafee\virusscan\mvsver.dll [PX5: C703A54C10DFDAAC00B40392A2A47500F24679E1]

[G] c:\windows\system32\presentationhost.exe [PX5: FDA30DF510C3E58AFAB404856C12820068E770BB]

[G] c:\windows\system32\uiautomationcore.dll [PX5: 0503791610B5D9DB76C4029D7BAB0A0032329ADE]

[G] c:\windows\system32\dxva2.dll [PX5: 1432CF7DF83D0C541F930155CFD86800FC364FA8]

[G] c:\windows\system32\ipsink.ax [PX5: 6436F75000915F1C405500E54F79660058572CD6]

[G] c:\windows\system32\comaddin.dll [PX5: FE3F35B40049F1456E26008A21001B0090C1AA68]

[G] c:\program files\common files\roxio shared\9.0\sharedcom\cpslistctrl.dll [PX5: 7E9E96E7F80D76F3EA69036A9B647A009DA087E7]

[G] c:\windows\system32\drivers\recagent.sys [PX5: 8230DA32D0FF3CCB359200458A49D1005077BCC7]

[G] c:\program files\common files\roxio shared\9.0\dllshared\fxwrapper.dll [PX5: E2711057F89B17175E330087835EB60018372149]

[G] c:\windows\system32\msfeedsbs.dll [PX5: 235FA809009FDBDDCC60004020553200B3D22C65]

[G] c:\program files\common files\motive\bjaxsecuritymanager.dll [PX5: EB3BCF9200AB67C39EA8003D5E79430066CDABB6]

[G] c:\windows\system32\tlntsvrp.dll [PX5: D377AD150099D4801C8000847CEFFF00616307CF]

[G] c:\program files\common files\avsmedia\activex\avsimageview2.dll [PX5: 1C65963F003435E6600E020B3AB8FF00EE7D529E]

[G] c:\program files\common files\roxio shared\9.0\dllshared\alien.fxu [PX5: C2677AB3006C3CE2B0B00004C08E47001D006615]

[G] c:\windows\system32\winfxdocobj.exe [PX5: 6D28E5110049742E26AE03B5F40E5B00008E2C4D]

[G] c:\windows\system32\bidispl.dll [PX5: 65AA183400854926447000036B67CE00467E45A4]

[G] c:\program files\roxio\photosuite 9\ppscutoutobject.dll [PX5: AAA438E6F88889CC6ABB041DDF47E700C2750D54]

[G] c:\windows\system32\drivers\atinttxx.sys [PX5: 4D021E9A00CC1BA9364D00987AB05B00A6802140]

[G] c:\windows\system32\dskquoui.dll [PX5: 4EB7040B003A9C03609702A80D7EE700B54E0632]

[G] c:\program files\movavi\nctrmfile.dll [PX5: 46DDDFC2008812C400B1130BB1E6F4009ABBBE5A]

[G] c:\windows\downloaded program files\dwusplay.dll [PX5: 27582087B0BA5B7B7391002DDDE82A00A0F4BF41]