Jump to content
MissKiki

persistent fsharproj

Recommended Posts

I've tried to follow some of the threads to get rid of this nasty, but I've had no luck. time to call int he experts:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6991

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

7/1/2011 9:09:31 AM

mbam-log-2011-07-01 (09-09-31).txt

Scan type: Full scan (C:\|)

Objects scanned: 262341

Time elapsed: 1 hour(s), 4 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hello MissKiki and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please do the following:

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed

    There shouldn't be any scheduled antivirus scans running while the scan is being performed.

    Do not use your computer for anything else during the scan.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your Desktop.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • DDS log
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Share this post


Link to post
Share on other sites

Thank you for the response - here are the files you've requested:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.11

Run by US883862 at 16:11:38 on 2011-07-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1452 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Eupr\xrxacm_euprsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eupr\xrxacm_pa.exe

svchost.exe

C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe

C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe

c:\epa.epa\EPAService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\LogWatNT.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\Prot_srv.exe

C:\WINDOWS\system32\pstartSr.exe

C:\Program Files\CA\Unicenter Remote Control\rcHost.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Microsoft Office Communicator\communicator.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\SxpInst\sxplog32.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\ctfmon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://xww.internal.xerox.com/

uInternet Connection Wizard,ShellNext = hxxp://xww.internal.world.xerox.com/

BHO: {01ce8b7c-036a-4f89-be62-4bee3a922940} - c:\windows\system32\audiodev32.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110517092442.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [iSUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [sxplog] c:\sxpinst\sxpstub.exe

mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Pointsec Tray] c:\program files\pointsec\pointsec for pc\P95Tray.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

StartupFolder: c:\docume~1\us883862\startm~1\programs\startup\yammer.lnk - c:\program files\yammer\Yammer.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: centrewareweb.com\portal

Trusted Zone: livemeeting.com

Trusted Zone: xerox.com

Trusted Zone: xerox.net

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{05D1706C-888B-47B6-BCBF-11E86D143589} : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{593B1463-A4BC-4BD5-A9C1-340C3E8F104C} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-5-17 436728]

R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2008-10-15 217024]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-5-17 88544]

R2 CA-MessageQueuing;Unicenter Message Queuing Server;c:\program files\ca\sharedcomponents\cam\bin\cam.exe [2008-8-11 168015]

R2 EPAService;EPAService;c:\epa.epa\EPAService.exe [2008-8-11 221184]

R2 Euprsvc;Eupr Service;c:\program files\eupr\xrxacm_euprsvc.exe [2008-1-19 204800]

R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2003-8-6 49152]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-17 159320]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-17 145936]

R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2008-10-15 621120]

R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2008-10-15 150080]

R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-8-11 26137]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-5-17 171296]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-17 58456]

R3 RCSpyDDML;RCSpyDDML;c:\windows\system32\drivers\RCSpyMP.sys [2004-12-6 14336]

S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]

S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [2003-8-6 73728]

S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [2003-8-6 73728]

S3 EracentARPC;EracentARPC;c:\epa.epa\arpcollector.sys [2008-8-11 16640]

S3 ExtranetAccess;Contivity VPN Service;c:\program files\xerox external access network\Extranet_serv.exe [2008-8-11 811008]

S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-8-11 155152]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-5 39984]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-17 85152]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S4 SDService;Unicenter Software Delivery;c:\tngsd\bin\SDServ.exe [2006-2-22 32768]

.

=============== Created Last 30 ================

.

2011-06-29 22:48:11 0 ---ha-w- c:\documents and settings\us883862\oshxjmencw.tmp

2011-06-27 17:33:14 -------- d-sha-r- C:\cmdcons

2011-06-27 17:31:08 208896 ----a-w- c:\windows\MBR.exe

2011-06-27 17:31:05 98816 ----a-w- c:\windows\sed.exe

2011-06-27 17:31:05 518144 ----a-w- c:\windows\SWREG.exe

2011-06-27 17:31:05 256000 ----a-w- c:\windows\PEV.exe

2011-06-13 12:17:46 365056 ----a-w- c:\windows\system32\audiodev32.dll

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-17 13:23:17 145936 ----a-w- c:\windows\system32\mfevtps.exe

2011-05-17 13:23:16 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-05-17 13:23:16 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-05-17 13:23:15 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-05-17 13:23:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-05-17 13:23:13 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-05-17 13:23:13 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-05-17 13:23:12 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-05-12 21:32:42 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2011-05-12 21:32:42 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll

2008-10-08 17:18:36 626688 ----a-w- c:\program files\common files\sapconsaccess.dll

2008-10-08 17:18:36 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx

2008-10-08 17:18:36 3125248 ----a-w- c:\program files\common files\sapxlhelper.dll

2008-10-08 17:18:36 192512 ----a-w- c:\program files\common files\sapconsr3.dll

.

============= FINISH: 16:12:16.00 ===============

2011/07/02 16:18:28.0421 6936 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/07/02 16:18:28.0765 6936 ================================================================================

2011/07/02 16:18:28.0765 6936 SystemInfo:

2011/07/02 16:18:28.0765 6936

2011/07/02 16:18:28.0765 6936 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/02 16:18:28.0765 6936 Product type: Workstation

2011/07/02 16:18:28.0765 6936 ComputerName: 8H1YRG1

2011/07/02 16:18:28.0765 6936 UserName: US883862

2011/07/02 16:18:28.0765 6936 Windows directory: C:\WINDOWS

2011/07/02 16:18:28.0765 6936 System windows directory: C:\WINDOWS

2011/07/02 16:18:28.0765 6936 Processor architecture: Intel x86

2011/07/02 16:18:28.0765 6936 Number of processors: 2

2011/07/02 16:18:28.0765 6936 Page size: 0x1000

2011/07/02 16:18:28.0765 6936 Boot type: Normal boot

2011/07/02 16:18:28.0765 6936 ================================================================================

2011/07/02 16:18:30.0500 6936 Initialize success

2011/07/02 16:18:37.0531 7788 ================================================================================

2011/07/02 16:18:37.0531 7788 Scan started

2011/07/02 16:18:37.0531 7788 Mode: Manual;

2011/07/02 16:18:37.0531 7788 ================================================================================

2011/07/02 16:18:39.0703 7788 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/07/02 16:18:39.0718 7788 Boot (0x1200) (b87fee94f63a43801e7a4194e17804a2) \Device\Harddisk0\DR0\Partition0

2011/07/02 16:18:39.0718 7788 ================================================================================

2011/07/02 16:18:39.0718 7788 Scan finished

2011/07/02 16:18:39.0718 7788 ================================================================================

2011/07/02 16:18:39.0734 7856 Detected object count: 0

2011/07/02 16:18:39.0734 7856 Actual detected object count: 0

Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

McAfee VirusScan Enterprise

McAfee Agent

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 14

Java 2 Runtime Environment, SE v1.4.2_06

Out of date Java installed!

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

McAfee VirusScan Enterprise SHSTAT.EXE

US883862 Desktop Virus Software SecurityCheck.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites
Thank you for the response

No problem :).

***Note: In order for ComboFix to run properly McAfee must be uninstalled. Please go here and follow the instructions to uninstall McAfee.

You can reinstall it after the computer is clean.

----------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

Share this post


Link to post
Share on other sites

Is there a way to disable McAfee without un-install? I do not have a way to reload once it is gone.

Share this post


Link to post
Share on other sites
Is there a way to disable McAfee without un-install? I do not have a way to reload once it is gone.

Unfortunately, it has to be totally uninstalled when running ComboFix.

Near the end I can link you to some very reputable free antivirus software, if you are able to switch from McAfee ;)

Share this post


Link to post
Share on other sites

Unfortunately I can not perform what you ask. My internal support team has told me to live with the issue as they can not fix it. I was hoping I could resolve the issue outside our normal channels. If uninstalling the app is my only choice, I thank you for your time.

Share this post


Link to post
Share on other sites

Okay, try running ComboFix anyway.

I can't guarantee that it will not conflict, but it is still worth a try.

Let me know what you wish to do ;)

Share this post


Link to post
Share on other sites

Thanks for understanding - here are the results of the scan / reboot from Combofix:

ComboFix 11-07-02.02 - US883862 07/02/2011 19:18:56.8.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1482 [GMT -4:00]

Running from: c:\documents and settings\US883862\Desktop\Virus Software\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

----- BITS: Possible infected sites -----

.

hxxp://USA0300SD006.NA.XEROX.NET:80

.

((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))

.

.

2011-07-02 23:19 . 2011-07-02 23:19 -------- d-----w- c:\program files\temp

2011-06-29 22:48 . 2011-06-29 22:48 0 ---ha-w- c:\documents and settings\US883862\oshxjmencw.tmp

2011-06-13 12:17 . 2011-06-13 12:17 365056 ----a-w- c:\windows\system32\audiodev32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2009-06-05 13:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-06-05 13:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-17 13:23 . 2011-05-17 13:24 145936 ----a-w- c:\windows\system32\mfevtps.exe

2011-05-17 13:23 . 2011-05-17 13:24 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-05-17 13:23 . 2011-05-17 13:24 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-05-17 13:23 . 2011-05-17 13:24 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-05-17 13:23 . 2011-05-17 13:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-05-17 13:23 . 2011-05-17 13:24 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-05-17 13:23 . 2011-05-17 13:24 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-05-17 13:23 . 2011-05-17 13:24 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-05-12 21:32 . 2008-08-12 14:02 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2011-05-12 21:32 . 2008-08-12 14:02 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll

2008-10-08 17:18 . 2007-10-01 18:54 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll

2008-10-08 17:18 . 2007-10-01 18:54 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll

2008-10-08 17:18 . 2007-10-01 18:54 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll

2008-10-08 17:18 . 2007-10-01 18:54 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-27_18.53.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-02 23:26 . 2011-07-02 23:26 16384 c:\windows\Temp\Perflib_Perfdata_170.dat

+ 2007-10-01 14:13 . 2011-07-02 23:32 72824 c:\windows\system32\perfc009.dat

- 2007-10-01 14:13 . 2011-06-27 17:52 72824 c:\windows\system32\perfc009.dat

+ 2007-10-01 14:13 . 2011-07-02 23:32 445878 c:\windows\system32\perfh009.dat

- 2007-10-01 14:13 . 2011-06-27 17:52 445878 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CE8B7C-036A-4F89-BE62-4BEE3A922940}]

2011-06-13 12:17 365056 ----a-w- c:\windows\system32\audiodev32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Sxplog"="c:\sxpinst\sxpstub.exe" [2004-09-08 20480]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2007-12-07 5720072]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-10-20 36864]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-10-20 40960]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-10-15 670272]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-03-01 148888]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247]

.

c:\documents and settings\US883862\Start Menu\Programs\Startup\

Yammer.lnk - c:\program files\Yammer\Yammer.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-1202660629-839522115-48216\Scripts\Logon\0\0]

"Script"=DomUsr.exe

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"websrvx"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"iPod Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=

"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplgpad.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"798:TCP"= 798:TCP:CA RCO 798-TCP

.

R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [10/15/2008 8:40 AM 217024]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/17/2011 9:24 AM 88544]

R2 EPAService;EPAService;c:\epa.epa\EPAService.exe [8/11/2008 10:04 AM 221184]

R2 Euprsvc;Eupr Service;c:\program files\Eupr\xrxacm_euprsvc.exe [1/19/2008 3:12 PM 204800]

R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [8/6/2003 12:18 PM 49152]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/17/2011 9:24 AM 145936]

R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [10/15/2008 8:41 AM 621120]

R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [10/15/2008 8:41 AM 150080]

R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [8/11/2008 10:02 AM 26137]

R3 RCSpyDDML;RCSpyDDML;c:\windows\system32\drivers\RCSpyMP.sys [12/6/2004 4:09 AM 14336]

S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [8/6/2003 12:18 PM 73728]

S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [8/6/2003 12:18 PM 73728]

S3 EracentARPC;EracentARPC;c:\epa.epa\arpcollector.sys [8/11/2008 10:32 AM 16640]

S3 ExtranetAccess;Contivity VPN Service;c:\program files\Xerox External Access Network\Extranet_serv.exe [8/11/2008 10:02 AM 811008]

S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [8/11/2008 10:02 AM 155152]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/5/2009 9:02 AM 39984]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/17/2011 9:24 AM 85152]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S4 SDService;Unicenter Software Delivery;c:\tngsd\BIN\SDServ.exe [2/22/2006 5:43 PM 32768]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]

2011-02-17 19:00 124928 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2009-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://xww.internal.xerox.com/

uInternet Connection Wizard,ShellNext = hxxp://xww.internal.world.xerox.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: centrewareweb.com\portal

Trusted Zone: livemeeting.com

Trusted Zone: xerox.com

Trusted Zone: xerox.net

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-02 19:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMPrimer]

"ImagePath"="\"c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe\" -DMPRIMER_SERVICE_:"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1708)

c:\windows\system32\pssogina.dll

.

- - - - - - - > 'explorer.exe'(9140)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Eupr\xrxacm_pa.exe

c:\windows\System32\SCardSvr.exe

c:\program files\CA\SharedComponents\CAM\bin\cam.exe

c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\CA\Unicenter Remote Control\rcHost.exe

c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe

c:\windows\system32\CCM\CcmExec.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\stsystra.exe

c:\program files\Apoint\ApMsgFwd.exe

c:\sxpinst\sxplog32.exe

c:\program files\Apoint\HidFind.exe

c:\program files\Apoint\Apntex.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2011-07-02 19:38:02 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-02 23:37

ComboFix2.txt 2011-06-29 22:39

ComboFix3.txt 2011-06-29 20:22

ComboFix4.txt 2011-06-28 23:41

ComboFix5.txt 2011-07-02 23:17

.

Pre-Run: 41,921,335,296 bytes free

Post-Run: 42,013,765,632 bytes free

.

- - End Of File - - 7C012B90C9BDAE0F3AF2C526CED09252

Share this post


Link to post
Share on other sites

You have ComboFix running from the following location: c:\documents and settings\US883862\Desktop\Virus Software\ComboFix.exe

It needs to be run from the Desktop.

Please delete the following file (in bold): c:\documents and settings\US883862\Desktop\Virus Software\ComboFix.exe

Then, download a new copy of ComboFix. Save it and run it from your Desktop. Please include the C:\ComboFix.txt that it creates ;)

Share this post


Link to post
Share on other sites

Per your request - when I came to the link, that darn oshxjmencw temp file created itself on my desktop again:

ComboFix 11-07-02.03 - US883862 07/03/2011 10:13:52.9.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1353 [GMT -4:00]

Running from: c:\documents and settings\US883862\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))

.

.

2011-07-02 23:19 . 2011-07-02 23:19 -------- d-----w- c:\program files\temp

2011-06-29 22:48 . 2011-06-29 22:48 0 ---ha-w- c:\documents and settings\US883862\oshxjmencw.tmp

2011-06-13 12:17 . 2011-06-13 12:17 365056 ----a-w- c:\windows\system32\audiodev32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2009-06-05 13:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-06-05 13:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-17 13:23 . 2011-05-17 13:24 145936 ----a-w- c:\windows\system32\mfevtps.exe

2011-05-17 13:23 . 2011-05-17 13:24 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-05-17 13:23 . 2011-05-17 13:24 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-05-17 13:23 . 2011-05-17 13:24 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-05-17 13:23 . 2011-05-17 13:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-05-17 13:23 . 2011-05-17 13:24 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-05-17 13:23 . 2011-05-17 13:24 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-05-17 13:23 . 2011-05-17 13:24 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-05-12 21:32 . 2008-08-12 14:02 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2011-05-12 21:32 . 2008-08-12 14:02 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll

2008-10-08 17:18 . 2007-10-01 18:54 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll

2008-10-08 17:18 . 2007-10-01 18:54 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll

2008-10-08 17:18 . 2007-10-01 18:54 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll

2008-10-08 17:18 . 2007-10-01 18:54 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-27_18.53.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-02 23:26 . 2011-07-02 23:26 16384 c:\windows\Temp\Perflib_Perfdata_170.dat

+ 2007-10-01 14:13 . 2011-07-02 23:32 72824 c:\windows\system32\perfc009.dat

- 2007-10-01 14:13 . 2011-06-27 17:52 72824 c:\windows\system32\perfc009.dat

+ 2011-07-02 23:26 . 2011-07-02 23:29 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

- 2011-06-27 17:47 . 2011-06-27 17:50 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

+ 2007-10-01 14:13 . 2011-07-02 23:32 445878 c:\windows\system32\perfh009.dat

- 2007-10-01 14:13 . 2011-06-27 17:52 445878 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CE8B7C-036A-4F89-BE62-4BEE3A922940}]

2011-06-13 12:17 365056 ----a-w- c:\windows\system32\audiodev32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Sxplog"="c:\sxpinst\sxpstub.exe" [2004-09-08 20480]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2007-12-07 5720072]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-10-20 36864]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-10-20 40960]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-10-15 670272]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-03-01 148888]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247]

.

c:\documents and settings\US883862\Start Menu\Programs\Startup\

Yammer.lnk - c:\program files\Yammer\Yammer.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-1202660629-839522115-48216\Scripts\Logon\0\0]

"Script"=DomUsr.exe

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"websrvx"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"iPod Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=

"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplgpad.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"798:TCP"= 798:TCP:CA RCO 798-TCP

.

R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [10/15/2008 8:40 AM 217024]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/17/2011 9:24 AM 88544]

R2 EPAService;EPAService;c:\epa.epa\EPAService.exe [8/11/2008 10:04 AM 221184]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/17/2011 9:24 AM 145936]

R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [10/15/2008 8:41 AM 621120]

R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [10/15/2008 8:41 AM 150080]

R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [8/11/2008 10:02 AM 26137]

R3 RCSpyDDML;RCSpyDDML;c:\windows\system32\drivers\RCSpyMP.sys [12/6/2004 4:09 AM 14336]

S2 Euprsvc;Eupr Service;c:\program files\Eupr\xrxacm_euprsvc.exe [1/19/2008 3:12 PM 204800]

S2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [8/6/2003 12:18 PM 49152]

S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [8/6/2003 12:18 PM 73728]

S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [8/6/2003 12:18 PM 73728]

S3 EracentARPC;EracentARPC;c:\epa.epa\arpcollector.sys [8/11/2008 10:32 AM 16640]

S3 ExtranetAccess;Contivity VPN Service;c:\program files\Xerox External Access Network\Extranet_serv.exe [8/11/2008 10:02 AM 811008]

S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [8/11/2008 10:02 AM 155152]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/5/2009 9:02 AM 39984]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/17/2011 9:24 AM 85152]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S4 SDService;Unicenter Software Delivery;c:\tngsd\BIN\SDServ.exe [2/22/2006 5:43 PM 32768]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]

2011-02-17 19:00 124928 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2009-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://xww.internal.xerox.com/

uInternet Connection Wizard,ShellNext = hxxp://xww.internal.world.xerox.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: centrewareweb.com\portal

Trusted Zone: livemeeting.com

Trusted Zone: xerox.com

Trusted Zone: xerox.net

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-03 10:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMPrimer]

"ImagePath"="\"c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe\" -DMPRIMER_SERVICE_:"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1708)

c:\windows\system32\pssogina.dll

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'explorer.exe'(5100)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-07-03 10:20:48

ComboFix-quarantined-files.txt 2011-07-03 14:20

ComboFix2.txt 2011-07-02 23:38

ComboFix3.txt 2011-06-29 22:39

ComboFix4.txt 2011-06-29 20:22

ComboFix5.txt 2011-07-03 14:12

.

Pre-Run: 42,020,077,568 bytes free

Post-Run: 42,007,048,192 bytes free

.

- - End Of File - - 15C21F53E76501AABE11FDD5E1832009

Share this post


Link to post
Share on other sites

Let's try this ;):

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

c:\documents and settings\US883862\oshxjmencw.tmp

c:\windows\system32\audiodev32.dll

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know of any issues you've encountered ;).

Share this post


Link to post
Share on other sites

Thanks - here are the results - the temp file didn't appear, so I hope it did the trick:

ComboFix 11-07-02.03 - US883862 07/03/2011 11:06:31.10.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1309 [GMT -4:00]

Running from: c:\documents and settings\US883862\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\US883862\Desktop\CFScript.txt

.

FILE ::

"c:\documents and settings\US883862\oshxjmencw.tmp"

"c:\windows\system32\audiodev32.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\US883862\oshxjmencw.tmp

c:\windows\system32\audiodev32.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))

.

.

2011-07-02 23:19 . 2011-07-02 23:19 -------- d-----w- c:\program files\temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2009-06-05 13:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-06-05 13:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-17 13:23 . 2011-05-17 13:24 145936 ----a-w- c:\windows\system32\mfevtps.exe

2011-05-17 13:23 . 2011-05-17 13:24 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-05-17 13:23 . 2011-05-17 13:24 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-05-17 13:23 . 2011-05-17 13:24 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-05-17 13:23 . 2011-05-17 13:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-05-17 13:23 . 2011-05-17 13:24 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-05-17 13:23 . 2011-05-17 13:24 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-05-17 13:23 . 2011-05-17 13:24 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-05-12 21:32 . 2008-08-12 14:02 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2011-05-12 21:32 . 2008-08-12 14:02 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll

2008-10-08 17:18 . 2007-10-01 18:54 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll

2008-10-08 17:18 . 2007-10-01 18:54 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll

2008-10-08 17:18 . 2007-10-01 18:54 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll

2008-10-08 17:18 . 2007-10-01 18:54 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-27_18.53.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-03 15:13 . 2011-07-03 15:13 16384 c:\windows\temp\Perflib_Perfdata_1a4.dat

+ 2007-10-01 14:13 . 2011-07-03 15:18 72824 c:\windows\system32\perfc009.dat

- 2007-10-01 14:13 . 2011-06-27 17:52 72824 c:\windows\system32\perfc009.dat

- 2011-06-27 17:47 . 2011-06-27 17:50 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

+ 2011-07-03 15:13 . 2008-12-17 02:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll

+ 2007-10-01 14:13 . 2011-07-03 15:18 445878 c:\windows\system32\perfh009.dat

- 2007-10-01 14:13 . 2011-06-27 17:52 445878 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Sxplog"="c:\sxpinst\sxpstub.exe" [2004-09-08 20480]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2007-12-07 5720072]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-10-20 36864]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-10-20 40960]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-10-15 670272]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-03-01 148888]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247]

.

c:\documents and settings\US883862\Start Menu\Programs\Startup\

Yammer.lnk - c:\program files\Yammer\Yammer.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-1202660629-839522115-48216\Scripts\Logon\0\0]

"Script"=DomUsr.exe

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"websrvx"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"iPod Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=

"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplgpad.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"798:TCP"= 798:TCP:CA RCO 798-TCP

.

R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [10/15/2008 8:40 AM 217024]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/17/2011 9:24 AM 88544]

R2 EPAService;EPAService;c:\epa.epa\EPAService.exe [8/11/2008 10:04 AM 221184]

R2 Euprsvc;Eupr Service;c:\program files\Eupr\xrxacm_euprsvc.exe [1/19/2008 3:12 PM 204800]

R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [8/6/2003 12:18 PM 49152]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/17/2011 9:24 AM 145936]

R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [10/15/2008 8:41 AM 621120]

R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [10/15/2008 8:41 AM 150080]

R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [8/11/2008 10:02 AM 26137]

R3 RCSpyDDML;RCSpyDDML;c:\windows\system32\drivers\RCSpyMP.sys [12/6/2004 4:09 AM 14336]

S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [8/6/2003 12:18 PM 73728]

S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [8/6/2003 12:18 PM 73728]

S3 EracentARPC;EracentARPC;c:\epa.epa\arpcollector.sys [8/11/2008 10:32 AM 16640]

S3 ExtranetAccess;Contivity VPN Service;c:\program files\Xerox External Access Network\Extranet_serv.exe [8/11/2008 10:02 AM 811008]

S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [8/11/2008 10:02 AM 155152]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/5/2009 9:02 AM 39984]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/17/2011 9:24 AM 85152]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S4 SDService;Unicenter Software Delivery;c:\tngsd\BIN\SDServ.exe [2/22/2006 5:43 PM 32768]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]

2011-02-17 19:00 124928 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2009-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://xww.internal.xerox.com/

uInternet Connection Wizard,ShellNext = hxxp://xww.internal.world.xerox.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: centrewareweb.com\portal

Trusted Zone: livemeeting.com

Trusted Zone: xerox.com

Trusted Zone: xerox.net

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{01CE8B7C-036A-4F89-BE62-4BEE3A922940} - c:\windows\system32\audiodev32.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-03 11:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMPrimer]

"ImagePath"="\"c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe\" -DMPRIMER_SERVICE_:"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1704)

c:\windows\system32\pssogina.dll

.

- - - - - - - > 'explorer.exe'(7544)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Eupr\xrxacm_pa.exe

c:\windows\System32\SCardSvr.exe

c:\program files\CA\SharedComponents\CAM\bin\cam.exe

c:\program files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\CA\Unicenter Remote Control\rcHost.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\CCM\CcmExec.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\stsystra.exe

c:\program files\Apoint\ApMsgFwd.exe

c:\sxpinst\sxplog32.exe

c:\program files\Apoint\HidFind.exe

c:\program files\Apoint\Apntex.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2011-07-03 11:22:15 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-03 15:22

ComboFix2.txt 2011-07-03 14:20

ComboFix3.txt 2011-07-02 23:38

ComboFix4.txt 2011-06-29 22:39

ComboFix5.txt 2011-07-03 15:05

.

Pre-Run: 41,944,895,488 bytes free

Post-Run: 41,960,202,240 bytes free

.

- - End Of File - - E31DEA313A04A37A667589311A2A3332

Share this post


Link to post
Share on other sites

Good! Let's run some mores scans to see if there are any traces ;):

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

----

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Share this post


Link to post
Share on other sites

Results of ESET:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=8c1e214bb1ab324fabdcbf7c3fbbfff9

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-03 04:45:13

# local_time=2011-07-03 12:45:13 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=4864 16777215 100 0 90322670 90322670 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=98970

# found=3

# cleaned=3

# scan_time=3820

C:\Qoobox\Quarantine\C\WINDOWS\system32\audiodev32.dll.vir a variant of Win32/Kryptik.OKQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{1569C186-FD91-4CF2-8804-C8084F7FD95E}\RP7\A0001395.dll a variant of Win32/Kryptik.PQF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{1569C186-FD91-4CF2-8804-C8084F7FD95E}\RP9\A0002041.dll a variant of Win32/Kryptik.OKQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

From Bitdefender QuickScan:

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Sun Jul 03 12:50:46 2011

Machine ID: D88B4920

No infection found.

-------------------

Processes

---------

Alps Pointing-device Driver 2796 C:\Program Files\Apoint\Apoint.exe

Alps Pointing-device Driver 796 C:\Program Files\Apoint\hidfind.exe

Alps Pointing-device Driver for Windows 3196 C:\Program Files\Apoint\ApntEx.exe

ApMsgFwd 3636 C:\Program Files\Apoint\ApMsgFwd.exe

C-Major Audio 1620 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe

C-Major Audio 3416 C:\WINDOWS\stsystra.exe

COCIManager.exe 5128 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

Cyberlink PowerCinema 860 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

DMPrimer 952 C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe

EPAService Module 216 C:\epa.epa\EPAService.exe

Eupr 1392 C:\Program Files\Eupr\xrxacm_pa.exe

Intel® Common User Interface 2536 C:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface 2600 C:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface 2608 C:\WINDOWS\system32\igfxsrvc.exe

Java Platform SE 6 U14 420 C:\Program Files\Java\jre6\bin\jqs.exe

Java Platform SE 6 U14 3172 C:\Program Files\Java\jre6\bin\jusched.exe

Logitech QuickCam 1500 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

LogWatNT.exe 1228 C:\WINDOWS\LogWatNT.exe

McAfee Agent 700 C:\Program Files\McAfee\Common Framework\FrameworkService.exe

McAfee Agent 828 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

McAfee Agent 336 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

McAfee System Tray 8816 C:\Program Files\McAfee\Common Framework\McTray.exe

Microsoft IntelliPoint 3168 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

Microsoft Office 2003 10060 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

Microsoft Office Outlook 1416 C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

Microsoft® Windows® Operating System 1384 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 2652 C:\WINDOWS\system32\wbem\wmiprvse.exe

Microsoft® Windows® Operating System 4840 C:\WINDOWS\system32\wbem\wmiprvse.exe

Microsoft® Windows® Operating System 2208 C:\WINDOWS\system32\wbem\wmiprvse.exe

NicConfigSvc 1168 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

PaperPort 728 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

Pointsec PC 3432 C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe

Prot_srv.exe 1192 C:\WINDOWS\system32\Prot_srv.exe

pstartSr.exe 1276 C:\WINDOWS\system32\pstartSr.exe

Quickcam.exe 2128 C:\Program Files\Logitech\QuickCam\Quickcam.exe

QuickSet 3552 C:\Program Files\Dell\QuickSet\quickset.exe

Software Delivery 4076 C:\SxpInst\sxplog32.exe

Software Manager 3384 C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

SYSCORE 1076 C:\WINDOWS\system32\mfevtps.exe

System Center Configuration Manager 1556 C:\WINDOWS\system32\CCM\CcmExec.exe

Unicenter Message Queuing 668 C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe

Unicenter Remote Control 1292 C:\Program Files\CA\Unicenter Remote Control\rcHost.exe

VirusScan Enterprise 9548 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

VirusScan Enterprise 1036 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

VSCORE 400 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

VSCORE 1088 C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

Windows® Internet Explorer 10108 C:\Program Files\Internet Explorer\iexplore.exe

xrxacm_euprsvc.exe 1356 C:\Program Files\Eupr\xrxacm_euprsvc.exe

(verified) Microsoft® Windows® Operating System 7544 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 2200 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 3896 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 1760 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 1436 C:\WINDOWS\system32\scardsvr.exe

(verified) Microsoft® Windows® Operating System 1748 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 1564 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 1932 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 2008 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1012 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 516 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 476 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 368 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1704 C:\WINDOWS\system32\winlogon.exe

Network activity

----------------

Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160

Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160

Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160

Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160

Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160

Process OUTLOOK.EXE (1416) connected on port 443 (HTTP over SSL) --> 13.13.130.160

Process iexplore.exe (10108) connected on port 80 (HTTP) --> 63.116.246.48

Process iexplore.exe (10108) connected on port 80 (HTTP) --> 63.116.246.82

Process iexplore.exe (10108) connected on port 80 (HTTP) --> 66.235.142.57

Process iexplore.exe (10108) connected on port 80 (HTTP) --> 69.171.224.11

Process iexplore.exe (10108) connected on port 80 (HTTP) --> 72.14.204.102

Process iexplore.exe (10108) connected on port 80 (HTTP) --> 63.116.246.48

Process cam.exe (668) listens on ports: 3104, 4105

Process FrameworkService.exe (700) listens on ports: 12085

Process rcHost.exe (1292) listens on ports: 798

Process svchost.exe (2008) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Alps Pointing-device Driver C:\Program Files\Apoint\Apoint.exe

Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe

C-Major Audio C:\WINDOWS\stsystra.exe

Cyberlink PowerCinema C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe

Java Platform SE 6 U14 C:\Program Files\Java\jre6\bin\jusched.exe

McAfee Agent C:\Program Files\McAfee\Common Framework\UdaterUI.exe

Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe

Microsoft Office Communicator 2007 C:\Program Files\Microsoft Office Communicator\communicator.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

PaperPort C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

PaperPort C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

Pointsec PC C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe

Quickcam.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe

QuickSet C:\Program Files\Dell\QuickSet\quickset.exe

QuickTime C:\Program Files\QuickTime\qttask.exe

Software Delivery C:\SxpInst\sxpstub.exe

Software Manager C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

SSBkgdUpdate Application C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

VirusScan Enterprise C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Garmin Communicator Plug-In C:\Program Files\Garmin GPS Plugin\npGarmin.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

Java Platform SE 6 U14 C:\Program Files\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U14 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL

Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll

VSCORE C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517092442.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

(verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

(verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

(verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

(verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

(verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

(verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

(verified) QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

Missing files

-------------

File not found: c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll

--> HKLM\Software\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\InprocServer32\"(default)"

File not found: c:\program files\google\google toolbar\googletoolbar_32.dll

--> HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32\"(default)"

--> HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32\"(default)"

File not found: c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

--> HKLM\Software\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32\"(default)"

Scan

----

MD5: 84cd42c6ff6c752a2131bdfeb6dc265e C:\CA_APPSW\DTS30\bin\tngdoba.exe

MD5: 53bb9df3a2c1c9e505f2e5342a3446e1 C:\CA_APPSW\DTS30\bin\tngdta.exe

MD5: 9903d0eb32729f4cfe84a7292cb21e64 C:\CA_APPSW\DTS30\bin\tngdtmg.exe

MD5: d01068873f6f42800250ae55fc22f353 C:\CA_LIC\lic98.dll

MD5: 1af1360e070bd8ea402f793ef6fbaaeb C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

MD5: 173c4ccff4a3acd356abbd4bc4082645 c:\epa.epa\arpcollector.sys

MD5: 40628d6e808baee13d15f5213db7b811 C:\epa.epa\EPAService.exe

MD5: 37bf603c3685289ca684c4d3400a9de7 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: 83a27bdc021979643dde277bba83f0c0 C:\Program Files\Apoint\ApMsgFwd.exe

MD5: 99a7b10500920e5cc79b700927b18bc1 C:\Program Files\Apoint\ApntEx.exe

MD5: af38d98e11995342850e94fdacba326e C:\Program Files\Apoint\Apoint.DLL

MD5: 5bdd2ae06f704d8257255ed8009ca722 C:\Program Files\Apoint\Apoint.exe

MD5: 4afb0f5533405bf53f26423bf8726ba9 C:\Program Files\Apoint\EzAuto.dll

MD5: c574c551637734b13278898fe2d12d15 C:\Program Files\Apoint\hidfind.exe

MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe

MD5: b6e6d065ccdb1e986c45988218d9e2ae C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe

MD5: 9fc5947be80e15695b6e9c5c5b2990f5 C:\Program Files\CA\SharedComponents\CAM\bin\emcci2.dll

MD5: dce518f18d485f15ec52810540955749 C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe

MD5: a8c1de79e548688363812aeb3013bf82 C:\Program Files\CA\Unicenter Remote Control\CAWINEXF.dll

MD5: 0818a072f87b315a6c71179eb8d15ddb C:\Program Files\CA\Unicenter Remote Control\libetpki.dll

MD5: 028a3c347ae519856335ab3664b69cf5 C:\Program Files\CA\Unicenter Remote Control\libetpki_thread.dll

MD5: ac9b094618eb2cfcaf00cfdb80a2304c C:\Program Files\CA\Unicenter Remote Control\pthread.dll

MD5: 8aea17c00d6228dc0c5e181fdb6cb105 C:\Program Files\CA\Unicenter Remote Control\rcconfig.dll

MD5: bdce26a58394d3201adefff4b6a9c5d8 C:\Program Files\CA\Unicenter Remote Control\rcencrypt.dll

MD5: afab15d059b0bf1d846e4409962c5943 C:\Program Files\CA\Unicenter Remote Control\rcevent.dll

MD5: 47fcd937234da246fdafd869c74dcb98 C:\Program Files\CA\Unicenter Remote Control\rcevent_EN.dll

MD5: 6965c42dd28aa9c7ba6b5a4b2e3d8d69 C:\Program Files\CA\Unicenter Remote Control\rcHost.exe

MD5: 7470f61d120bc2a57a854671d9d71281 C:\Program Files\CA\Unicenter Remote Control\rcHost_en.dll

MD5: d8c92158be81860f02d490f8ceb0fedc C:\Program Files\CA\Unicenter Remote Control\rcnetwork.dll

MD5: 1852d08b38e89b9ac272daf4edde7171 C:\Program Files\CA\Unicenter Remote Control\rcos.dll

MD5: 6bda59eda493e88a6a0ee8580ea24b72 C:\Program Files\CA\Unicenter Remote Control\rcSock.dll

MD5: 9c7b7f5080e3754e279a281741b6e139 C:\Program Files\CA\Unicenter Remote Control\rctcp.dll

MD5: 347c036611bb13d51f9767298ffc1b82 C:\Program Files\CA\Unicenter Remote Control\rctrace.dll

MD5: 2c472a473418a7efe6457d83f8ed6ad8 C:\Program Files\CA\Unicenter Remote Control\rcUtilities.dll

MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: b8e865d24f2753a35cc2a9a6a3ce1ad4 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

MD5: bd957aa548944dda1816e6095212d685 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\OutlookChangeNotifierAddIn.dll

MD5: e698235fe26505f2b0f4a60cbbe7a27a C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

MD5: b4b6b581af50c5a0b5d1dac7dedcf98c C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManagerPS.dll

MD5: ff23862146a682fcc3dbaa002e22f958 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

MD5: 0e2667d5ce8df09c47c13ac835c00b7f C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll

MD5: 50182e471b44c7a0f63b46e2def08b0f C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

MD5: 2e418192f9987ceb17cab10184faa31d C:\Program Files\Common Files\McAfee\SystemCore\FTL.Dll

MD5: 92c1ef61b800d3ea9e7b177d87d06692 C:\Program Files\Common Files\McAfee\SystemCore\LockDown.dll

MD5: 50182e471b44c7a0f63b46e2def08b0f C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

MD5: c4128bb133d6bc4890cd7b3a4ff6824a C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll

MD5: 9970c3226d534a076a772d77e7475cbc C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dll

MD5: feda19d1fc4d49531d7d23138e643bbb C:\Program Files\Common Files\McAfee\SystemCore\mfebopa.dll

MD5: 177408f47e5db08715959ffb6adecb6f C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll

MD5: 37a6504643537c9a828609031cd4e6a5 C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll

MD5: 0598b347f4686a7ddcfe4f2439601047 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dll

MD5: 339c7a48cb560330d2cb4c3b36a7cbf0 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dll

MD5: 7b4ebf77ed855dfb650bca0347a3e7d5 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dll

MD5: 79194dd8318834587d3a7ebcf83f8a74 C:\Program Files\Common Files\McAfee\SystemCore\naevent.dll

MD5: 41ef09b134f956bd35c50cd365a147ef C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517092442.dll

MD5: 41ef09b134f956bd35c50cd365a147ef C:\Program Files\Common Files\McAfee\SystemCore\scriptsn.dll

MD5: a7e8525fa8788ca52f728414a65ba349 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

MD5: 10eebde7683fb0499f23aec9efc4d444 C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\CONFAPI.dll

MD5: 61b734f1e03aaedcd92d0280fc27150d C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\en-US\ConfApiSat.dll

MD5: c07ad23bdfd6b514fb2d183f98839c5f C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll

MD5: ccd29fa246d747847029fc31d77e8dac C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll

MD5: bbf8782c834372d50599272e1761abf4 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL

MD5: 8b688ec768180311d47e93e0fd66b784 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FNAME.DLL

MD5: 79d3da5886b55778b362af0a3f68a74e C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll

MD5: 8b40bd4fe2f30c7f7789358642dca492 C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll

MD5: 41b3eef65169ceabb6ed01a81c046f1c C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll

MD5: 1c3ca3e7807f915933bb4e08e599ddab C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

MD5: 4912d2d5b12184d3bc02d730e3573eb7 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\contab32.dll

MD5: 69cd9bfa8dc8ce1b65d6b1caf0e37ce2 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\EMSABP32.DLL

MD5: 968065937e14f25b1e45d99c09fac34a C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\EMSMDB32.DLL

MD5: 2a0d1874675a6d9a3870b2d6c9782655 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\EMSUI32.DLL

MD5: 2b1824a6ad828874a262cfbaab506bf4 C:\Program Files\Common Files\System\MSMAPI\1033\mapi32.dll

MD5: 6dda628ffe38ffc114020664ada83a66 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MAPIR.DLL

MD5: 6a3c3ff4437675da77eaab64fc235f58 C:\Program Files\Common Files\System\MSMAPI\1033\msmapi32.dll

MD5: 740532154b8127ae9f2428b44599dcc7 C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MSPST32.DLL

MD5: ee4fe3b51a312cf5d1bc4978d0281d9f C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\OUTEX.dll

MD5: bf0cfc7156e22d24184cc53bc5a8a50a C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll

MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\CyberLink\PowerDVD DX\MFC71.DLL

MD5: bf67a8f7cc0e83d226fed8b4e27f8c33 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

MD5: 5dfe9c6a0005c7b0de6c261502315111 C:\Program Files\Dell\QuickSet\dadkeyb.dll

MD5: 9078a8b2716722012f320dae00303740 C:\Program Files\Dell\QuickSet\IWH10.dll

MD5: 13f3bd0e7b61db137f4388c315d69c70 C:\Program Files\Dell\QuickSet\IWH9.dll

MD5: 173c750946a08c776daa6bded59a1db5 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

MD5: e5792f83fe0a2ab0a9ca5bb397eecfa2 C:\Program Files\Dell\QuickSet\preflibcl.dll

MD5: 61b9651215d612bda0bb4d52e49a50a6 C:\Program Files\Dell\QuickSet\quickset.exe

MD5: 69eab4bf0dd2c5267a91f0827a87b20c C:\Program Files\Eupr\xrxacm_euprsvc.exe

MD5: 1d13814f40d3649b9ed980c327e6d080 C:\Program Files\Eupr\xrxacm_pa.exe

MD5: 20c15e2d1523ed9ca9cc6457a830b7aa C:\Program Files\Eupr\xrxacm_pares410.dll

MD5: c1fd7007dae4e0a91a91cedf83164530 C:\Program Files\Garmin GPS Plugin\npGarmin.dll

MD5: ca9b8fb2015266f22368b006bcc69990 C:\Program Files\Internet Explorer\ieproxy.dll

MD5: e4a798dfde7fe6e79f23548f0ef0f844 C:\Program Files\Internet Explorer\iexplore.exe

MD5: 33839ca6cc3fd43400ecaec4d73c74e2 C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: d2e8efb8af35fcf5a7af22f5a0ce1a82 C:\Program Files\iPod\bin\iPodService.exe

MD5: af936d2fec358a475c3338ba7e751140 C:\Program Files\iTunes\iTunesOutlookAddIn.dll

MD5: 2d315bb5a7a4c6c265192b05db53034f C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: 192e39c717013a0bd532b33ac29d6e7d C:\Program Files\Java\jre6\bin\jp2ssv.dll

MD5: 44ffba62f0f426b581759c49aafec2e2 C:\Program Files\Java\jre6\bin\jqs.exe

MD5: d22d936f9ab0da3b8eb7537284867708 C:\Program Files\Java\jre6\bin\jusched.exe

MD5: 9a0ca264ec3210e77764c45ad7c5f339 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

MD5: 4022bc4abce309f433101911be83c61c C:\Program Files\Logitech\QuickCam\Quickcam.exe

MD5: 1365bb2a78db638870337422b54ddbac C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

MD5: f95905102d70251372c8fc773e52c157 C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll

MD5: 080eee1ab760eb9ec0978107b15c57ac C:\Program Files\McAfee\Common Framework\0409\UpdRes.dll

MD5: 1b73ec6147ee0901ed8af5872aec6c3f C:\Program Files\McAfee\Common Framework\Agent.dll

MD5: 5a120072e4eaf8e243f9643c1e5ba2f4 C:\Program Files\McAfee\Common Framework\agentplugin.dll

MD5: 894d94c39f9ae2bf38ef0725ccc6f705 C:\Program Files\McAfee\Common Framework\applib.dll

MD5: 8f927bb311055cce1bcdf8d84f7104a5 C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll

MD5: b59226741551434e8b8a89a97ff339c4 C:\Program Files\McAfee\Common Framework\ccme_base.dll

MD5: af6dddf0bcd46e78ac052209e452ef2b C:\Program Files\McAfee\Common Framework\cmalib.dll

MD5: e75e05b939a8f350e063f2e11992850c C:\Program Files\McAfee\Common Framework\cryptocme2.dll

MD5: 062d80f13d762f7bc2f38430d60f5048 C:\Program Files\McAfee\Common Framework\FrameworkService.exe

MD5: 85f8a10f73c6f7d88ecd54a38a337400 C:\Program Files\McAfee\Common Framework\Genevtinf3.dll

MD5: a62129ff1fe9ae8b7eade24f7b1218d8 C:\Program Files\McAfee\Common Framework\inetmgr.dll

MD5: f528fdae10ce1e765dfd38449b4d398c C:\Program Files\McAfee\Common Framework\ipcchannel.dll

MD5: 7a39a4eae57a6477912c7c0322111ec5 C:\Program Files\McAfee\Common Framework\ListenServer.dll

MD5: 38ae8929e8179eecac8d6359ace63427 C:\Program Files\McAfee\Common Framework\Logging.dll

MD5: b5c1d3e32d5079a6a8df7627bea3e89d C:\Program Files\McAfee\Common Framework\Management.dll

MD5: ce904d15afd1c9f3f51d8aa7a0de40b6 C:\Program Files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

MD5: c0dddafb06d87d2227cdd3bb7b2b09c9 C:\Program Files\McAfee\Common Framework\McTray.exe

MD5: b614a51cda6d109158824326ee02add0 C:\Program Files\McAfee\Common Framework\McTrayErrorLoggingPlugin.dll

MD5: 384b4582630fd75de4b92da6867a1e11 C:\Program Files\McAfee\Common Framework\McTrayInterfaceLib.dll

MD5: 8628981787799ab9d0584105369cc864 C:\Program Files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

MD5: 5fa3ffb9e51eb1c0bdd40b1764f90eaf C:\Program Files\McAfee\Common Framework\mfeCmnLib71.dll

MD5: 8dd18b6906d794c7a983ffba067dd485 C:\Program Files\McAfee\Common Framework\mfecurl.dll

MD5: b86346eead2f489ef709e18a2ae1a062 C:\Program Files\McAfee\Common Framework\mfelpc.dll

MD5: a09e63853da3ec95e889e78c7ce38c3a C:\Program Files\McAfee\Common Framework\mfezlib.dll

MD5: f2631483cf04c5d1fd591f30d7dfeb54 C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll

MD5: e13686449049a993f6c1e3bc7a3adbd0 C:\Program Files\McAfee\Common Framework\nailog3.dll

MD5: cc97dcd4a9f317c85b380ab570f57861 C:\Program Files\McAfee\Common Framework\nainet.dll

MD5: 3004ed630387c737441449ba99a5fc50 C:\Program Files\McAfee\Common Framework\naPolicyManager.dll

MD5: 39f313773ad1ed4c4e345a90e5666086 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

MD5: 05044f1006af6035dd70196a20174307 C:\Program Files\McAfee\Common Framework\naSPIPE.dll

MD5: 870c9d565a05047638742e2c9fe03e9a C:\Program Files\McAfee\Common Framework\naxml3_71.dll

MD5: f3d56719c3179bac6cae230eec1fcb7d C:\Program Files\McAfee\Common Framework\pcrplug.dll

MD5: 8166d9d0730cc9a9ec58e34636cbf4e4 C:\Program Files\McAfee\Common Framework\rsamanager.dll

MD5: 3278947969bb7ee79b4f7bb031c9cac9 C:\Program Files\McAfee\Common Framework\Scheduler.dll

MD5: bccd34b2bb9b766ae29abf6f3cd67331 C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll

MD5: 52955e4957ffe8fd7269bc507b347051 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

MD5: e1d3409b1cc64a3f278a807dedac8106 C:\Program Files\McAfee\Common Framework\updater.dll

MD5: 8f717ed171f0fb5626fe98365f531058 C:\Program Files\McAfee\Common Framework\UpdateSubSys.Dll

MD5: 5f31d877c3a3de768e4f8fc1c243df4b C:\Program Files\McAfee\Common Framework\UserSpace.Dll

MD5: e2b409d061c188bdc5e2500b5a3edbf7 C:\Program Files\McAfee\VirusScan Enterprise\condl.DLL

MD5: 5f5e84a1b0e9857a8b3cdb647ca65a01 C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll

MD5: ae07ee937f1fedaa8454508de147d4e0 C:\Program Files\McAfee\VirusScan Enterprise\Graphics.dll

MD5: 92c1ef61b800d3ea9e7b177d87d06692 C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll

MD5: 54baaf892ab8f092bd22caccb5d98495 C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

MD5: 75c7d0cd77df25a2a0c6152497c68379 C:\Program Files\McAfee\VirusScan Enterprise\MIDUtil.Dll

MD5: f434f3bcc051e13e5c0b6e660ce6e9ac C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll

MD5: ef738bbd10353232070fbef5af9d81f3 C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll

MD5: 032687dbace5b057cc3ebdf0243107c8 C:\Program Files\McAfee\VirusScan Enterprise\shext.dll

MD5: 45e1121e6ba2d9677b3a61c2e0466b5a C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

MD5: 67362f7f445366256ffd48422c624684 C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll

MD5: 18a9bce0ec4821c7df7cbcfb7ef7ac53 C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll

MD5: 694e094fa4b707ae4bef2effc3a23d43 C:\Program Files\McAfee\VirusScan Enterprise\VsPlugin.dll

MD5: 113c20eb4982c5670f49718441bee76d C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

MD5: 0225ea3e1eee30313d8ac49ff287aae5 C:\Program Files\McAfee\VirusScan Enterprise\wmain.DLL

MD5: da09a4e58ab41e42264516d352c23649 C:\Program Files\McAfee\VirusScan Enterprise\WscAv.dll

MD5: 5f9dea747bca5344c9c8555c107fd263 C:\Program Files\Messenger\msmsgs.exe

MD5: 0b4159026b99fa24baa9b1a62f8cbad0 C:\Program Files\Microsoft IntelliPoint\Components\Commands\dpghnt\dpghnt.dll

MD5: 844dbabfb55257433c4f116a4154c0c8 C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll

MD5: 29e8836d4ba4bee95db9d1ffe1608115 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll

MD5: 55c0c08f29c43cc9e883dfe4d98d80fc C:\Program Files\Microsoft IntelliPoint\ipoint.exe

MD5: 03a8471f917e71e986bda1e7b7aa6d70 C:\Program Files\Microsoft IntelliPoint\ipres.dll

MD5: 9a278db687a48c791d8d19790433562b C:\Program Files\Microsoft IntelliPoint\sqmapi.dll

MD5: 7ad9b21be75ae5aa81ef54636f227c66 C:\Program Files\Microsoft IntelliPoint\srres.dll

MD5: 834e4f1038fb0145d559c775e0eeea8b C:\Program Files\Microsoft Office Communicator\communicator.exe

MD5: b23646e356f67039ecf009c863b75322 C:\Program Files\Microsoft Office Communicator\MUI\0409\lclang.dll

MD5: 32693ede5120117d1c736dbd6e18c35a C:\Program Files\Microsoft Office Communicator\ocoffice.dll

MD5: 7fdacba82f0352f1888c47eda838d45b C:\Program Files\Microsoft Office\Live Meeting 8\Addins\en\lmintsat.dll

MD5: baa0c380ecdcf6a305e3fc3ae79aa40d C:\Program Files\Microsoft Office\Live Meeting 8\Addins\LMAddins.dll

MD5: 9d07c6123eba8865354d3b9db3539486 C:\Program Files\Microsoft Office\OFFICE11\1033\envelopr.dll

MD5: e94ee779864219c853041607f5957c2a C:\Program Files\Microsoft Office\OFFICE11\1033\OUTLLIBR.DLL

MD5: 302571f21078996117e88fc3fd22e13b C:\Program Files\Microsoft Office\OFFICE11\ENVELOPE.DLL

MD5: 4884ca24c3fddb099a4bf1d4ce04765d C:\Program Files\Microsoft Office\OFFICE11\MSOSTYLE.DLL

MD5: aac0b1fa9e993e84499afdb537cd6e9f C:\Program Files\Microsoft Office\OFFICE11\OUTLACCT.DLL

MD5: 851a0cc8d01d7124e87b6e19c1f136ca C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DLL

MD5: 40120a867340912ccddba413a66e85b3 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

MD5: 0e519de7f31667c8066ff3e19444158f C:\Program Files\Microsoft Office\OFFICE11\OUTLPH.DLL

MD5: 9b1c515982918abb7b3e65d790bbba20 C:\Program Files\Microsoft Office\OFFICE11\SENDTO.DLL

MD5: 19dd1387b85bb9d5ca49976a4e71e81f C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

MD5: 8e151a2a185daf9852322028abe55534 c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

MD5: 5325859baa0ad6783882e3297477e31e C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe

MD5: d826e5586b49b7ee8ce32c8e9e88fe2c C:\Program Files\Pointsec\Pointsec for PC\psui.dll

MD5: 6cd5c3276c83f72677d647f27ee14abd C:\Program Files\QuickTime\qttask.exe

MD5: f4224e0455d21c9c0e270e4638ffc06f C:\Program Files\SAP\FrontEnd\SapGui\wdkcalex.dll

MD5: e3d900f273383fc5eb07b6ec5191ede0 C:\Program Files\ScanSoft\PaperPort\BindRes.dll

MD5: e2bf206e5164569500742637b5459402 C:\Program Files\ScanSoft\PaperPort\blicectr.dll

MD5: b07ae1c4b79704a04d79177bbc03bfc4 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

MD5: 368d160726490a631ab9726d35c8adf0 C:\Program Files\ScanSoft\PaperPort\MaxRes.dll

MD5: da71cbbe7d2b8b1ab14481fbf7f886b8 C:\Program Files\ScanSoft\PaperPort\PPRecDiag.dll

MD5: 46c87b63ffabb6a6a07d45a74671dc5b C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

MD5: 3effc3ab372d759fa5ba9dbd2d719d9f C:\Program Files\ScanSoft\PaperPort\XMAXUTIL.dll

MD5: 686fa4acfdcb4e16b7f0230b88f6d17e C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe

MD5: 8b038c0aeddbba67ff65ad01a03c79de C:\Program Files\WINZIP\WZSHLSTB.DLL

MD5: c7cc90df1cb60e4785d120798f662094 C:\Program Files\Xerox External Access Network\Extranet_serv.exe

MD5: 40120a867340912ccddba413a66e85b3 C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

MD5: 7ae01a7a1b8693d3473f6596a42af797 C:\SxpInst\CCSCMP32.dll

MD5: d401f7971879a80344a86f215d993abd C:\SxpInst\CCSINI32.dll

MD5: 15992277d0992077185ae0bc42b2f49f C:\SxpInst\CCSLCK32.dll

MD5: 4d361414269526815cefd0f6f3f03e8e C:\SxpInst\CCSTOO32.dll

MD5: eabfc6332a44c6f9b60667c58fb3f596 C:\SxpInst\ccsTrc32.dll

MD5: e455e9768a55402e5fc2aecea53206a2 C:\SxpInst\SXP2MSI.dll

MD5: 0dbdf2a605a3a250e6debb2e12598cdd C:\SxpInst\SXPAAF32.dll

MD5: 704c6862f2439e644f942a7d00557c39 C:\SxpInst\SXPFILEC.dll

MD5: 089fffbfa2fd5cfc7e4713dc699f8a7d C:\SxpInst\sxplog32.exe

MD5: 867fc39a6635b009a767eb5f37f48256 C:\SxpInst\sxpstub.exe

MD5: d793151529200e908be0eb352bad25d7 C:\TNGSD\BIN\SDCAWIN.dll

MD5: ed68638b4f0a2f37cd6346023e55d528 C:\TNGSD\BIN\SDSERV.EXE

MD5: a2225902f9dcc977d0fa79cf905ab777 C:\TNGSD\BIN\SDStrCnv.dll

MD5: edfbaf0203109e36430a81224c027923 C:\TNGSD\SD\NLS\sxplog32.ENU

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: e7df2954fabefaac6f9619e95f4a5517 C:\WINDOWS\CAWINEXF.dll

MD5: 01e2eca759056f23c73a035fdabb2d6d C:\WINDOWS\Downloaded Program Files\dwusplay.exe

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: 6ffb2acd37a3e005c2c41c781935aa77 C:\WINDOWS\Lic98Rmt.exe

MD5: 04fd3e1cd37204dc834458fabeadedfd C:\WINDOWS\Lic98RmtD.exe

MD5: 41a74d6cac31f76c77555b6c44516db5 C:\WINDOWS\LogWatNT.exe

MD5: 9a2d686c89acc36e3aa7cde3d1c45c1a c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

MD5: 48fa23e7d82441eb16c243f5d8f6aab8 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: 34f44fe583d16815ad848855e7618e0d C:\WINDOWS\stsystra.exe

MD5: 79f3d2c98f5bc1b4b19c358e3536a593 C:\WINDOWS\system32\ADVPACK.DLL

MD5: aea90cdb93bf9cba05114763ba529aad C:\WINDOWS\system32\BiCMonNT.dll

MD5: 4e5cdcbeb4834b3f5820a39717d76651 C:\WINDOWS\system32\BIIMG.dll

MD5: 2f16966bb03eb47e90bf9f8b343dc4e1 C:\WINDOWS\system32\BiMMonNT.dll

MD5: 5a9e05991504bd55bf4ad31897d937f5 C:\WINDOWS\system32\CCM\ccm_caltrack.dll

MD5: 4fe8ac107037d48405df1b6eca7b88fb C:\WINDOWS\system32\CCM\CcmCTM.dll

MD5: 3603471788b0bca891845a91c14b50eb C:\WINDOWS\system32\CCM\CcmCTMNotification.DLL

MD5: 91cd4d7aae98150ce63dcc38ee6d0c60 C:\WINDOWS\system32\CCM\CcmDTS.dll

MD5: a454a9baa25b8c8e76735dd86bd4b017 C:\WINDOWS\system32\CCM\CcmExec.exe

MD5: a9e3d5b26877f2c74a4f21fda1647eaf C:\WINDOWS\system32\CCM\CCMGenCert.dll

MD5: 122e10430a84328ad48c53429fadc937 C:\WINDOWS\system32\CCM\ccmid.DLL

MD5: 2e0338e9faa15a82fc4444aef405311e C:\WINDOWS\system32\CCM\ccmident.dll

MD5: e697cd9824b583865e673a599b426e0b C:\WINDOWS\system32\CCM\ccmperf.dll

MD5: f1e15cd86ac3d1b8596f90c00965fa09 C:\WINDOWS\system32\CCM\CcmProxy.dll

MD5: 4e51cf7f1f1214a887bf0c3cd1859c91 C:\WINDOWS\system32\CCM\CcmTask.dll

MD5: 0d17c10f46798828f0d627a34839b554 C:\WINDOWS\system32\CCM\CCMUtilLib.dll

MD5: b6c9f13bbf0eee558f217869e0053165 C:\WINDOWS\system32\CCM\CIAgent.dll

MD5: fa962a229f7e129f853cfe0712790a64 C:\WINDOWS\system32\CCM\ContentAccess.dll

MD5: 1a8c189f1be65d44c7f816d9c521e08d C:\WINDOWS\system32\CCM\CPApplet.dll

MD5: c4a363c8ea5bbb615fc60dca786bc337 C:\WINDOWS\system32\CCM\dcmagent.dll

MD5: dad9e1739a0a3e86f6ad40e4a662adff C:\WINDOWS\system32\CCM\execmgr.dll

MD5: e13b08415cd2ed9f74295170d1a0fc78 C:\WINDOWS\system32\CCM\FSPUtilLib.dll

MD5: 44cf581237948f2742987c87e7c28e5b C:\WINDOWS\system32\CCM\LibRDC.dll

MD5: 43bca5aae641f52ac3e809df3cc40ce7 C:\WINDOWS\system32\CCM\LSInterface.dll

MD5: 4e6ac2b79788b0d0d7ee581cc39763f4 C:\WINDOWS\system32\CCM\LSUtilities.dll

MD5: de5cbff96e4a9e49281a61b67c3a8d99 C:\WINDOWS\system32\CCM\MtrMgr.dll

MD5: 1a226fa611154d18638b696ddef01e00 C:\WINDOWS\system32\CCM\pdpagent.dll

MD5: ae84ed6a560cbc4942d0a38c51fc8b8f C:\WINDOWS\system32\CCM\PolicyAgent.dll

MD5: 677d27d2669bab18f6809b505c80a865 C:\WINDOWS\system32\CCM\PolicyAgentEndpoint.dll

MD5: 471cfd948321711b5420817250d61cb6 C:\WINDOWS\system32\CCM\PolicyAgentProvider.dll

MD5: 08004f5322acd10bbf77a724be575b52 C:\WINDOWS\system32\CCM\Prep.dll

MD5: 2a4514a9233d35a355f569ff8b8f6240 C:\WINDOWS\system32\CCM\prepdrv.sys

MD5: c36571366ec15e7309d383d10a68eb5f C:\WINDOWS\system32\CCM\PwrAgentEndpoint.dll

MD5: b98ac3e7f894efe47e4e3d8661fa9f3d C:\WINDOWS\system32\CCM\PwrEventTask.dll

MD5: 8080f8dff9e332825e7e605843a2f390 C:\WINDOWS\system32\CCM\rebootcoord.dll

MD5: 734113b929e18c20f7978b103b2cf479 C:\WINDOWS\system32\CCM\RTConfiguration.dll

MD5: d4e1ca768b9741b3c6143112c3edf72f C:\WINDOWS\system32\CCM\ScanAgent.dll

MD5: 3954e070b94cbd04d5e775d5611f8066 C:\WINDOWS\system32\CCM\Sched.dll

MD5: 5d2c64963a28ae42671914b599f5c625 C:\WINDOWS\system32\CCM\SdmAgent.dll

MD5: 21f3490aa2b7429820712a91db2964e5 C:\WINDOWS\system32\CCM\smsclient.dll

MD5: ca8f0b71b0a8c36f96739ae947df5e41 C:\WINDOWS\system32\CCM\smscore.dll

MD5: ff4047c964f5e2019513aeee54782d70 C:\WINDOWS\system32\CCM\smssha.dll

MD5: 96c450ece93c0c84bfa83555ebea157f C:\WINDOWS\system32\CCM\SrcUpdateMgr.dll

MD5: 5c5962e66ae60d387533d32223925bc1 C:\WINDOWS\system32\CCM\SrvWinMgr.dll

MD5: f83803bef79046cb7220baeb2990b6c6 C:\WINDOWS\system32\CCM\StateMessage.dll

MD5: efefbeed50efb289fa877c9af275a813 C:\WINDOWS\system32\CCM\StatusAgent.dll

MD5: d4c5fcb080357c2d181d144bdf6f10f1 C:\WINDOWS\system32\CCM\StatusAgentProxy.dll

MD5: d2ec9b276a97a32825e2c81123cb0630 C:\WINDOWS\system32\CCM\TSManager.exe

MD5: f931798c3a94478bee548ec47ea0955a C:\WINDOWS\system32\CCM\UpdatesDeployment.dll

MD5: 9c32486b66d3b2c1dfb0d353708a8e2b C:\WINDOWS\system32\CCM\UpdatesHandler.dll

MD5: 98d2d549f4b4a97ab628109ab6f0f19c C:\WINDOWS\system32\CCM\UpdatesStore.dll

MD5: 9aa842f64141ba16947706b5c7cbc925 C:\WINDOWS\system32\CCM\VAppLaunchMgr.dll

MD5: 768782b9bb5abb8c930ff455190ed589 C:\WINDOWS\system32\CCM\WUAHandler.dll

MD5: 4b807127c4c627cf6f681688497054dc C:\WINDOWS\system32\ccmcore.dll

MD5: 952fdcf800bb46b5cf8dda72fffdabb2 C:\WINDOWS\system32\CNCF2Lb.DLL

MD5: df6be05b03f506a62b3eb786d0336ed1 C:\WINDOWS\system32\CNMLM7Q.DLL

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 2afbf898c6dfab2367dcb791acb5f2ef C:\WINDOWS\system32\corpol.dll

MD5: b373075cc1c45c1a8f3147088e85bb15 C:\WINDOWS\system32\cpwmon2k.dll

MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll

MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll

MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 7618d5218f2a614672ec61a80d854a37 C:\WINDOWS\System32\drivers\afd.sys

MD5: b8d65da679a4a8d048783ede2691b5d4 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

MD5: ec94e05b76d033b74394e7b2175103cf C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

MD5: f96038aa1ec4013a93d2420fc689d1e9 C:\WINDOWS\system32\DRIVERS\b57xp32.sys

MD5: e9ea635b8432d68f0005b3f6cebab837 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

MD5: 34aaa3b298a852b3663e6e0d94d12945 C:\WINDOWS\system32\DRIVERS\e1e5132.sys

MD5: 128622a56a7cf32042b8a914d787c97b C:\WINDOWS\system32\DRIVERS\eacfilt.sys

MD5: ab8a6a87d9d7255c3884d5b9541a6e80 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

MD5: 96aff1738271755a39b52eef7e35f98f C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

MD5: ddbd528e60f5961c142a490dc4ea7780 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

MD5: b1526810210980bed9d22315946c919d C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

MD5: 2358c53f30cb9dcd1d3843c4e2f299b2 C:\WINDOWS\system32\drivers\iaStor.sys

MD5: 200cca76cd0e0f7eec78fa56c29b4d67 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

MD5: c399687188fecfcfee4ed846c6a6e3ab C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys

MD5: 99dde24b5426f1b0cf0b2e21afae3eef C:\WINDOWS\system32\DRIVERS\LV561AV.SYS

MD5: f96cfb47903854f228baaf3e2d41a0a3 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

MD5: 5f987fc1aad215ec2c60cf07719b1cce C:\WINDOWS\system32\drivers\LVUSBSta.sys

MD5: b309912717c29fc67e1ba4730a82b6dd C:\WINDOWS\system32\drivers\mbamswissarmy.sys

MD5: c0d975d64c1af8057f2d75b1297a6979 C:\WINDOWS\system32\drivers\mfeapfk.sys

MD5: c169326049a8a03d5f905b34f5a65f8c C:\WINDOWS\system32\drivers\mfeavfk.sys

MD5: 50b0253b2484a306a20d8695c5ae5858 C:\WINDOWS\system32\drivers\mfebopk.sys

MD5: 188b40866db2ab8ef262febc65291687 C:\WINDOWS\system32\drivers\mfehidk.sys

MD5: c1b30af2e18e69bf8ceb39b33f32d3c1 C:\WINDOWS\system32\drivers\mferkdet.sys

MD5: 97ef4ca122ddda4781ff557e65dfb262 C:\WINDOWS\system32\drivers\mfetdi2k.sys

MD5: 0ea4d8ed179b75f8afa7998ba22285ca C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 0e1fd1ea2837d6b7a1d7b6c928014d05 C:\WINDOWS\System32\Drivers\oz776.sys

MD5: e552d6598670b1e7655cb73d562e0cd9 C:\WINDOWS\system32\DRIVERS\point32.sys

MD5: 5213b49d918c3956f44acd7fb36fda2c C:\WINDOWS\system32\DRIVERS\RCSpyMP.sys

MD5: 4b4ab78e866bbecf93f6eabc3270178a C:\WINDOWS\system32\DRIVERS\smsmdm.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: 31ba85e1cff39a57f702a2a0877bb8e1 C:\WINDOWS\system32\drivers\sthda.sys

MD5: c1ca131f4e3ed63d6bc89a35ffad4cda C:\WINDOWS\System32\Drivers\usbaapl.sys

MD5: fa5c79a191e7a01c0e345f4f3e33e332 C:\WINDOWS\system32\Dxtmsft.dll

MD5: 5ce67d0c54110becbc273bb179e35b87 C:\WINDOWS\system32\Dxtrans.dll

MD5: 19a799805b24990867b00c120d300c3a c:\windows\system32\es.dll

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: b015b9134dad7e29e7d2d6b5f5c8c2fc C:\WINDOWS\system32\GDI32.dll

MD5: 0ca8195ad933b1dc14656f1a8f0c9e21 C:\WINDOWS\system32\hccutils.DLL

MD5: 48ed49a40d09a6cf258e8bf398b9cf79 C:\WINDOWS\system32\hkcmd.exe

MD5: 321e79d32d06f20503e2ac95d08af52f C:\WINDOWS\system32\ieapfltr.dll

MD5: effd64260143b0118d456ec6971f08bd C:\WINDOWS\system32\ieframe.dll

MD5: bf14379b4293b452388a0976353aad6a C:\WINDOWS\system32\iepeers.dll

MD5: b8eb7f71695bd146bf4385aa5f57cbce C:\WINDOWS\system32\iertutil.dll

MD5: 28f5b835472a62b13ad54663c645191d C:\WINDOWS\system32\IEUI.dll

MD5: a0b342d6386a01250d35ba942b1c5a0b C:\WINDOWS\system32\igfxdev.dll

MD5: b922482fa05828762ea1fd8d24d3ad62 C:\WINDOWS\system32\igfxpers.exe

MD5: d9b8e5a44df9f109fe0fd0f8ea3136af C:\WINDOWS\system32\igfxres.dll

MD5: b85c339254b8c2b89183476df05ef964 C:\WINDOWS\system32\igfxsrvc.dll

MD5: 45209e0df290f993acdfba69911b27fb C:\WINDOWS\system32\igfxsrvc.exe

MD5: 16219958fa5a3948c983d821c669f7a6 C:\WINDOWS\system32\igfxtray.exe

MD5: f7b098a08efcf4ab4247264c0ac225d2 C:\WINDOWS\system32\JScript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 7d465b4715ef166a18d1474b6df81bc0 C:\WINDOWS\system32\lmdimon8.dll

MD5: dacfebeb0a1053bcacac54a45063344f C:\WINDOWS\system32\lmxp32.dll

MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 67c04ffc699b37e1b15d702d723348bb C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.DLL

MD5: 49c8e20d178be981ff28523a942a570f C:\WINDOWS\system32\mfevtps.exe

MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll

MD5: 9333dbaedd617899c3562e937949d068 c:\windows\system32\mscms.dll

MD5: 671588889ca19ba4dcd7be6e937195c5 C:\WINDOWS\system32\msfeeds.dll

MD5: c9158d1a97bc96ca728f721237dee9aa C:\WINDOWS\system32\mshtml.dll

MD5: 8c5257a25949445badb8a5c8dfa2193b C:\WINDOWS\system32\mshtmled.dll

MD5: 8c22083ed515dc94d575438662f0be6a C:\WINDOWS\system32\msi.dll

MD5: 85ac5f11d4759d13674b3e92eac3f140 C:\WINDOWS\system32\msident.dll

MD5: 7ed041c7f82a381417aa3f43ab55f95a C:\WINDOWS\system32\msidntld.dll

MD5: 7a660edc0757849df5f8706fb6e9f740 C:\WINDOWS\system32\MSVCRT40.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: 7ae1b12c29b35f391bfcefce8776f9d2 C:\WINDOWS\system32\msxml6.dll

MD5: 72cd04a8789befab99f06658a41d10c9 C:\WINDOWS\system32\MTXCLU.DLL

MD5: 6db7788fa7e2566267516fa635c3797e C:\WINDOWS\system32\NETAPI32.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll

MD5: 03c76895f47a1339a697269000675266 C:\WINDOWS\system32\newdev.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll

MD5: 5454607f90878d7cd0bcdb6e0d3f235f C:\WINDOWS\system32\pdh.dll

MD5: 3712adec940703762f1cceb5fe360d82 C:\WINDOWS\system32\pngfilt.dll

MD5: a5c406dbf27162196cd5e18eb0c6e521 C:\WINDOWS\system32\Prot_srv.exe

MD5: a300004934396356164b9cb0448ac0d8 C:\WINDOWS\system32\pssogina.dll

MD5: 991836babee8a9de65f59b35bc803460 C:\WINDOWS\system32\pstartSr.exe

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 7459c16cc3ef4651cab7c9260e43fc58 C:\WINDOWS\system32\Secur32.dll

MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\System32\security.dll

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 77b5ad8da287b4f5b90b8f2a828fe68c C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BiCUifNT.dll

MD5: 49bd52a1a3891b895d38850f7e5a379b C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BiMUifNT.dll

MD5: 5e07e1245b13299b96bba6b671038f19 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XDDM3208.DLL

MD5: ed1663a7f4fb39e7463bd53cad10b895 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XDDMUI08.DLL

MD5: 14deeb6c5892c0b4140fb798fee28889 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XGDI3208.dll

MD5: fa47f1b9913e44bc7ec44d1076fe6e58 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XIMF3208.dll

MD5: c78508aa076a14a4bb47457c649dc360 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XIMFN508.DLL

MD5: e8deccab435313c992dde06935e7b69f C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XLTSRV08.dll

MD5: 5a5fa097664ba4819d5be897e8aa4e4e C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XNT5UI08.DLL

MD5: bfa9dc8abcd4e5ab344ed8d9f8170a9f C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XSPOOL08.dll

MD5: 74cb82951e275a73afe3c56c2ac64ab2 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XSR32_08.dll

MD5: faa25125e01f9bf835ab550c3c2d6c94 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\XTAG3208.dll

MD5: caf55b5eabbea18585f526cbb9e86798 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BiCProNT.dll

MD5: aa6c9db9faa73f15ca63b498ed1825aa C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BiMProNT.dll

MD5: fec3ace4d5e9b8b13c401941ee50f476 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD7Q.DLL

MD5: a8aff61c1533745ef2932e57fedd2ff7 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmdippr8.dll

MD5: 07eb76e8b839190247a3a6481b8b204b C:\WINDOWS\System32\spool\PRTPROCS\W32X86\XIMFPR08.DLL

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: e701266af99ce316fbd5993da0201ba4 C:\WINDOWS\system32\stacapi.dll

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: fd127070aec77d461098dee9a6e98900 C:\WINDOWS\system32\STLang.dll

MD5: 8357809e111e09393633039769d96281 C:\WINDOWS\system32\tcpmib.dll

MD5: 6a3c6e768ff117d30fa148e9ad81db0f C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: 142e08e570d8fcd87e845f1463c1aece C:\WINDOWS\system32\VBScript.dll

MD5: 5cc39a49069eea854d3d0546dc634599 C:\WINDOWS\system32\VXDIF.DLL

MD5: 60027bea3e76d7dd8d96c02432bfde82 C:\WINDOWS\system32\wbem\FastProx.dll

MD5: 4306fa2f1099d7c606139255fdb62b19 C:\WINDOWS\system32\wbem\framedyn.dll

MD5: 63d151a73679bb5bd7cf98bda1ae5f5b C:\WINDOWS\system32\wbem\stdprov.dll

MD5: f03a08e8826afa7dd3c0383359d677ac C:\WINDOWS\system32\wbem\wmidcprv.dll

MD5: 960f6d3cd9a1ba6435d7aadd102b297f C:\WINDOWS\system32\wbem\wmiprov.dll

MD5: 0ffae66e6d5b1c87cbd22d1f3b6079fd C:\WINDOWS\system32\wbem\wmiprvse.exe

MD5: 990248d5fc079af7bbe21199e60ef4da C:\WINDOWS\system32\webcheck.dll

MD5: d29f2889baa10e19ad9ff70c8d5ecf50 C:\WINDOWS\system32\WINHTTP.dll

MD5: 2f7a5408260cd0d3d2e916f811e166f5 C:\WINDOWS\system32\WININET.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll

MD5: fa47f1b9913e44bc7ec44d1076fe6e58 C:\WINDOWS\system32\XIMF3208.dll

MD5: 364228a693534140dd56acb22a138407 C:\WINDOWS\system32\XLMON_08.DLL

MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll

MD5: 5b718357eb1da40745b7c7e789af525f C:\WINDOWS\system32\XMobPM.dll

MD5: 645259875c31090345e41e57934bd442 C:\WINDOWS\system32\xprslib.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: bfa9dc8abcd4e5ab344ed8d9f8170a9f C:\WINDOWS\system32\XSPOOL08.dll

MD5: faa25125e01f9bf835ab550c3c2d6c94 C:\WINDOWS\system32\XTAG3208.dll

MD5: d20da789c445936988c8b83f53522374 C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll

MD5: 03526b2fa2a800415e1ae3eac0dd166b C:\WINDOWS\UMCSTUB.EXE

MD5: 8d25a3bf9d0005d264f105414ae2cde6 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCP80.dll

MD5: 0ef2917efd6d96e4c9cf121738cf5409 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:

C:\Program Files\Eupr\xrxacm_pares410.dll

Upload started - 1 file(s)

xrxacm_pares410.dll (4608)

Upload speed - 10 KB/s

Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 3 sec

Total traffic - 0.03 MB sent, 1.46 KB recvd

Scanned 885 files and modules - 28 seconds

==============================================================================

Share this post


Link to post
Share on other sites

Looking good! ;)

Before we move on, please take the time to install the following updates, as using outdated applications leaves you vulnerable to getting infected again.

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-------

You are using Internet Explorer version 7. The latest version is 8. Using an outdated version of a web browser leaves you extremley vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

-------

Please let me know how the updates went, as failed updates may indicate additional malware :).

Share this post


Link to post
Share on other sites

Thanks - I've updated Java, but I can't (not allowed to) update IE. Is there anything else I should do? If not, thank you so much for all your support!!!! :D

Share this post


Link to post
Share on other sites

Glad to hear the updates went well! :)

but I can't (not allowed to) update IE.

No worries, I understand ;).

I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;) :

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.