Sign in to follow this  
justjoy

Help Please

Recommended Posts

I also have popups but really concerned about not having MS task manager.

Thank you in advance for all your help.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:03:29 PM, on 12/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Safe mode with network support

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

Share this post


Link to post
Share on other sites

Hello.justjoy & Welcome

 

Please boot out of Safe Mode and into live windows. Then run a scan with Hijack-This post it's log-file here.

 

Gogo ;)

Share this post


Link to post
Share on other sites

Thank you for the help....sorry new at this....here is the new log. and thanks for the welcome....but is you guys that really need all the thanks and welcomes....you are awesome

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:56:33 PM, on 12/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\csrss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\windows\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\windows\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\windows\system32\svchost.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\windows\Explorer.EXE

C:\Program Files\McAfee\MPS\mpsevh.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\windows\System32\alg.exe

C:\Program Files\AOL 9.0b\waol.exe

C:\Program Files\AOL 9.0b\shellmon.exe

C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7026 bytes

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Download ComboFix from Here or Here to your Desktop.

 

Don't run just Yet!

 

=============================

 

NOTE: This next step I'm going to have you do. Is to be done only after you download the tool, above not before.

 

MCAFEE ANTIVIRUS

Please navigate to the system tray on the bottom right hand corner and look for a sign.

 

* right-click it -> chose "Exit."

* a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

 

You succesfully disabled the McAfee Guard.

 

NOTE: Again this is to be done only after downloading the tool, above not before.

 

==============================

 

Now run

 

[*]Double click combofix.exe and follow the prompts.

[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

 

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

 

==============================

 

Come back here with the ComboFix.txt and new Hijack-This log. Please make sure to turn on the Anti-Virus scanner I may ask you to disable it again at some point.

 

Gogo ;)

Share this post


Link to post
Share on other sites

ComboFix 07-12-19.2 - user 2007-12-18 19:35:01.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.668 [GMT -5:00]

Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))

.

 

2007-12-18 16:26 . 2007-12-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Application

2007-12-18 16:25 . 2007-12-18 16:29 <DIR> d-------- C:\Program Files\SPYWAREfighter

2007-12-18 16:23 . 2007-12-18 16:23 <DIR> d-------- C:\Program Files\SpyDestroy Pro

2007-12-18 14:04 . 2007-12-18 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint

2007-12-18 14:04 . 2007-12-18 19:32 50,014 --a------ C:\VETlog.dmp

2007-12-18 14:03 . 2007-12-18 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL

2007-12-18 13:51 . 2007-12-18 13:51 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-18 12:53 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-12-18 12:23 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\XoftSpySE

2007-12-18 10:33 . 2007-12-18 10:50 <DIR> d-------- C:\Program Files\PCPitstop

2007-12-18 10:33 . 2007-12-18 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop

2007-12-17 17:08 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2007-12-17 17:08 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2007-12-17 17:08 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll

2007-12-17 15:43 . 2007-12-17 16:07 <DIR> d-------- C:\Program Files\RegCure

2007-12-17 15:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-12-17 15:09 . 2007-12-17 15:11 <DIR> d-------- C:\Program Files\BitDownload

2007-12-17 14:29 . 2007-12-18 19:14 <DIR> d-------- C:\Program Files\PlayMP3z

2007-12-17 14:29 . 2007-12-18 15:38 <DIR> d-------- C:\Program Files\IntelligentAdvisor

2007-12-17 13:49 . 2007-12-17 14:23 <DIR> d-------- C:\Program Files\Registry Easy

2007-12-17 13:24 . 2007-12-17 13:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue

2007-12-12 23:39 . 2007-12-12 23:39 <DIR> d-------- C:\Program Files\Lucky Clover

2007-12-12 22:32 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\The Magicians Handbook - Cursed Valley

2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\Legends of pirates

2007-12-10 23:52 . 2007-12-10 23:53 <DIR> d-------- C:\Program Files\Holly - A Christmas Tale

2007-12-09 01:48 . 2007-12-18 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\does dog two city

2007-12-09 01:44 . 2007-12-09 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC

2007-12-09 01:43 . 2007-12-17 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

2007-12-09 00:16 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu

2007-12-08 00:08 . 2007-12-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville

2007-12-07 19:45 . 2007-12-07 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MythPeople

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpEF563.FOT

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpC5663.FOT

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp34563.FOT

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp0B563.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmpAE8B4.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp689B4.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp5D9B4.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp23AB4.FOT

2007-12-07 10:14 . 2007-12-18 14:51 17,148 --a------ C:\WINDOWS\system32\Config.MPF

2007-12-07 02:15 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll

2007-12-07 02:14 . 2007-12-18 09:42 <DIR> d-------- C:\mcafee_mcpr

2007-12-07 02:14 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2007-12-07 02:14 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2007-12-07 02:14 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2007-12-07 02:14 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2007-12-07 02:14 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2007-12-07 02:14 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2007-12-07 02:13 . 2007-12-07 02:13 <DIR> d-------- C:\Program Files\McAfee.com

2007-12-07 02:13 . 2007-12-07 02:15 <DIR> d-------- C:\Program Files\Common Files\McAfee

2007-12-07 02:12 . 2007-12-18 10:29 <DIR> d-------- C:\Program Files\McAfee

2007-12-07 01:23 . 2007-12-07 01:23 <DIR> d-------- C:\Documents and Settings\user\Application Data\SpywareBot

2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-07 00:41 . 2007-12-07 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP

2007-12-07 00:07 . 2007-12-07 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmpB7839.FOT

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp80939.FOT

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp56939.FOT

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp3C939.FOT

2007-12-06 23:28 . 2007-12-06 23:28 <DIR> d-------- C:\Program Files\Smilebox

2007-12-06 23:03 . 2007-12-06 23:03 103,824 --a------ C:\Program Files\InstallDownloader.exe

2007-12-06 22:38 . 2007-12-06 23:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Smilebox

2007-11-19 02:00 . 2007-11-19 02:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-18 17:29 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire

2007-12-18 16:56 --------- d-----w C:\Program Files\Common Files\SystemRequirementsLab

2007-12-18 15:50 --------- d-----w C:\Program Files\Common Files\Scanner

2007-12-17 19:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-09 07:21 --------- d-----w C:\Program Files\RealArcade

2007-12-07 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2007-12-07 07:08 --------- d-----w C:\Program Files\Common Files\AOL

2007-12-07 06:31 --------- d-----w C:\Program Files\Java

2007-12-07 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2007-12-06 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2007-12-03 01:42 --------- d-----w C:\Documents and Settings\user\Application Data\Image Zone Express

2007-11-29 21:50 38,567 ----a-w C:\windows\system32\pcpbios.exe

2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys

2007-11-12 02:05 --------- d-----w C:\Program Files\Luxor 3

2007-10-29 22:43 1,287,680 ----a-w C:\windows\system32\quartz.dll

2007-10-27 22:40 222,720 ----a-w C:\windows\system32\wmasf.dll

2007-10-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo

2006-02-19 07:28 12,288 ----a-w C:\windows\Fonts\RandFont.dll

2005-07-07 23:14 774,144 ----a-w C:\Program Files\RngInterstitial.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]

2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 07:00]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05]

"AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [2007-04-18 01:49]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 19:53]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 23:05]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-06 23:46 57344 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]

C:\Program Files\AOL 9.0b\AOL.EXE -b

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\MSMSGS.EXE /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

 

R3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\windows\system32\DRIVERS\WniHdd51.sys [2005-04-18 16:47]

R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]

R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]

S3 FXDRV;FXDRV;D:\Fxdrv.sys []

S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 07:00]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

*Newly Created Service* - SPYFIGHTER

*Newly Created Service* - SPYWAREFIGHTERRP

.

Contents of the 'Scheduled Tasks' folder

"2007-12-15 06:22:10 C:\windows\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2007-12-07 07:14:01 C:\windows\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

"2007-12-18 22:00:15 C:\windows\Tasks\RegCure Program Check.job"

- C:\Program Files\RegCure\RegCure.exe

"2007-12-17 20:43:42 C:\windows\Tasks\RegCure.job"

- C:\Program Files\RegCure\RegCure.exe

"2007-12-18 22:00:11 C:\windows\Tasks\SpywareBot Scheduled Scan.job"

- C:\Program Files\SpywareBot\SpywareBot.ex

- C:\Program Files\SpywareBot

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-18 19:37:50

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-18 19:39:20

.

2007-12-16 08:03:35 --- E O F ---

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:22:30 PM, on 12/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\windows\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\windows\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\windows\system32\svchost.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe

C:\Program Files\SPYWAREfighter\spfprc.exe

C:\Program Files\AOL 9.0b\waol.exe

C:\Program Files\AOL 9.0b\shellmon.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\windows\explorer.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

 

--

End of file - 6877 bytes

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

Sorry it took so long. I let it run over night.

 

 

 

Scanning Report

Tuesday, December 18, 2007 21:37:09 - 08:29:06

Computer name: GLENDA

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\ E:\

 

 

--------------------------------------------------------------------------------

 

Result: 19 malware found

Possible Browser Hijack attempt (spyware)

System (Disinfected)

Tracking Cookie (spyware)

System (Disinfected)

System

System

System

System

System

System

System

System

System

System

System

System

System

Type_Win32 (virus)

C:\MY GAMES\WHEEL OF FORTUNE 2\WHEEL OF FORTUNE.EXE (Submitted)

C:\MY GAMES\SPARKLE\SPARKLE.EXE (Submitted)

W32/Jesta.A (virus)

E:\WINDOWS\JESTERTB.DLL (Submitted)

W32/Malware (virus)

E:\WINDOWS\SYSTEM32\SISTRAY.EXE (Submitted)

 

--------------------------------------------------------------------------------

 

Statistics

Scanned:

Files: 69887

System: 4226

Not scanned: 8

Actions:

Disinfected: 2

Renamed: 0

Deleted: 0

None: 17

Submitted: 4

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\TEMP\MCAFEE_U8RPUB8QSZQV2YW

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{6C2F336D-1E6A-439C-93A7-F313192C6DD7}.BIN

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JOGY08LS\MWHO[2].HTM

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AOL 9.0B\ORGANIZE\JUSTJOY36

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AOL 9.0B\ORGANIZE\CACHE\JUSTJOY01

E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7EF0AC1311A0E5E84AC5D324D96B7409_3F2C12F5-E4E2-40BF-9171-77E28489A003

 

--------------------------------------------------------------------------------

 

Options

Scanning engines:

F-Secure Libra: 2.4.2, 2007-12-18

F-Secure AVP: 7.0.171, 2007-12-18

F-Secure Orion: 1.2.37, 2007-12-19

F-Secure Blacklight: 1.0.64

F-Secure Draco: 1.0.35, 0597-150-72

F-Secure Pegasus: 1.19.0, 2007-11-10

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

Use Advanced heuristics

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Now may I have some feedback how is the PC doing better? or do you feel there is something more. I ask because I'm not seeing anything in this log-file. What other problems are you having if there is any.

 

Gogo ;)

Share this post


Link to post
Share on other sites

Hey.justjoy

 

I'm sorry I needed to have this file here looked at. Please show me, the results of the scan.

 

Please submit the following files for analysis.

 

Jotti File Submission:

 

[*]Please go to Jotti's malware scan

[*]Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

 

[*]C:\WINDOWS\system32\tmpEF563.FOT

 

[*]Click on the submit button

[*]Please post the results in your next reply.

 

Please note that if you are submitting more than one file they will have to be entered one at a time.

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

I have the ctrl - alt - del back and also microsoft office is working again....lol....I did not even tell you about that one. The pop-ups seem to be gone....I went to the online malware scan....The first time I tried it said the site was busy try again in 20 sec.....I tried again and it has been sitting like this for about 10 mins. Is this normal? or should I try again later? Thank you so very much for all your help and time...

Joy

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Glad to hear things are starting to seem better for you. And yes sometimes the scan takes more time, but if you like try again later I will check back on you.

 

Gogo ;)

Share this post


Link to post
Share on other sites

That file cheched out ok....I still have the setthetrend pop-up....All my keys and programs appear to be working again....but on boot up after post but before windows log-in a box comes up with this "ê…˜Ãâ…°ÃĹĈ爸Þ"in it.

it will not let me x out of it i have to click ok and then it loads the window log in screen.

Thanks

Edited by justjoy

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Please download ATF Cleaner. Double-click on ATF-Cleaner.exe to start the program.

 

* Under the Main tab, put a check next to Select All.

Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)

* If you use the Firefox browser:

Click on Firefox at the top and put a check next to Select All.

If you would like to keep your saved passwords, click No at the prompt.

Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)

* If you use the Opera browser:

Click on Opera at the top and put a check next to Select All.

If you would like to keep your saved passwords, click No at the prompt.

Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)

 

=========================

 

Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings. http://www.ccleaner.com/

During install of Ccleaner you will be offered the Yahoo Toolbar. UNcheck if not wanted.

 

=========================

 

Then run me, a scan with ComboFix once more let's see what if anything shows up.

 

Gogo :)

Share this post


Link to post
Share on other sites

also at boot after post invalid boot.inf

booting from C:/windows. then the box with the stuff in it

 

 

 

 

ComboFix 07-12-19.2 - user 2007-12-20 21:54:33.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.692 [GMT -5:00]

Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))

.

 

2007-12-20 21:16 . 2007-12-20 21:16 <DIR> d-------- C:\Program Files\CCleaner

2007-12-20 14:06 . 2007-12-20 14:08 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-12-18 16:26 . 2007-12-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Application

2007-12-18 16:25 . 2007-12-18 16:29 <DIR> d-------- C:\Program Files\SPYWAREfighter

2007-12-18 16:23 . 2007-12-18 16:23 <DIR> d-------- C:\Program Files\SpyDestroy Pro

2007-12-18 14:04 . 2007-12-18 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint

2007-12-18 14:04 . 2007-12-20 21:54 50,014 --a------ C:\VETlog.dmp

2007-12-18 14:03 . 2007-12-18 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL

2007-12-18 13:51 . 2007-12-18 13:51 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-18 12:53 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-12-18 12:23 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\XoftSpySE

2007-12-18 10:33 . 2007-12-18 10:50 <DIR> d-------- C:\Program Files\PCPitstop

2007-12-18 10:33 . 2007-12-18 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop

2007-12-17 17:08 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2007-12-17 17:08 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2007-12-17 17:08 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll

2007-12-17 15:43 . 2007-12-17 16:07 <DIR> d-------- C:\Program Files\RegCure

2007-12-17 15:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-12-17 15:09 . 2007-12-17 15:11 <DIR> d-------- C:\Program Files\BitDownload

2007-12-17 14:29 . 2007-12-18 19:14 <DIR> d-------- C:\Program Files\PlayMP3z

2007-12-17 14:29 . 2007-12-20 21:49 <DIR> d-------- C:\Program Files\IntelligentAdvisor

2007-12-17 13:49 . 2007-12-17 14:23 <DIR> d-------- C:\Program Files\Registry Easy

2007-12-17 13:24 . 2007-12-17 13:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue

2007-12-12 23:39 . 2007-12-12 23:39 <DIR> d-------- C:\Program Files\Lucky Clover

2007-12-12 22:32 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\The Magicians Handbook - Cursed Valley

2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\Legends of pirates

2007-12-10 23:52 . 2007-12-10 23:53 <DIR> d-------- C:\Program Files\Holly - A Christmas Tale

2007-12-09 01:48 . 2007-12-18 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\does dog two city

2007-12-09 01:44 . 2007-12-09 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC

2007-12-09 01:43 . 2007-12-17 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

2007-12-09 00:16 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu

2007-12-08 00:08 . 2007-12-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville

2007-12-07 19:45 . 2007-12-07 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MythPeople

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpEF563.FOT

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpC5663.FOT

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp34563.FOT

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp0B563.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmpAE8B4.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp689B4.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp5D9B4.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp23AB4.FOT

2007-12-07 10:14 . 2007-12-20 21:49 17,604 --a------ C:\WINDOWS\system32\Config.MPF

2007-12-07 02:15 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll

2007-12-07 02:14 . 2007-12-18 09:42 <DIR> d-------- C:\mcafee_mcpr

2007-12-07 02:14 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2007-12-07 02:14 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2007-12-07 02:14 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2007-12-07 02:14 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2007-12-07 02:14 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2007-12-07 02:14 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2007-12-07 02:13 . 2007-12-07 02:13 <DIR> d-------- C:\Program Files\McAfee.com

2007-12-07 02:13 . 2007-12-07 02:15 <DIR> d-------- C:\Program Files\Common Files\McAfee

2007-12-07 02:12 . 2007-12-18 10:29 <DIR> d-------- C:\Program Files\McAfee

2007-12-07 01:23 . 2007-12-07 01:23 <DIR> d-------- C:\Documents and Settings\user\Application Data\SpywareBot

2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-07 00:41 . 2007-12-07 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP

2007-12-07 00:07 . 2007-12-07 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmpB7839.FOT

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp80939.FOT

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp56939.FOT

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp3C939.FOT

2007-12-06 23:28 . 2007-12-06 23:28 <DIR> d-------- C:\Program Files\Smilebox

2007-12-06 23:03 . 2007-12-06 23:03 103,824 --a------ C:\Program Files\InstallDownloader.exe

2007-12-06 22:38 . 2007-12-06 23:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Smilebox

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-20 16:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-18 17:29 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire

2007-12-18 16:56 --------- d-----w C:\Program Files\Common Files\SystemRequirementsLab

2007-12-18 15:50 --------- d-----w C:\Program Files\Common Files\Scanner

2007-12-09 07:21 --------- d-----w C:\Program Files\RealArcade

2007-12-07 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2007-12-07 07:08 --------- d-----w C:\Program Files\Common Files\AOL

2007-12-07 06:31 --------- d-----w C:\Program Files\Java

2007-12-07 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2007-12-06 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2007-12-03 01:42 --------- d-----w C:\Documents and Settings\user\Application Data\Image Zone Express

2007-11-29 21:50 38,567 ----a-w C:\windows\system32\pcpbios.exe

2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys

2007-11-12 02:05 --------- d-----w C:\Program Files\Luxor 3

2007-10-29 22:43 1,287,680 ----a-w C:\windows\system32\quartz.dll

2007-10-27 22:40 222,720 ----a-w C:\windows\system32\wmasf.dll

2007-10-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo

2006-02-19 07:28 12,288 ----a-w C:\windows\Fonts\RandFont.dll

2005-07-07 23:14 774,144 ----a-w C:\Program Files\RngInterstitial.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]

2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 07:00]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05]

"AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [2007-04-18 01:49]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 19:53]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 23:05]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]

"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]

C:\Program Files\AOL 9.0b\AOL.EXE -b

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\MSMSGS.EXE /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

 

R3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\windows\system32\DRIVERS\WniHdd51.sys [2005-04-18 16:47]

R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]

R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]

S3 FXDRV;FXDRV;D:\Fxdrv.sys []

S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 07:00]

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-15 06:22:10 C:\windows\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2007-12-07 07:14:01 C:\windows\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

"2007-12-21 02:48:32 C:\windows\Tasks\RegCure Program Check.job"

- C:\Program Files\RegCure\RegCure.exe

"2007-12-20 16:28:32 C:\windows\Tasks\RegCure.job"

- C:\Program Files\RegCure\RegCure.exe

"2007-12-20 08:00:17 C:\windows\Tasks\SpywareBot Scheduled Scan.job"

- C:\Program Files\SpywareBot\SpywareBot.ex

- C:\Program Files\SpywareBot

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-20 21:57:10

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-20 21:58:13

C:\ComboFix2.txt ... 2007-12-18 19:39

.

2007-12-16 08:03:35 --- E O F ---

Edited by justjoy

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Let's try something here.

 

Please Download NoLop to your desktop from one of the links below...

Link 1

Link 2

Link 3

 

* First close any other programs you have running as this will require a reboot

* Double click NoLop.exe to run it

    * Now click the button labelled "Search and Destroy"

    <<your computer will now be scanned for infected files>>

    * When scanning is finished you will be prompted to reboot only if infected, Click OK

    * Now click the "REBOOT" Button.

    * A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

     

    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

     

     

    Gogo :)

Share this post


Link to post
Share on other sites

First one came up no infected flies have been found and here is new hijack log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:51:45 PM, on 12/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\windows\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\windows\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\windows\system32\svchost.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\SPYWAREfighter\spftray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SPYWAREfighter\spfprc.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe

C:\windows\explorer.exe

C:\Program Files\AOL 9.0b\waol.exe

C:\Program Files\AOL 9.0b\shellmon.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

 

--

End of file - 7459 bytes

Share this post


Link to post
Share on other sites

Hi.justjoy

 

So you still getting the pop-ups? and the error at startup. Did you do a reboot see if it's still here.

 

Gogo :)

Share this post


Link to post
Share on other sites

Hey.justjoy

 

I need an Uninstall_List from HijackThis

 

* Start HijackThis and click on Open Misc Tools section

* Look for and click on Open Uninstall Manager...

* Look to the right and click on Save As..

* Save it to your desktop and then upload it to me.

 

=================================

 

Download reglooks.exe

Place it on your desktop.

Double-click reglooks.exe.Do nothing and wait for an opening logfile. Again upload log-file to me.

 

=================================

 

Right click on My Computer and select Properties - Advanced tab.

Under Startup and recovery click Settings, then Edit.

 

Copy and paste the contents of the boot.ini here so I may have a look at it.

 

 

Gogo :wub:

Share this post


Link to post
Share on other sites

Hello,

 

REGLOOKS logfile

 

version 0.977

Fri 12/21/2007 12:37:27.92

running from: "C:\Documents and Settings\user\Desktop"

 

--- SSODL regkeys ---

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

only standard or legit regkeys found

 

 

--- STS regkeys ---

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

only standard or legit regkeys found

 

 

--- USERINIT regkey ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

"Userinit"="C:\\windows\\system32\\userinit.exe,"

 

 

--- SHELL regkey ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

"Shell"="Explorer.exe"

 

 

--- SYSTEM regkey ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

"System"=""

 

 

--- APPINIT_DLLS regkey ---

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

"AppInit_DLLs"=""

 

 

--- NOTIFY regkeys ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

"AtiExtEvent" "DLLName"="Ati2evxx.dll"

 

 

--- BOOTEXECUTE regkey ---

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

BootExecute= autocheck autochk *lsdelete\

 

 

--- SHELLEXECUTEHOOKS regkey ---

 

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

 

--- HKLM\Run regkeys ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""

"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

"spywarefighterguard"="C:\\Program Files\\SPYWAREfighter\\spftray.exe"

"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

"hpqSRMon"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]

"Installed"="1"

[Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

[Run\OptionalComponents\MSFS]

"Installed"="1"

 

 

--- HKLM\RunOnce regkeys ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

no HKLM RunOnce keys found

 

 

--- HKLM\RunOnceEx regkeys ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

no HKLM RunOnceEx keys found

 

 

--- HKLM\RunServices regkeys ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

no HKLM RunServices keys found

 

 

--- HKLM\RunServicesOnce regkeys ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

regkey does not exist

 

 

--- HKCU\Run regkeys ---

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"ctfmon.exe"="C:\\windows\\system32\\ctfmon.exe"

"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

"AOL Fast Start"="\"C:\\Program Files\\AOL 9.0b\\AOL.EXE\" -b"

 

 

--- HKCU\RunOnce regkeys ---

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

no HKCU RunOnce keys found

 

 

--- HKCU\RunOnceEx regkeys ---

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

regkey does not exist

 

 

--- HKCU\RunServices regkeys ---

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

no HKCU RunServices keys found

 

 

--- HKCU\RunServicesOnce regkeys ---

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

no HKCU RunServicesOnce keys found

 

 

--- HKU\.DEFAULT\Run regkeys - Default user ---

 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

no HKU\.DEFAULT\Run keys found

 

 

--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

no HKU\S-1-5-18\Run keys found

 

 

--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

regkey does not exist

 

 

--- HKU\S-1-5-20\Run regkeys - User Netwerkservice ---

 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

regkey does not exist

 

 

--- HKLM\Explorer\Run regkeys ---

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

no HKLM Explorer\Run keys found

 

 

--- HKCU\Explorer\Run regkeys ---

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

no HKCU Explorer\Run keys found

 

 

--- Image File Execution regkeys ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

no debuggers found

 

 

--- BROWSER HELPER OBJECTS regkeys ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)

"{6548BF73-58FF-71D5-F97D-17C71E323709}" FILE ="C:\\Program Files\\IntelligentAdvisor\\IntelligentAdvisor-2.dll"

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\ssv.dll"

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" FILE ="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\scriptcl.dll"

 

 

--- TOOLBAR regkeys ---

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

no toolbars found

 

 

--- URLSEARCHHOOKS regkeys ---

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

only standard regkeys found

 

 

--- CONTEXTMENUHANDLERS regkeys ---

 

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

"MCVSRIGHTCLICKSCANNER" CLSID ={162EFDC5-2957-465D-887B-590AF4A7E84D} FILE ="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsax.dll"

"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll

"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll

"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll

"SPYWAREfighter" CLSID ={44CB577A-837C-4C36-9C8D-80A1639B9333} FILE ="C:\\Program Files\\SPYWAREfighter\\spfext.dll"

"WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="C:\\Program Files\\WinZip\\wzshlstb.dll"

"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

 

HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers

"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll

"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll

"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"

"WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="C:\\Program Files\\WinZip\\wzshlstb.dll"

 

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers

"MCVSRIGHTCLICKSCANNER" CLSID ={162EFDC5-2957-465D-887B-590AF4A7E84D} FILE ="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsax.dll"

"SPYWAREfighter" CLSID ={44CB577A-837C-4C36-9C8D-80A1639B9333} FILE ="C:\\Program Files\\SPYWAREfighter\\spfext.dll"

"WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="C:\\Program Files\\WinZip\\wzshlstb.dll"

 

 

--- ALTERNATESHELL regkey ---

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

"AlternateShell"="cmd.exe"

 

 

--- SAFEBOOT MINIMAL SERVICES ---

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

no unknown services found

 

 

--- SAFEBOOT NETWORK SERVICES ---

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

no unknown services found

 

 

--- SERVICES ---

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Airgo

"DisplayName"="Wireless-G PCI Adapter with SRX Driver"

system32\DRIVERS\WniHdd51.sys

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AOL ACS

"DisplayName"="AOL Connectivity Service"

"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atierecord

no imagepath value found

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FXDRV

"DisplayName"="FXDRV"

\??\D:\Fxdrv.sys

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OmniUsb

"DisplayName"="Ideazon USB Zboard Driver"

system32\DRIVERS\OmniUsb.sys

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OmniUsbl

"DisplayName"="Ideazon USBl Zboard Driver"

system32\DRIVERS\OmniUsbl.sys

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpyFighter

"DisplayName"="SpyFighter Guard Device"

\??\C:\Program Files\SPYWAREfighter\spyfighter.sys

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPYWAREfighterRP

"DisplayName"="SPYWAREfighterRP"

"C:\Program Files\SPYWAREfighter\spfprc.exe"

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD

no imagepath value found

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw

"DisplayName"="WAN Miniport (ATW)"

system32\DRIVERS\wanatw4.sys

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0E2F4962-9A16-4D87-A0D6-9E5711282C7F}

no imagepath value found

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{8919D171-E6D3-4DDF-B1C4-5437691BDBFE}

no imagepath value found

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{9E5EF34E-18C0-49E3-90AA-157EAA78B653}

no imagepath value found

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{AA221FEF-2A2D-4239-9BD8-D2A7B0790BDD}

no imagepath value found

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{C1EE0F08-E358-450A-A4A2-88C2CB2F14E6}

no imagepath value found

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{DE83678D-D419-436F-A8AF-2838FFA083C0}

no imagepath value found

 

 

--- SECURITYPROVIDERS regkey ---

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

--- SVCHOST regkey ---

 

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost

HTTPFilter: HTTPFilter\

LocalService: AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService: DnsCache\

netsvcs: 6to4AppMgmtAudioSrvBrowserCryptSvcDMServerDHCPERSvcEventSystemFastUserSwitchingCompatibilityHidServIasIpripIrmonLanmanServerLanmanWorkstationMessengerNetmanNlaNtmssvcNWCWorkstationNwsapagentRasautoRasmanRemoteaccessScheduleSeclogonSENSSharedaccessSRServiceTapisrvThemesTrkWksW32TimeWZCSVCWmiWmdmPmSpwinmgmtwscsvcxmlprovBITSwuauservShellHWDetectionhelpsvcWmdmPmSN\

DcomLaunch: DcomLaunchTermService\

rpcss: RpcSs\

imgsvc: StiSvc\

termsvcs: TermService\

WudfServiceGroup: WUDFSvc\

 

 

--- WOW-CMDLINE regkeys ---

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW

"cmdline" = %SystemRoot%\system32\ntvdm.exe

"wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

 

 

--- DNS SERVER regkeys ---

 

no "NameServer" values found

 

 

--- STARTUP FOLDERS ---

 

C:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

 

 

--- TASK SCHEDULER JOBS ---

 

C:\windows\tasks\McDefragTask.job

C:\windows\tasks\McQcTask.job

C:\windows\tasks\RegCure Program Check.job

C:\windows\tasks\RegCure.job

C:\windows\tasks\SpywareBot Scheduled Scan.job

 

 

--- File associations ---

 

.BAT files: ("%1" %*)

.COM files: ("%1" %*)

.EXE files: ("%1" %*)

.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)

.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)

.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)

.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)

.PIF files: ("%1" %*)

.REG files: (regedit.exe "%1")

.SCR files: ("%1" /S)

.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)

.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)

 

 

FINISHED

 

 

 

HIJACKTHIS UNINSTALL MANAGER

 

7 Wonders II (remove only)

Ad-Aware 2007

Adobe Common File Installer

Adobe Download Manager 2.0 (Remove Only)

Adobe Flash Player 9 ActiveX

Adobe Flash Player ActiveX

Adobe Reader 7.0.9

Adobe® Photoshop® Album Starter Edition 3.0

AOL Uninstaller (Choose which Products to Remove)

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Big Fish Games Client

CCleaner (remove only)

Concentration Evaluation

HijackThis 2.0.2

Holly: A Christmas Tale (remove only)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB896344)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

HP Customer Participation Program 7.0

HP Driver Diagnostics

HP Imaging Device Functions 7.0

HP Photosmart and Deskjet 7.0 Software

HP Photosmart Essential

HP Photosmart Essential 2.5

HP Photosmart Premier Software 6.5

HP Product Detection

HP Solution Center 7.0

HP Update

IntelligentAdvisor

Java 6 Update 2

LimeWire 4.12.11

Linksys Wireless-G PCI Adapter with SRX

Lucky Clover (remove only)

Luxor 3 (remove only)

Macromedia Extension Manager

Macromedia Flash 8

Macromedia Flash Player 8

McAfee SecurityCenter

Microsoft .NET Framework 2.0

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Professional

Microsoft Office Excel Viewer 2003

Microsoft Office PowerPoint Viewer 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

Mysteryville 2

NVIDIA Drivers

NvMixer

Photo Viewer 2.3

PlayMP3z

QuickTime

Rain Talisman (remove only)

RealArcade

RealPlayer Basic

RegCure 1.5.0.0

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893066)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB944653)

SpyDestroy Pro 1.0.8

SPYWAREfighter

Super Granny 4 Evaluation

The Magicians Handbook: Cursed Valley (remove only)

The Rise of Atlantis

The Stone of Destiny (remove only)

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920342)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925876)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Viewpoint Media Player

Wheel of Fortune 2

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893086

WinZip 11.1

Zenerchi (remove only)

 

 

Ok now here is a problem

After startup & recovery

when I hit settings it comes up with this error message

c:boot.inf file can not be oppened. operating system & timeout settings can not be changed

Then it goes to the next screen with the edit button when I click on the edit button it comes up with this error message

can't find the c:/boot.inf file Do you want to creat a new one?

I just hit cancel. I did not want to mess it up any more then it is.

Thanks,

Joy

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Sorry again for the delay I'm having a ton of problems of my own here. Hmm I'm just about able to post this.

 

1. Close any open browsers.

 

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.

 

Folder::

C:\WINDOWS\SxsCaPendDel

C:\Program Files\PlayMP3z

 

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

 

When finished, it will produce a log for you at "C:\ComboFix.txt"

 

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

 

Then come back here with both the HijackThis log and ComboFix.txt

 

 

Gogo :mellow:

Share this post


Link to post
Share on other sites

Hey.justjoy

 

Just so you know if I don't get back to you right away. Don't think I have forgot you I just have to get this thing going again. I'm starting to think that my last Kaspersky update did something to this PC.

 

Gogo :mellow:

Share this post


Link to post
Share on other sites

I fully understand...I'm just thankfull for the time and help that you have give me....I know you will get to the bottom of this....And good luck and godspeed with yours!

 

ComboFix 07-12-19.2 - user 2007-12-22 0:09:08.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.697 [GMT -5:00]

Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\user\Desktop\cfscript.txt

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\PlayMP3z

C:\Program Files\PlayMP3z\uninstall.exe

C:\WINDOWS\SxsCaPendDel

 

.

((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))

.

 

2007-12-20 23:41 . 2007-12-20 23:49 318 --a------ C:\delete.bat

2007-12-20 21:16 . 2007-12-20 21:16 <DIR> d-------- C:\Program Files\CCleaner

2007-12-18 16:26 . 2007-12-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Application

2007-12-18 16:25 . 2007-12-18 16:29 <DIR> d-------- C:\Program Files\SPYWAREfighter

2007-12-18 16:23 . 2007-12-18 16:23 <DIR> d-------- C:\Program Files\SpyDestroy Pro

2007-12-18 14:04 . 2007-12-18 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint

2007-12-18 14:04 . 2007-12-22 00:07 50,014 --a------ C:\VETlog.dmp

2007-12-18 14:03 . 2007-12-18 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL

2007-12-18 13:51 . 2007-12-18 13:51 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-18 12:53 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-12-18 12:23 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\XoftSpySE

2007-12-18 10:33 . 2007-12-18 10:50 <DIR> d-------- C:\Program Files\PCPitstop

2007-12-18 10:33 . 2007-12-18 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop

2007-12-17 17:08 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2007-12-17 17:08 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2007-12-17 17:08 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll

2007-12-17 15:43 . 2007-12-17 16:07 <DIR> d-------- C:\Program Files\RegCure

2007-12-17 15:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-12-17 15:09 . 2007-12-17 15:11 <DIR> d-------- C:\Program Files\BitDownload

2007-12-17 14:29 . 2007-12-21 15:21 <DIR> d-------- C:\Program Files\IntelligentAdvisor

2007-12-17 13:49 . 2007-12-17 14:23 <DIR> d-------- C:\Program Files\Registry Easy

2007-12-17 13:24 . 2007-12-17 13:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue

2007-12-12 23:39 . 2007-12-12 23:39 <DIR> d-------- C:\Program Files\Lucky Clover

2007-12-12 22:32 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\The Magicians Handbook - Cursed Valley

2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\Legends of pirates

2007-12-10 23:52 . 2007-12-10 23:53 <DIR> d-------- C:\Program Files\Holly - A Christmas Tale

2007-12-09 01:48 . 2007-12-18 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\does dog two city

2007-12-09 01:44 . 2007-12-09 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC

2007-12-09 01:43 . 2007-12-17 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

2007-12-09 00:16 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu

2007-12-08 00:08 . 2007-12-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville

2007-12-07 19:45 . 2007-12-07 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MythPeople

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpEF563.FOT

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpC5663.FOT

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp34563.FOT

2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp0B563.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmpAE8B4.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp689B4.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp5D9B4.FOT

2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp23AB4.FOT

2007-12-07 10:14 . 2007-12-21 08:14 17,604 --a------ C:\WINDOWS\system32\Config.MPF

2007-12-07 02:15 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll

2007-12-07 02:14 . 2007-12-18 09:42 <DIR> d-------- C:\mcafee_mcpr

2007-12-07 02:14 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2007-12-07 02:14 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2007-12-07 02:14 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2007-12-07 02:14 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2007-12-07 02:14 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2007-12-07 02:14 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2007-12-07 02:13 . 2007-12-07 02:13 <DIR> d-------- C:\Program Files\McAfee.com

2007-12-07 02:13 . 2007-12-07 02:15 <DIR> d-------- C:\Program Files\Common Files\McAfee

2007-12-07 02:12 . 2007-12-18 10:29 <DIR> d-------- C:\Program Files\McAfee

2007-12-07 01:23 . 2007-12-07 01:23 <DIR> d-------- C:\Documents and Settings\user\Application Data\SpywareBot

2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-07 00:41 . 2007-12-07 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP

2007-12-07 00:07 . 2007-12-07 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmpB7839.FOT

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp80939.FOT

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp56939.FOT

2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp3C939.FOT

2007-12-06 23:28 . 2007-12-06 23:28 <DIR> d-------- C:\Program Files\Smilebox

2007-12-06 23:03 . 2007-12-06 23:03 103,824 --a------ C:\Program Files\InstallDownloader.exe

2007-12-06 22:38 . 2007-12-06 23:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Smilebox

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-20 16:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-18 17:29 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire

2007-12-18 16:56 --------- d-----w C:\Program Files\Common Files\SystemRequirementsLab

2007-12-18 15:50 --------- d-----w C:\Program Files\Common Files\Scanner

2007-12-09 07:21 --------- d-----w C:\Program Files\RealArcade

2007-12-07 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2007-12-07 07:08 --------- d-----w C:\Program Files\Common Files\AOL

2007-12-07 06:31 --------- d-----w C:\Program Files\Java

2007-12-07 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2007-12-06 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2007-12-03 01:42 --------- d-----w C:\Documents and Settings\user\Application Data\Image Zone Express

2007-11-29 21:50 38,567 ----a-w C:\windows\system32\pcpbios.exe

2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys

2007-11-12 02:05 --------- d-----w C:\Program Files\Luxor 3

2007-10-29 22:43 1,287,680 ----a-w C:\windows\system32\quartz.dll

2007-10-27 22:40 222,720 ----a-w C:\windows\system32\wmasf.dll

2007-10-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo

2006-02-19 07:28 12,288 ----a-w C:\windows\Fonts\RandFont.dll

2005-07-07 23:14 774,144 ----a-w C:\Program Files\RngInterstitial.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]

2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 07:00]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05]

"AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [2007-04-18 01:49]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 19:53]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 23:05]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]

"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]

C:\Program Files\AOL 9.0b\AOL.EXE -b

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\MSMSGS.EXE /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

 

R3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\windows\system32\DRIVERS\WniHdd51.sys [2005-04-18 16:47]

R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]

R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]

S3 FXDRV;FXDRV;D:\Fxdrv.sys []

S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 07:00]

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-15 06:22:10 C:\windows\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2007-12-07 07:14:01 C:\windows\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

"2007-12-21 22:00:04 C:\windows\Tasks\RegCure Program Check.job"

- C:\Program Files\RegCure\RegCure.exe

"2007-12-20 16:28:32 C:\windows\Tasks\RegCure.job"

- C:\Program Files\RegCure\RegCure.exe

"2007-12-21 08:00:01 C:\windows\Tasks\SpywareBot Scheduled Scan.job"

- C:\Program Files\SpywareBot\SpywareBot.ex

- C:\Program Files\SpywareBot

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-22 00:11:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-22 0:12:33

C:\ComboFix2.txt ... 2007-12-20 21:58

C:\ComboFix3.txt ... 2007-12-18 19:39

.

2007-12-16 08:03:35 --- E O F ---

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:18:55 AM, on 12/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\windows\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\windows\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\windows\system32\svchost.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\SPYWAREfighter\spftray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SPYWAREfighter\spfprc.exe

C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe

C:\Program Files\AOL 9.0b\waol.exe

C:\Program Files\AOL 9.0b\shellmon.exe

C:\windows\explorer.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

 

--

End of file - 7472 bytes

Thanks

Joy

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Let me know in your next reply how things are now.

 

==========================

 

Download SDFix and save it to your Desktop.

 

* Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

* Reboot into Safe Mode: ( without networking support !)

°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.

Choose Safe Mode from the menu that will appear and press Enter.

 

* Open the extracted SDFix folder and double click RunThis.bat to start the script.

* Type Y to begin the cleanup process.

* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

* Press any Key and it will restart the PC.

* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

============================

 

Could you also run an update with Ad-Aware, then run a Full System scan show me, it's log as well.

 

Gogo :mellow:

Share this post


Link to post
Share on other sites

not sure if this is right. it is very big

 

Scan Results

Ad-Aware 2007 Free Edition

Log File Created on:2007-12-2214:19:52

Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef

Computer name:GLENDA

Name of user performing scan:SYSTEM

Name of user ordering scan:user

Scan completed successfully

 

System Information

File Version Information

Ad-Aware 2007 Settings

Extended Ad-Aware 2007 Settings

Database Information

Scan Statistics

Scan Detailed Statistics

Infections Found

Listing of running processes

System Information

Number of processors:1

Processor type:AMD Athlon 64 Processor 3000+

Memory Available:60%

Total Physical Memory:1073201152 Bytes

Available Physical Memory:642367488 Bytes

Total Page File Size:3115118592 Bytes

Available On Page File:2641514496 Bytes

Total Virtual Memory:2147352576 Bytes

Available Virtual Memory:1977987072 Bytes

OS:Microsoft Windows XP 5.1 (Build 2600)

[to top]

File Verion Information

File Version

CEAPI.dll 7, 0, 2, 3

aawservice.exe 7, 0, 2, 5

Ad-Aware2007.exe 7.0.2.5

[to top]

Ad-Aware 2007 Settings

Skipping files larger than:1048576 Bytes

Ignoring infections with lower TAI than:3

Safe Mode:False

[to top]

Extended Ad-Aware 2007 Settings

Unload malicious processes and modules

Unload Modules

Let Windows remove files at Start-Up

Deactivate Ad-Watch

Re-analyze Scan Result

Delete Restored Items

Write Protect System Files

Create Log file

Include basic settings

Include advanced settings

Include user and computer name

Environment information

Running processes

Running processes and modules

Include info about ignored objects in log file

Consider definitions File Outdated after x days

Proxy URL

Proxy Port

[to top]

Database Info

Version number:40

Build Number:0

Build Date and Time:2007/12/1702:47:35

[to top]

Scan Statistics

Method:Smart

 

Items Scanned:136161

Infections Detected:113

Infections Removed:0

Infections Quarantined:0

Infections Ignored:0

[to top]

Scan Detailed Statistics

Type Critical Total

Process Scan 0 0

Registry Scan 0 0

Registry PE Scan 0 0

Hosts Scan 0 0

File Scan 0 0

Folder Scan 0 0

LSP Scan 0 0

ADS Scan 0 0

Cookie Scan 111 111

File Hash Scan 0 0

[to top]

Infections Found

Family Id Name Category TAI

725 Tracking Cookie DataMiner 3

[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ehg-bestbuy.hitbox.com WSS_MIGRATION /

[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ehg-bestbuy.hitbox.com DM540724E8RDV6 /

[600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat atdmt.com AA002 /

[600000190] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1071654568/

[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net TID /

[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net ANRTT /

[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net TData /

[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net Anxd /

[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net Tcc /

[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net Tsid /

[600000050] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tribalfusion.com ANON_ID /

[600000144] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat doubleclick.net id /

[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat anad.tacoda.net /PC /

[600000263] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat mediaplex.com svid /

[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 3.adbrite.com ihc_34742 /

[600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBanners895 /

[600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com lastInviteTime /

[600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIinvited895 /

[600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBannerCounter25863 /

[600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIControlCounter895 /

[600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBanners875 /

[600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBannerCounter24908 /

[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat revsci.net NETID01 /

[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat revsci.net NETSEGS_J05532 /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net pjw /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m2 /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net adv_ic /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net pluto /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m1 /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m3 /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net vt /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m6 /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m8 /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net zru /

[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net rt /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net DMEXP /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net CTCI /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net HS /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net DGI /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net UI /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net LO /

[600000175] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat bilbo.counted.com C_Bilbo60696 /

[600000175] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat bilbo.counted.com C_Bilbo_pe_60696 /

[600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com dly2 /

[600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com dmg2 /

[600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com hst2 /

[600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com rth /

[600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com uid2 /

[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adbrite.com Apache /

[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adbrite.com b /

[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.revsci.net rsi_us_1000000 /adserver

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMID /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMPS /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMPP /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMPH /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMFP /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMX2 /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMCLICK2 /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMX1 /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMS /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMIMP /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMX3 /

[600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMCLICK3 /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net dmc /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net dmk /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net smc /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net smk /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net dmp /

[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net smx /

[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat hitbox.com CTG /

[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat hitbox.com WSS_GW /

[600000101] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat overture.com ConvData /

[600000101] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat overture.com UserData /

[600000457] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.euroclick.com NSC_mc-bepqu.fvspdmjdl.dpn-iuuq /

[600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRID /

[600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRimp /

[600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRca /

[600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRcp /

[600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRpl /

[600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRcr /

[600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRpc /

[600000085] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat questionmarket.com ES /

[600000085] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat questionmarket.com CS1 /

[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_nx60cfalcfjax7Bbnfc /

[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_kefx7Dofiego /

[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_gijupe /

[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_oabhjamfx7Dzx7Cgx7Ex7D /

[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_zx7Cgnefkhe /

[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_x7Fybhizix60cx7Cix7E /

[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_usheik /

[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_hex7Foczix7Eomx7Eh /

[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com ZEDOIDX /

[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com ZEDOIDA /

[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com geo /

[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com FFChanCap /

[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com PI /

[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com FFbh /

[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat network.realmedia.com NSC_f4pbto1efm_qppm_iuuqt /

[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat realmedia.com RMID /

[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat realmedia.com RMFL /

[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat realmedia.com NXCLICK2 /

[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat media.adrevolver.com BIGipServerar-slave /

[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ad.yieldmanager.com uid /

[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ad.yieldmanager.com bh /

[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ad.yieldmanager.com fl_inst /

[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adrevolver.com adrev_adpath /

[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com ACID /

[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com C2 /

[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com BASE /

[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com ROLL /

[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com F1 /

 

9999 MRU Object MRU Object 0

[1] MRU Path: C:\Documents and Settings\user\Recent Count: 5

[3] MRU Registry Key: S-1-5-21-583907252-1500820517-725345543-1004\Software\Microsoft\Internet Explorer\TypedURLs Count: 3

 

 

Quarantined Objects

Family Id Name Category TAI

 

Removed Objects

Family Id Name Category TAI

[to top]

Listing of Running Processes

C:\WINDOWS\SYSTEM32\SMSS.EXE

c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE

c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ati2evxx.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE

c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE

c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\scecli.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\psbase.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\mpr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\es.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\hidserv.dll

c:\windows\system32\hid.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\sens.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\w32time.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\browser.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\wscsvc.dll

c:\windows\system32\msi.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\sxs.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\mlang.dll

c:\windows\system32\xmlprovi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\upnphost.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\netapi32.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

c:\program files\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll

c:\windows\system32\shell32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\program files\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\hpz3l463.dll

c:\windows\system32\hpz3l4pi.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\hpzpp463.dll

c:\windows\system32\spool\prtprocs\w32x86\hpzpp4pi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE

c:\program files\common files\aol\acs\aolacsd.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\common files\aol\acs\aolacsd.dll

c:\windows\system32\winmm.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\program files\common files\aol\acs\xpat.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\program files\common files\aol\acs\acsmdiag.dll

c:\program files\common files\aol\aoldiag\tbdiag.dll

c:\program files\common files\aol\acs\acscmn.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\mswsock.dll

c:\program files\common files\aol\acs\acsswu.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\samlib.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\w3ssl.dll

c:\windows\system32\strmfilt.dll

c:\windows\system32\secur32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\httpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

C:\PROGRAM FILES\COMMON FILES\MCAFEE\HACKERWATCH\HWAPI.EXE

c:\program files\common files\mcafee\hackerwatch\hwapi.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

C:\PROGRA~1\MCAFEE\MSC\MCMSCSVC.EXE

c:\progra~1\mcafee\msc\mcmscsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\progra~1\mcafee\msc\mcres.dll

c:\progra~1\mcafee\msc\mclocres.dll

c:\program files\mcafee\msc\oem\578\mccobres.dll

c:\progra~1\mcafee\msc\mccobres.dll

c:\progra~1\common~1\mcafee\msc\sqlite3.dll

c:\windows\system32\setupapi.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\progra~1\mcafee\msc\mcmispps.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\progra~1\mcafee\msc\mcshllps.dll

c:\progra~1\mcafee\msc\mcdbmgr.dll

C:\PROGRA~1\COMMON~1\MCAFEE\MNA\MCNASVC.EXE

c:\progra~1\common~1\mcafee\mna\mcnasvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\progra~1\common~1\mcafee\msc\mcutil.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\progra~1\mcafee\msc\mcnmcsrv.dll

c:\windows\system32\mpr.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\progra~1\mcafee\msc\mcshllps.dll

c:\progra~1\common~1\mcafee\mna\mcnasv~1.dll

c:\progra~1\mcafee\msc\mcnmcsps.dll

c:\windows\system32\msxml4.dll

c:\progra~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll

c:\progra~1\mcafee\msc\mcmismgr.dll

c:\progra~1\mcafee\msc\mcres.dll

c:\progra~1\mcafee\msc\mclocres.dll

c:\program files\mcafee\msc\oem\578\mccobres.dll

c:\progra~1\mcafee\msc\mccobres.dll

c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll

c:\windows\system32\msi.dll

c:\windows\system32\ntmarta.dll

c:\progra~1\common~1\mcafee\mna\mcuj.dll

c:\progra~1\mcafee\msc\mcnmcres.dll

c:\progra~1\mcafee\msc\mcnmclor.dll

c:\progra~1\mcafee\msc\mcnmccor.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\progra~1\mcafee\msc\mcmispps.dll

C:\PROGRA~1\MCAFEE\VIRUSS~1\MCODS.EXE

c:\progra~1\mcafee\viruss~1\mcods.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

C:\PROGRA~1\MCAFEE\MSC\MCPROMGR.EXE

c:\progra~1\mcafee\msc\mcpromgr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\winsta.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\shell32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\progra~1\mcafee\msc\mcres.dll

c:\progra~1\mcafee\msc\mclocres.dll

c:\program files\mcafee\msc\oem\578\mccobres.dll

c:\progra~1\mcafee\msc\mccobres.dll

c:\progra~1\common~1\mcafee\msc\mcutil.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\progra~1\mcafee\msc\mcshllps.dll

c:\progra~1\mcafee\msc\mcmispps.dll

c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msxml4.dll

c:\progra~1\mcafee\msc\mcprotpv.dll

c:\progra~1\mcafee\msc\mcnmcres.dll

c:\progra~1\mcafee\msc\mcnmclor.dll

c:\progra~1\mcafee\msc\mcnmccor.dll

c:\windows\system32\sxs.dll

c:\progra~1\mcafee\msc\mcprohlp.dll

C:\PROGRA~1\COMMON~1\MCAFEE\MCPROXY\MCPROXY.EXE

c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xpsp2res.dll

c:\progra~1\mcafee\mps\mpsppm.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\progra~1\common~1\mcafee\core\mcevtbrk.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\userenv.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\progra~1\common~1\mcafee\redirsvc\redirps.dll

C:\PROGRA~1\COMMON~1\MCAFEE\REDIRSVC\REDIRSVC.EXE

c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\progra~1\common~1\mcafee\core\mcevtbrk.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\userenv.dll

c:\windows\system32\netapi32.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll

c:\progra~1\common~1\mcafee\redirsvc\redirps.dll

C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSYSMON.EXE

c:\progra~1\mcafee\viruss~1\mcsysmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\secur32.dll

c:\progra~1\mcafee\viruss~1\mvslog.dll

c:\windows\system32\msxml3.dll

c:\progra~1\mcafee\viruss~1\mfesmfa.dll

c:\progra~1\mcafee\viruss~1\mfehida.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll

c:\progra~1\mcafee\viruss~1\mvscfg.dll

c:\windows\system32\sxs.dll

c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll

c:\windows\system32\shell32.dll

c:\windows\system32\setupapi.dll

c:\progra~1\mcafee\msc\mcmispps.dll

c:\progra~1\common~1\mcafee\core\mcevtbrk.dll

c:\progra~1\mcafee\viruss~1\mcvsps.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\mstask.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\mpr.dll

C:\PROGRAM FILES\MCAFEE\MPF\MPFSRV.EXE

c:\program files\mcafee\mpf\mpfsrv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\windows\system32\psapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\netapi32.dll

c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll

c:\progra~1\common~1\mcafee\core\mcevtbrk.dll

c:\progra~1\mcafee\mpf\mc\mpfmisp.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\winmm.dll

c:\progra~1\mcafee\msc\mcmispps.dll

c:\windows\system32\netshell.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\credui.dll

c:\windows\system32\atl.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\sxs.dll

c:\progra~1\mcafee\mpf\mc\mpfaltps.dll

c:\windows\system32\msi.dll

c:\windows\system32\msxml4.dll

C:\PROGRA~1\MCAFEE\MPS\MPS.EXE

c:\progra~1\mcafee\mps\mps.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\psapi.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\dunzip32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\mlang.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\progra~1\common~1\mcafee\core\mcevtbrk.dll

c:\windows\system32\userenv.dll

c:\progra~1\mcafee\mps\mpsps.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\windows\system32\sxs.dll

c:\windows\system32\msi.dll

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\userenv.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\imm32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

C:\WINDOWS\SYSTEM32\HPZIPM12.EXE

c:\windows\system32\hpzipm12.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\uxtheme.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wiaservc.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\sti.dll

C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE

c:\program files\windows media player\wmpnetwk.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\shell32.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\httpapi.dll

c:\windows\system32\wmpmde.dll

c:\windows\system32\mfplat.dll

c:\windows\system32\userenv.dll

c:\windows\system32\faultrep.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\secur32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wmp.dll

c:\windows\system32\msvfw32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\wmploc.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\wmpps.dll

C:\WINDOWS\EXPLORER.EXE

c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\netshell.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\credui.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msctf.dll

c:\windows\system32\winsta.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\mlang.dll

c:\windows\system32\mydocs.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\samlib.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\sxs.dll

c:\windows\system32\msisip.dll

c:\windows\system32\wshext.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\comdlg32.dll

C:\PROGRAM FILES\MCAFEE\MPS\MPSEVH.EXE

c:\program files\mcafee\mps\mpsevh.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\psapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\userenv.dll

c:\windows\system32\version.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\progra~1\mcafee\msc\mcaltlib.dll

c:\windows\system32\riched20.dll

c:\progra~1\mcafee\msc\mcres.dll

c:\progra~1\mcafee\msc\mclocres.dll

c:\program files\mcafee\msc\oem\578\mccobres.dll

c:\progra~1\mcafee\msc\mccobres.dll

c:\windows\system32\winmm.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msxml3.dll

c:\progra~1\mcafee\mps\mpsps.dll

c:\progra~1\mcafee\mps\mpsmisp.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\progra~1\mcafee\msc\mcmispps.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\msctf.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

C:\WINDOWS\SYSTEM32\ALG.EXE

c:\windows\system32\alg.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRAM FILES\ADOBE\PHOTOSHOP ALBUM STARTER EDITION\3.0\APPS\APDPROXY.EXE

c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\adobe\photoshop album starter edition\3.0\apps\apdboot.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\psapi.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\program files\adobe\photoshop album starter edition\3.0\apps\msvcp71.dll

c:\program files\adobe\photoshop album starter edition\3.0\apps\msvcr71.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dsound.dll

c:\windows\system32\winmm.dll

c:\windows\system32\version.dll

c:\windows\system32\msctf.dll

c:\windows\system32\sti.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

C:\PROGRAM FILES\SPYWAREFIGHTER\SPFTRAY.EXE

c:\program files\spywarefighter\spftray.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\xpsp2res.dll

c:\program files\spywarefighter\spywarefighterbo.dll

c:\windows\system32\msvbvm60.dll

c:\windows\system32\msctfime.ime

c:\program files\spywarefighter\spfrm.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

c:\program files\hp\hp software update\hpwuschd2.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSRMON.EXE

c:\program files\hp\digital imaging\bin\hpqsrmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\winsta.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\sti.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE

c:\program files\java\jre1.6.0_03\bin\jusched.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\userenv.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSTEM32\CTFMON.EXE

c:\windows\system32\ctfmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msutb.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msctfime.ime

C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE

c:\program files\windows media player\wmpnscfg.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\version.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\program files\windows media player\wmpnssci.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

C:\PROGRAM FILES\SPYWAREFIGHTER\SPFPRC.EXE

c:\program files\spywarefighter\spfprc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\program files\spywarefighter\engine.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\winmm.dll

c:\windows\system32\shell32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\program files\spywarefighter\spfrm.dll

c:\windows\system32\iphlpapi.dll

c:\program files\spywarefighter\spywarefighterbo.dll

c:\windows\system32\msvbvm60.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

C:\PROGRA~1\MCAFEE.COM\AGENT\MCAGENT.EXE

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\progra~1\mcafee\msc\mcres.dll

c:\progra~1\mcafee\msc\mclocres.dll

c:\program files\mcafee\msc\oem\578\mccobres.dll

c:\progra~1\mcafee\msc\mccobres.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll

c:\windows\system32\setupapi.dll

c:\progra~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\msxml4.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\progra~1\mcafee\msc\mcmispps.dll

c:\windows\system32\msxml3.dll

c:\progra~1\mcafee.com\agent\mcagntps.dll

c:\progra~1\mcafee\msc\mccfgpv.dll

c:\progra~1\mcafee\msc\mcuicfg.dll

C:\PROGRAM FILES\COMMON FILES\AOL\1175982866\EE\AOLSOFTWARE.EXE

c:\program files\common files\aol\1175982866\ee\aolsoftware.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\program files\common files\aol\1175982866\ee\aolsvcmgr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\program files\common files\aol\1175982866\ee\xprt6.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\program files\common files\aol\aoldiag\tbdiag.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\msi.dll

c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\os.dll

c:\program files\common files\aol\1175982866\ee\xprt5.dll

c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\aolidlemon.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\notify.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msv1_0.dll

c:\program files\common files\aol\1175982866\ee\services\localstorage\ver7_1_6_1\clssvc.dll

c:\windows\system32\comctl32.dll

c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll

c:\windows\system32\shell32.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\hnetcfg.dll

c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\aolsystrayservice.dll

c:\program files\common files\aol\1175982866\ee\services\suiteframework\ver4_1_6_1\suiteframework.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

C:\PROGRAM FILES\AOL 9.0B\WAOL.EXE

c:\program files\aol 9.0b\waol.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcr71.dll

c:\program files\aol 9.0b\waol.dll

c:\program files\aol 9.0b\supersub.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\program files\aol 9.0b\xprt5.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\program files\aol 9.0b\coolcore46.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\program files\aol 9.0b\zlib.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\program files\aol 9.0b\xmlparse.dll

c:\program files\aol 9.0b\xmltok.dll

c:\program files\aol 9.0b\comm.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\program files\aol 9.0b\manager.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\winspool.drv

c:\program files\aol 9.0b\synccore.dll

c:\program files\aol 9.0b\proxymgr.dll

c:\program files\aol 9.0b\appdata.dll

c:\windows\system32\version.dll

c:\program files\aol 9.0b\acfbase.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msctf.dll

c:\program files\common files\aol\1175982866\ee\aolsvcmgr.dll

c:\program files\common files\aol\1175982866\ee\xprt6.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\program files\aol 9.0b\resource.dll

c:\program files\common files\aol\aoldiag\tbdiag.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\uxtheme.dll

c:\program files\common files\aol\acs\acscmn.dll

c:\windows\system32\sxs.dll

c:\program files\aol 9.0b\tool\imfdecode.rct

c:\program files\aol 9.0b\tool\coretool.rct

c:\program files\aol 9.0b\dunzip32.dll

c:\program files\aol 9.0b\tool\mip.tol

c:\program files\aol 9.0b\abook.dll

c:\program files\aol 9.0b\tool\rich.rct

c:\program files\aol 9.0b\tool\actvx.rct

c:\program files\aol 9.0b\tool\sec.cct

c:\program files\aol 9.0b\tool\chat.tol

c:\windows\system32\setupapi.dll

c:\program files\aol 9.0b\tool\htmlview.tol

c:\program files\aol 9.0b\tool\www.tol

c:\program files\aol 9.0b\tool\lvi.tol

c:\program files\aol 9.0b\coolapi.dll

c:\program files\aol 9.0b\idleproc.dll

c:\program files\aol 9.0b\tool\talk.tol

c:\windows\system32\vbscript.dll

c:\program files\viewpoint\viewpoint experience technology\axmetastream_0305000d.dll

c:\program files\viewpoint\viewpoint experience technology\componentmgr_0305000d.dll

c:\program files\viewpoint\viewpoint experience technology\components\scenecomponent.dll

c:\windows\system32\msvfw32.dll

c:\windows\system32\dciman32.dll

c:\program files\viewpoint\viewpoint experience technology\components\aolusershell.dll

c:\windows\system32\msi.dll

c:\program files\viewpoint\viewpoint experience technology\components\sreedmmx.dll

c:\windows\system32\secur32.dll

c:\program files\viewpoint\viewpoint experience technology\components\swfview.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\jgpl400.dll

c:\windows\system32\jgdw400.dll

c:\windows\system32\msvcrt20.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\userenv.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\msimtf.dll

c:\windows\system32\mlang.dll

c:\windows\system32\mshtmled.dll

c:\progra~1\mcafee\viruss~1\scriptcl.dll

c:\windows\system32\jscript.dll

c:\windows\system32\dxtrans.dll

c:\windows\system32\atl.dll

c:\windows\system32\ddrawex.dll

c:\windows\system32\ddraw.dll

c:\windows\system32\dxtmsft.dll

C:\PROGRAM FILES\AOL 9.0B\SHELLMON.EXE

c:\program files\aol 9.0b\shellmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\version.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE

c:\progra~1\mcafee\viruss~1\mcshield.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\lz32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\progra~1\mcafee\viruss~1\lockdown.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\progra~1\mcafee\viruss~1\mytilus.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\progra~1\mcafee\viruss~1\mytilus2.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\progra~1\mcafee\viruss~1\res00\mcshield.dll

c:\progra~1\mcafee\viruss~1\ftl.dll

c:\windows\system32\psapi.dll

c:\progra~1\mcafee\viruss~1\naiann.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\progra~1\common~1\mcafee\core\mccoreps.dll

c:\progra~1\mcafee\viruss~1\mcvsps.dll

c:\progra~1\mcafee\viruss~1\naiannps.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\progra~1\mcafee\viruss~1\mvscfg.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\sxs.dll

c:\progra~1\mcafee\viruss~1\mcvsqt.dll

c:\progra~1\mcafee\viruss~1\mcqtlib.dll

c:\windows\system32\shell32.dll

c:\progra~1\common~1\mcafee\core\mcevtbrk.dll

c:\progra~1\mcafee\viruss~1\mvslog.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\sfc_os.dll

c:\progra~1\mcafee\viruss~1\scriptsv.dll

c:\program files\mcafee\virusscan\mcscan32.dll

c:\progra~1\mcafee\viruss~1\mfebopa.dll

c:\progra~1\mcafee\viruss~1\mfehida.dll

c:\progra~1\mcafee\viruss~1\mfeavfa.dll

c:\progra~1\mcafee\msc\mcmispps.dll

c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE

c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\mpr.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\uxtheme.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\userenv.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\secur32.dll

[to top]

 

 

 

SDFix: Version 1.119

 

Run by user on Sat 12/22/2007 at 10:37 AM

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

No Trojan Files Found

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:30:22 PM, on 12/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\windows\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\windows\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\windows\system32\svchost.exe

C:\windows\Explorer.EXE

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\SPYWAREfighter\spftray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SPYWAREfighter\spfprc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe

C:\Program Files\AOL 9.0b\waol.exe

C:\Program Files\AOL 9.0b\shellmon.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

 

--

End of file - 7516 bytes

Share this post


Link to post
Share on other sites
Sign in to follow this