justjoy 0 Report post Posted December 18, 2007 I also have popups but really concerned about not having MS task manager. Thank you in advance for all your help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:03:29 PM, on 12/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Safe mode with network support Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 18, 2007 Hello.justjoy & Welcome Please boot out of Safe Mode and into live windows. Then run a scan with Hijack-This post it's log-file here. Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 18, 2007 Thank you for the help....sorry new at this....here is the new log. and thanks for the welcome....but is you guys that really need all the thanks and welcomes....you are awesome Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:56:33 PM, on 12/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\csrss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\windows\Explorer.EXE C:\Program Files\McAfee\MPS\mpsevh.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\windows\system32\wuauclt.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\windows\System32\alg.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7026 bytes Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 18, 2007 Hi.justjoy Download ComboFix from Here or Here to your Desktop. Don't run just Yet! ============================= NOTE: This next step I'm going to have you do. Is to be done only after you download the tool, above not before. MCAFEE ANTIVIRUS Please navigate to the system tray on the bottom right hand corner and look for a sign. * right-click it -> chose "Exit." * a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard. You succesfully disabled the McAfee Guard. NOTE: Again this is to be done only after downloading the tool, above not before. ============================== Now run [*]Double click combofix.exe and follow the prompts. [*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall ============================== Come back here with the ComboFix.txt and new Hijack-This log. Please make sure to turn on the Anti-Virus scanner I may ask you to disable it again at some point. Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 18, 2007 ComboFix 07-12-19.2 - user 2007-12-18 19:35:01.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.668 [GMT -5:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))) . 2007-12-18 16:26 . 2007-12-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Application 2007-12-18 16:25 . 2007-12-18 16:29 <DIR> d-------- C:\Program Files\SPYWAREfighter 2007-12-18 16:23 . 2007-12-18 16:23 <DIR> d-------- C:\Program Files\SpyDestroy Pro 2007-12-18 14:04 . 2007-12-18 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint 2007-12-18 14:04 . 2007-12-18 19:32 50,014 --a------ C:\VETlog.dmp 2007-12-18 14:03 . 2007-12-18 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL 2007-12-18 13:51 . 2007-12-18 13:51 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-18 12:53 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-18 12:23 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-12-18 10:33 . 2007-12-18 10:50 <DIR> d-------- C:\Program Files\PCPitstop 2007-12-18 10:33 . 2007-12-18 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2007-12-17 17:08 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-12-17 17:08 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-12-17 17:08 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-12-17 15:43 . 2007-12-17 16:07 <DIR> d-------- C:\Program Files\RegCure 2007-12-17 15:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-17 15:09 . 2007-12-17 15:11 <DIR> d-------- C:\Program Files\BitDownload 2007-12-17 14:29 . 2007-12-18 19:14 <DIR> d-------- C:\Program Files\PlayMP3z 2007-12-17 14:29 . 2007-12-18 15:38 <DIR> d-------- C:\Program Files\IntelligentAdvisor 2007-12-17 13:49 . 2007-12-17 14:23 <DIR> d-------- C:\Program Files\Registry Easy 2007-12-17 13:24 . 2007-12-17 13:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue 2007-12-12 23:39 . 2007-12-12 23:39 <DIR> d-------- C:\Program Files\Lucky Clover 2007-12-12 22:32 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\The Magicians Handbook - Cursed Valley 2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\Legends of pirates 2007-12-10 23:52 . 2007-12-10 23:53 <DIR> d-------- C:\Program Files\Holly - A Christmas Tale 2007-12-09 01:48 . 2007-12-18 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\does dog two city 2007-12-09 01:44 . 2007-12-09 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC 2007-12-09 01:43 . 2007-12-17 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-09 00:16 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu 2007-12-08 00:08 . 2007-12-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville 2007-12-07 19:45 . 2007-12-07 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MythPeople 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpEF563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpC5663.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp34563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp0B563.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmpAE8B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp689B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp5D9B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp23AB4.FOT 2007-12-07 10:14 . 2007-12-18 14:51 17,148 --a------ C:\WINDOWS\system32\Config.MPF 2007-12-07 02:15 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-12-07 02:14 . 2007-12-18 09:42 <DIR> d-------- C:\mcafee_mcpr 2007-12-07 02:14 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-12-07 02:14 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-12-07 02:14 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-12-07 02:14 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-12-07 02:13 . 2007-12-07 02:13 <DIR> d-------- C:\Program Files\McAfee.com 2007-12-07 02:13 . 2007-12-07 02:15 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-12-07 02:12 . 2007-12-18 10:29 <DIR> d-------- C:\Program Files\McAfee 2007-12-07 01:23 . 2007-12-07 01:23 <DIR> d-------- C:\Documents and Settings\user\Application Data\SpywareBot 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-07 00:41 . 2007-12-07 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-12-07 00:07 . 2007-12-07 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmpB7839.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp80939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp56939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp3C939.FOT 2007-12-06 23:28 . 2007-12-06 23:28 <DIR> d-------- C:\Program Files\Smilebox 2007-12-06 23:03 . 2007-12-06 23:03 103,824 --a------ C:\Program Files\InstallDownloader.exe 2007-12-06 22:38 . 2007-12-06 23:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Smilebox 2007-11-19 02:00 . 2007-11-19 02:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-18 17:29 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2007-12-18 16:56 --------- d-----w C:\Program Files\Common Files\SystemRequirementsLab 2007-12-18 15:50 --------- d-----w C:\Program Files\Common Files\Scanner 2007-12-17 19:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-09 07:21 --------- d-----w C:\Program Files\RealArcade 2007-12-07 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-07 07:08 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-07 06:31 --------- d-----w C:\Program Files\Java 2007-12-07 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-06 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-12-03 01:42 --------- d-----w C:\Documents and Settings\user\Application Data\Image Zone Express 2007-11-29 21:50 38,567 ----a-w C:\windows\system32\pcpbios.exe 2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys 2007-11-12 02:05 --------- d-----w C:\Program Files\Luxor 3 2007-10-29 22:43 1,287,680 ----a-w C:\windows\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\windows\system32\wmasf.dll 2007-10-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2006-02-19 07:28 12,288 ----a-w C:\windows\Fonts\RandFont.dll 2005-07-07 23:14 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}] 2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 07:00] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05] "AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [2007-04-18 01:49] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 19:53] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 23:05] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-06 23:46 57344 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] C:\Program Files\AOL 9.0b\AOL.EXE -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe R3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\windows\system32\DRIVERS\WniHdd51.sys [2005-04-18 16:47] R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 07:00] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 *Newly Created Service* - SPYFIGHTER *Newly Created Service* - SPYWAREFIGHTERRP . Contents of the 'Scheduled Tasks' folder "2007-12-15 06:22:10 C:\windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2007-12-07 07:14:01 C:\windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2007-12-18 22:00:15 C:\windows\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-17 20:43:42 C:\windows\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-18 22:00:11 C:\windows\Tasks\SpywareBot Scheduled Scan.job" - C:\Program Files\SpywareBot\SpywareBot.ex - C:\Program Files\SpywareBot . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-18 19:37:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-18 19:39:20 . 2007-12-16 08:03:35 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:22:30 PM, on 12/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\windows\explorer.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe -- End of file - 6877 bytes Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 19, 2007 Hi.justjoy Lets run an F-Secure online scan for Viruses, Spyware and RootKits: Go to http://support.f-secure.com/enu/home/ols.shtml Scroll to the bottom of the page and click the Start scanning button. A window will pop up. Allow the Active X control to be installed on your computer, then click the Accept button Click Full System Scan and allow the components to download and the scan to complete. If malware is found, check Submit samples to F-Secure then select Automatic cleaning When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report) Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan When the cleaning option is presented, Uncheck Submit samples to F-Secure Click Automatic cleaning When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report) Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post Notes: This scan will only work with Internet Explorer You must have administrator rights to run this scan This scan can take several hours, so please be patient Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 19, 2007 Sorry it took so long. I let it run over night. Scanning Report Tuesday, December 18, 2007 21:37:09 - 08:29:06 Computer name: GLENDA Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ E:\ -------------------------------------------------------------------------------- Result: 19 malware found Possible Browser Hijack attempt (spyware) System (Disinfected) Tracking Cookie (spyware) System (Disinfected) System System System System System System System System System System System System System Type_Win32 (virus) C:\MY GAMES\WHEEL OF FORTUNE 2\WHEEL OF FORTUNE.EXE (Submitted) C:\MY GAMES\SPARKLE\SPARKLE.EXE (Submitted) W32/Jesta.A (virus) E:\WINDOWS\JESTERTB.DLL (Submitted) W32/Malware (virus) E:\WINDOWS\SYSTEM32\SISTRAY.EXE (Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 69887 System: 4226 Not scanned: 8 Actions: Disinfected: 2 Renamed: 0 Deleted: 0 None: 17 Submitted: 4 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\TEMP\MCAFEE_U8RPUB8QSZQV2YW C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{6C2F336D-1E6A-439C-93A7-F313192C6DD7}.BIN C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JOGY08LS\MWHO[2].HTM C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AOL 9.0B\ORGANIZE\JUSTJOY36 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AOL 9.0B\ORGANIZE\CACHE\JUSTJOY01 E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7EF0AC1311A0E5E84AC5D324D96B7409_3F2C12F5-E4E2-40BF-9171-77E28489A003 -------------------------------------------------------------------------------- Options Scanning engines: F-Secure Libra: 2.4.2, 2007-12-18 F-Secure AVP: 7.0.171, 2007-12-18 F-Secure Orion: 1.2.37, 2007-12-19 F-Secure Blacklight: 1.0.64 F-Secure Draco: 1.0.35, 0597-150-72 F-Secure Pegasus: 1.19.0, 2007-11-10 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX Use Advanced heuristics Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 19, 2007 Hi.justjoy Now may I have some feedback how is the PC doing better? or do you feel there is something more. I ask because I'm not seeing anything in this log-file. What other problems are you having if there is any. Gogo Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 19, 2007 Hey.justjoy I'm sorry I needed to have this file here looked at. Please show me, the results of the scan. Please submit the following files for analysis. Jotti File Submission: [*]Please go to Jotti's malware scan [*]Copy and paste the following file path into the "File to upload & scan"box on the top of the page: [*]C:\WINDOWS\system32\tmpEF563.FOT [*]Click on the submit button [*]Please post the results in your next reply. Please note that if you are submitting more than one file they will have to be entered one at a time. Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 19, 2007 I have the ctrl - alt - del back and also microsoft office is working again....lol....I did not even tell you about that one. The pop-ups seem to be gone....I went to the online malware scan....The first time I tried it said the site was busy try again in 20 sec.....I tried again and it has been sitting like this for about 10 mins. Is this normal? or should I try again later? Thank you so very much for all your help and time... Joy Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 19, 2007 Hi.justjoy Glad to hear things are starting to seem better for you. And yes sometimes the scan takes more time, but if you like try again later I will check back on you. Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 20, 2007 (edited) That file cheched out ok....I still have the setthetrend pop-up....All my keys and programs appear to be working again....but on boot up after post but before windows log-in a box comes up with this "ê…˜Ãâ…°ÃĹĈ爸Þ"in it. it will not let me x out of it i have to click ok and then it loads the window log in screen. Thanks Edited December 20, 2007 by justjoy Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 21, 2007 Hi.justjoy Please download ATF Cleaner. Double-click on ATF-Cleaner.exe to start the program. * Under the Main tab, put a check next to Select All. Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies) * If you use the Firefox browser: Click on Firefox at the top and put a check next to Select All. If you would like to keep your saved passwords, click No at the prompt. Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies) * If you use the Opera browser: Click on Opera at the top and put a check next to Select All. If you would like to keep your saved passwords, click No at the prompt. Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies) ========================= Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings. http://www.ccleaner.com/ During install of Ccleaner you will be offered the Yahoo Toolbar. UNcheck if not wanted. ========================= Then run me, a scan with ComboFix once more let's see what if anything shows up. Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 21, 2007 (edited) also at boot after post invalid boot.inf booting from C:/windows. then the box with the stuff in it ComboFix 07-12-19.2 - user 2007-12-20 21:54:33.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.692 [GMT -5:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))) . 2007-12-20 21:16 . 2007-12-20 21:16 <DIR> d-------- C:\Program Files\CCleaner 2007-12-20 14:06 . 2007-12-20 14:08 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-12-18 16:26 . 2007-12-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Application 2007-12-18 16:25 . 2007-12-18 16:29 <DIR> d-------- C:\Program Files\SPYWAREfighter 2007-12-18 16:23 . 2007-12-18 16:23 <DIR> d-------- C:\Program Files\SpyDestroy Pro 2007-12-18 14:04 . 2007-12-18 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint 2007-12-18 14:04 . 2007-12-20 21:54 50,014 --a------ C:\VETlog.dmp 2007-12-18 14:03 . 2007-12-18 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL 2007-12-18 13:51 . 2007-12-18 13:51 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-18 12:53 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-18 12:23 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-12-18 10:33 . 2007-12-18 10:50 <DIR> d-------- C:\Program Files\PCPitstop 2007-12-18 10:33 . 2007-12-18 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2007-12-17 17:08 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-12-17 17:08 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-12-17 17:08 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-12-17 15:43 . 2007-12-17 16:07 <DIR> d-------- C:\Program Files\RegCure 2007-12-17 15:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-17 15:09 . 2007-12-17 15:11 <DIR> d-------- C:\Program Files\BitDownload 2007-12-17 14:29 . 2007-12-18 19:14 <DIR> d-------- C:\Program Files\PlayMP3z 2007-12-17 14:29 . 2007-12-20 21:49 <DIR> d-------- C:\Program Files\IntelligentAdvisor 2007-12-17 13:49 . 2007-12-17 14:23 <DIR> d-------- C:\Program Files\Registry Easy 2007-12-17 13:24 . 2007-12-17 13:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue 2007-12-12 23:39 . 2007-12-12 23:39 <DIR> d-------- C:\Program Files\Lucky Clover 2007-12-12 22:32 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\The Magicians Handbook - Cursed Valley 2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\Legends of pirates 2007-12-10 23:52 . 2007-12-10 23:53 <DIR> d-------- C:\Program Files\Holly - A Christmas Tale 2007-12-09 01:48 . 2007-12-18 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\does dog two city 2007-12-09 01:44 . 2007-12-09 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC 2007-12-09 01:43 . 2007-12-17 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-09 00:16 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu 2007-12-08 00:08 . 2007-12-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville 2007-12-07 19:45 . 2007-12-07 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MythPeople 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpEF563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpC5663.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp34563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp0B563.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmpAE8B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp689B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp5D9B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp23AB4.FOT 2007-12-07 10:14 . 2007-12-20 21:49 17,604 --a------ C:\WINDOWS\system32\Config.MPF 2007-12-07 02:15 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-12-07 02:14 . 2007-12-18 09:42 <DIR> d-------- C:\mcafee_mcpr 2007-12-07 02:14 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-12-07 02:14 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-12-07 02:14 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-12-07 02:14 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-12-07 02:13 . 2007-12-07 02:13 <DIR> d-------- C:\Program Files\McAfee.com 2007-12-07 02:13 . 2007-12-07 02:15 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-12-07 02:12 . 2007-12-18 10:29 <DIR> d-------- C:\Program Files\McAfee 2007-12-07 01:23 . 2007-12-07 01:23 <DIR> d-------- C:\Documents and Settings\user\Application Data\SpywareBot 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-07 00:41 . 2007-12-07 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-12-07 00:07 . 2007-12-07 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmpB7839.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp80939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp56939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp3C939.FOT 2007-12-06 23:28 . 2007-12-06 23:28 <DIR> d-------- C:\Program Files\Smilebox 2007-12-06 23:03 . 2007-12-06 23:03 103,824 --a------ C:\Program Files\InstallDownloader.exe 2007-12-06 22:38 . 2007-12-06 23:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Smilebox . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 16:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-18 17:29 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2007-12-18 16:56 --------- d-----w C:\Program Files\Common Files\SystemRequirementsLab 2007-12-18 15:50 --------- d-----w C:\Program Files\Common Files\Scanner 2007-12-09 07:21 --------- d-----w C:\Program Files\RealArcade 2007-12-07 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-07 07:08 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-07 06:31 --------- d-----w C:\Program Files\Java 2007-12-07 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-06 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-12-03 01:42 --------- d-----w C:\Documents and Settings\user\Application Data\Image Zone Express 2007-11-29 21:50 38,567 ----a-w C:\windows\system32\pcpbios.exe 2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys 2007-11-12 02:05 --------- d-----w C:\Program Files\Luxor 3 2007-10-29 22:43 1,287,680 ----a-w C:\windows\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\windows\system32\wmasf.dll 2007-10-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2006-02-19 07:28 12,288 ----a-w C:\windows\Fonts\RandFont.dll 2005-07-07 23:14 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}] 2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 07:00] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05] "AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [2007-04-18 01:49] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 19:53] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 23:05] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] C:\Program Files\AOL 9.0b\AOL.EXE -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe R3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\windows\system32\DRIVERS\WniHdd51.sys [2005-04-18 16:47] R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 07:00] . Contents of the 'Scheduled Tasks' folder "2007-12-15 06:22:10 C:\windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2007-12-07 07:14:01 C:\windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2007-12-21 02:48:32 C:\windows\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-20 16:28:32 C:\windows\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-20 08:00:17 C:\windows\Tasks\SpywareBot Scheduled Scan.job" - C:\Program Files\SpywareBot\SpywareBot.ex - C:\Program Files\SpywareBot . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 21:57:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 21:58:13 C:\ComboFix2.txt ... 2007-12-18 19:39 . 2007-12-16 08:03:35 --- E O F --- Edited December 21, 2007 by justjoy Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 21, 2007 Hi.justjoy Let's try something here. Please Download NoLop to your desktop from one of the links below... Link 1 Link 2 Link 3 * First close any other programs you have running as this will require a reboot * Double click NoLop.exe to run it * Now click the button labelled "Search and Destroy" <<your computer will now be scanned for infected files>> * When scanning is finished you will be prompted to reboot only if infected, Click OK * Now click the "REBOOT" Button. * A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. -- Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 21, 2007 First one came up no infected flies have been found and here is new hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:51:45 PM, on 12/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SPYWAREfighter\spfprc.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe C:\windows\explorer.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe -- End of file - 7459 bytes Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 21, 2007 Hi.justjoy So you still getting the pop-ups? and the error at startup. Did you do a reboot see if it's still here. Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 21, 2007 Hi Yes to both questions invalid boot.inf file booting from c:/ windows this pop-up was perfectlovercalculator.com Joy Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 21, 2007 Hey.justjoy I need an Uninstall_List from HijackThis * Start HijackThis and click on Open Misc Tools section * Look for and click on Open Uninstall Manager... * Look to the right and click on Save As.. * Save it to your desktop and then upload it to me. ================================= Download reglooks.exe Place it on your desktop. Double-click reglooks.exe.Do nothing and wait for an opening logfile. Again upload log-file to me. ================================= Right click on My Computer and select Properties - Advanced tab. Under Startup and recovery click Settings, then Edit. Copy and paste the contents of the boot.ini here so I may have a look at it. Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 21, 2007 Hello, REGLOOKS logfile version 0.977 Fri 12/21/2007 12:37:27.92 running from: "C:\Documents and Settings\user\Desktop" --- SSODL regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad only standard or legit regkeys found --- STS regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler only standard or legit regkeys found --- USERINIT regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit"="C:\\windows\\system32\\userinit.exe," --- SHELL regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="Explorer.exe" --- SYSTEM regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"="" --- APPINIT_DLLS regkey --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs"="" --- NOTIFY regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify "AtiExtEvent" "DLLName"="Ati2evxx.dll" --- BOOTEXECUTE regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootExecute= autocheck autochk *lsdelete\ --- SHELLEXECUTEHOOKS regkey --- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" --- HKLM\Run regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "spywarefighterguard"="C:\\Program Files\\SPYWAREfighter\\spftray.exe" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "hpqSRMon"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe" [Run\OptionalComponents] [Run\OptionalComponents\IMAIL] "Installed"="1" [Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [Run\OptionalComponents\MSFS] "Installed"="1" --- HKLM\RunOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKLM RunOnce keys found --- HKLM\RunOnceEx regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx no HKLM RunOnceEx keys found --- HKLM\RunServices regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKLM RunServices keys found --- HKLM\RunServicesOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce regkey does not exist --- HKCU\Run regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ctfmon.exe"="C:\\windows\\system32\\ctfmon.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "AOL Fast Start"="\"C:\\Program Files\\AOL 9.0b\\AOL.EXE\" -b" --- HKCU\RunOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKCU RunOnce keys found --- HKCU\RunOnceEx regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx regkey does not exist --- HKCU\RunServices regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKCU RunServices keys found --- HKCU\RunServicesOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce no HKCU RunServicesOnce keys found --- HKU\.DEFAULT\Run regkeys - Default user --- HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run no HKU\.DEFAULT\Run keys found --- HKU\S-1-5-18\Run regkeys - user SYSTEM --- HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run no HKU\S-1-5-18\Run keys found --- HKU\S-1-5-19\Run regkeys - User Lokale service --- HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKU\S-1-5-20\Run regkeys - User Netwerkservice --- HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKLM\Explorer\Run regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run no HKLM Explorer\Run keys found --- HKCU\Explorer\Run regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run no HKCU Explorer\Run keys found --- Image File Execution regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options no debuggers found --- BROWSER HELPER OBJECTS regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR) "{6548BF73-58FF-71D5-F97D-17C71E323709}" FILE ="C:\\Program Files\\IntelligentAdvisor\\IntelligentAdvisor-2.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\ssv.dll" "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" FILE ="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\scriptcl.dll" --- TOOLBAR regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar no toolbars found --- URLSEARCHHOOKS regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks only standard regkeys found --- CONTEXTMENUHANDLERS regkeys --- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers "MCVSRIGHTCLICKSCANNER" CLSID ={162EFDC5-2957-465D-887B-590AF4A7E84D} FILE ="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsax.dll" "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "SPYWAREfighter" CLSID ={44CB577A-837C-4C36-9C8D-80A1639B9333} FILE ="C:\\Program Files\\SPYWAREfighter\\spfext.dll" "WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="C:\\Program Files\\WinZip\\wzshlstb.dll" "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll" "WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="C:\\Program Files\\WinZip\\wzshlstb.dll" HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers "MCVSRIGHTCLICKSCANNER" CLSID ={162EFDC5-2957-465D-887B-590AF4A7E84D} FILE ="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsax.dll" "SPYWAREfighter" CLSID ={44CB577A-837C-4C36-9C8D-80A1639B9333} FILE ="C:\\Program Files\\SPYWAREfighter\\spfext.dll" "WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="C:\\Program Files\\WinZip\\wzshlstb.dll" --- ALTERNATESHELL regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot "AlternateShell"="cmd.exe" --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal no unknown services found --- SAFEBOOT NETWORK SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network no unknown services found --- SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Airgo "DisplayName"="Wireless-G PCI Adapter with SRX Driver" system32\DRIVERS\WniHdd51.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AOL ACS "DisplayName"="AOL Connectivity Service" "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atierecord no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FXDRV "DisplayName"="FXDRV" \??\D:\Fxdrv.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OmniUsb "DisplayName"="Ideazon USB Zboard Driver" system32\DRIVERS\OmniUsb.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OmniUsbl "DisplayName"="Ideazon USBl Zboard Driver" system32\DRIVERS\OmniUsbl.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpyFighter "DisplayName"="SpyFighter Guard Device" \??\C:\Program Files\SPYWAREfighter\spyfighter.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPYWAREfighterRP "DisplayName"="SPYWAREfighterRP" "C:\Program Files\SPYWAREfighter\spfprc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw "DisplayName"="WAN Miniport (ATW)" system32\DRIVERS\wanatw4.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0E2F4962-9A16-4D87-A0D6-9E5711282C7F} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{8919D171-E6D3-4DDF-B1C4-5437691BDBFE} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{9E5EF34E-18C0-49E3-90AA-157EAA78B653} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{AA221FEF-2A2D-4239-9BD8-D2A7B0790BDD} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{C1EE0F08-E358-450A-A4A2-88C2CB2F14E6} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{DE83678D-D419-436F-A8AF-2838FFA083C0} no imagepath value found --- SECURITYPROVIDERS regkey --- HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" --- SVCHOST regkey --- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost HTTPFilter: HTTPFilter\ LocalService: AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService: DnsCache\ netsvcs: 6to4AppMgmtAudioSrvBrowserCryptSvcDMServerDHCPERSvcEventSystemFastUserSwitchingCompatibilityHidServIasIpripIrmonLanmanServerLanmanWorkstationMessengerNetmanNlaNtmssvcNWCWorkstationNwsapagentRasautoRasmanRemoteaccessScheduleSeclogonSENSSharedaccessSRServiceTapisrvThemesTrkWksW32TimeWZCSVCWmiWmdmPmSpwinmgmtwscsvcxmlprovBITSwuauservShellHWDetectionhelpsvcWmdmPmSN\ DcomLaunch: DcomLaunchTermService\ rpcss: RpcSs\ imgsvc: StiSvc\ termsvcs: TermService\ WudfServiceGroup: WUDFSvc\ --- WOW-CMDLINE regkeys --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW "cmdline" = %SystemRoot%\system32\ntvdm.exe "wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- DNS SERVER regkeys --- no "NameServer" values found --- STARTUP FOLDERS --- C:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini --- TASK SCHEDULER JOBS --- C:\windows\tasks\McDefragTask.job C:\windows\tasks\McQcTask.job C:\windows\tasks\RegCure Program Check.job C:\windows\tasks\RegCure.job C:\windows\tasks\SpywareBot Scheduled Scan.job --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" /S) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) FINISHED HIJACKTHIS UNINSTALL MANAGER 7 Wonders II (remove only) Ad-Aware 2007 Adobe Common File Installer Adobe Download Manager 2.0 (Remove Only) Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe® Photoshop® Album Starter Edition 3.0 AOL Uninstaller (Choose which Products to Remove) ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver Big Fish Games Client CCleaner (remove only) Concentration Evaluation HijackThis 2.0.2 Holly: A Christmas Tale (remove only) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Customer Participation Program 7.0 HP Driver Diagnostics HP Imaging Device Functions 7.0 HP Photosmart and Deskjet 7.0 Software HP Photosmart Essential HP Photosmart Essential 2.5 HP Photosmart Premier Software 6.5 HP Product Detection HP Solution Center 7.0 HP Update IntelligentAdvisor Java 6 Update 2 LimeWire 4.12.11 Linksys Wireless-G PCI Adapter with SRX Lucky Clover (remove only) Luxor 3 (remove only) Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash Player 8 McAfee SecurityCenter Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft Office Excel Viewer 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Mysteryville 2 NVIDIA Drivers NvMixer Photo Viewer 2.3 PlayMP3z QuickTime Rain Talisman (remove only) RealArcade RealPlayer Basic RegCure 1.5.0.0 Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB944653) SpyDestroy Pro 1.0.8 SPYWAREfighter Super Granny 4 Evaluation The Magicians Handbook: Cursed Valley (remove only) The Rise of Atlantis The Stone of Destiny (remove only) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925876) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Viewpoint Media Player Wheel of Fortune 2 Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 WinZip 11.1 Zenerchi (remove only) Ok now here is a problem After startup & recovery when I hit settings it comes up with this error message c:boot.inf file can not be oppened. operating system & timeout settings can not be changed Then it goes to the next screen with the edit button when I click on the edit button it comes up with this error message can't find the c:/boot.inf file Do you want to creat a new one? I just hit cancel. I did not want to mess it up any more then it is. Thanks, Joy Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 22, 2007 Hi.justjoy Sorry again for the delay I'm having a ton of problems of my own here. Hmm I'm just about able to post this. 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else. Folder::C:\WINDOWS\SxsCaPendDel C:\Program Files\PlayMP3z Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Then come back here with both the HijackThis log and ComboFix.txt Gogo Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 22, 2007 Hey.justjoy Just so you know if I don't get back to you right away. Don't think I have forgot you I just have to get this thing going again. I'm starting to think that my last Kaspersky update did something to this PC. Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 22, 2007 I fully understand...I'm just thankfull for the time and help that you have give me....I know you will get to the bottom of this....And good luck and godspeed with yours! ComboFix 07-12-19.2 - user 2007-12-22 0:09:08.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.697 [GMT -5:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\user\Desktop\cfscript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\PlayMP3z C:\Program Files\PlayMP3z\uninstall.exe C:\WINDOWS\SxsCaPendDel . ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-20 23:41 . 2007-12-20 23:49 318 --a------ C:\delete.bat 2007-12-20 21:16 . 2007-12-20 21:16 <DIR> d-------- C:\Program Files\CCleaner 2007-12-18 16:26 . 2007-12-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Application 2007-12-18 16:25 . 2007-12-18 16:29 <DIR> d-------- C:\Program Files\SPYWAREfighter 2007-12-18 16:23 . 2007-12-18 16:23 <DIR> d-------- C:\Program Files\SpyDestroy Pro 2007-12-18 14:04 . 2007-12-18 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint 2007-12-18 14:04 . 2007-12-22 00:07 50,014 --a------ C:\VETlog.dmp 2007-12-18 14:03 . 2007-12-18 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL 2007-12-18 13:51 . 2007-12-18 13:51 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-18 12:53 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-18 12:23 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-12-18 10:33 . 2007-12-18 10:50 <DIR> d-------- C:\Program Files\PCPitstop 2007-12-18 10:33 . 2007-12-18 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2007-12-17 17:08 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-12-17 17:08 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-12-17 17:08 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-12-17 15:43 . 2007-12-17 16:07 <DIR> d-------- C:\Program Files\RegCure 2007-12-17 15:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-17 15:09 . 2007-12-17 15:11 <DIR> d-------- C:\Program Files\BitDownload 2007-12-17 14:29 . 2007-12-21 15:21 <DIR> d-------- C:\Program Files\IntelligentAdvisor 2007-12-17 13:49 . 2007-12-17 14:23 <DIR> d-------- C:\Program Files\Registry Easy 2007-12-17 13:24 . 2007-12-17 13:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue 2007-12-12 23:39 . 2007-12-12 23:39 <DIR> d-------- C:\Program Files\Lucky Clover 2007-12-12 22:32 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\The Magicians Handbook - Cursed Valley 2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\Legends of pirates 2007-12-10 23:52 . 2007-12-10 23:53 <DIR> d-------- C:\Program Files\Holly - A Christmas Tale 2007-12-09 01:48 . 2007-12-18 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\does dog two city 2007-12-09 01:44 . 2007-12-09 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC 2007-12-09 01:43 . 2007-12-17 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-09 00:16 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu 2007-12-08 00:08 . 2007-12-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville 2007-12-07 19:45 . 2007-12-07 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MythPeople 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpEF563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpC5663.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp34563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp0B563.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmpAE8B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp689B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp5D9B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp23AB4.FOT 2007-12-07 10:14 . 2007-12-21 08:14 17,604 --a------ C:\WINDOWS\system32\Config.MPF 2007-12-07 02:15 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-12-07 02:14 . 2007-12-18 09:42 <DIR> d-------- C:\mcafee_mcpr 2007-12-07 02:14 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-12-07 02:14 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-12-07 02:14 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-12-07 02:14 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-12-07 02:13 . 2007-12-07 02:13 <DIR> d-------- C:\Program Files\McAfee.com 2007-12-07 02:13 . 2007-12-07 02:15 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-12-07 02:12 . 2007-12-18 10:29 <DIR> d-------- C:\Program Files\McAfee 2007-12-07 01:23 . 2007-12-07 01:23 <DIR> d-------- C:\Documents and Settings\user\Application Data\SpywareBot 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-07 00:41 . 2007-12-07 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-12-07 00:07 . 2007-12-07 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmpB7839.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp80939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp56939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp3C939.FOT 2007-12-06 23:28 . 2007-12-06 23:28 <DIR> d-------- C:\Program Files\Smilebox 2007-12-06 23:03 . 2007-12-06 23:03 103,824 --a------ C:\Program Files\InstallDownloader.exe 2007-12-06 22:38 . 2007-12-06 23:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Smilebox . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 16:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-18 17:29 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2007-12-18 16:56 --------- d-----w C:\Program Files\Common Files\SystemRequirementsLab 2007-12-18 15:50 --------- d-----w C:\Program Files\Common Files\Scanner 2007-12-09 07:21 --------- d-----w C:\Program Files\RealArcade 2007-12-07 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-07 07:08 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-07 06:31 --------- d-----w C:\Program Files\Java 2007-12-07 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-06 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-12-03 01:42 --------- d-----w C:\Documents and Settings\user\Application Data\Image Zone Express 2007-11-29 21:50 38,567 ----a-w C:\windows\system32\pcpbios.exe 2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys 2007-11-12 02:05 --------- d-----w C:\Program Files\Luxor 3 2007-10-29 22:43 1,287,680 ----a-w C:\windows\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\windows\system32\wmasf.dll 2007-10-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2006-02-19 07:28 12,288 ----a-w C:\windows\Fonts\RandFont.dll 2005-07-07 23:14 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}] 2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 07:00] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05] "AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [2007-04-18 01:49] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 19:53] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 23:05] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] C:\Program Files\AOL 9.0b\AOL.EXE -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe R3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\windows\system32\DRIVERS\WniHdd51.sys [2005-04-18 16:47] R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 07:00] . Contents of the 'Scheduled Tasks' folder "2007-12-15 06:22:10 C:\windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2007-12-07 07:14:01 C:\windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2007-12-21 22:00:04 C:\windows\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-20 16:28:32 C:\windows\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-21 08:00:01 C:\windows\Tasks\SpywareBot Scheduled Scan.job" - C:\Program Files\SpywareBot\SpywareBot.ex - C:\Program Files\SpywareBot . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 00:11:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-22 0:12:33 C:\ComboFix2.txt ... 2007-12-20 21:58 C:\ComboFix3.txt ... 2007-12-18 19:39 . 2007-12-16 08:03:35 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:18:55 AM, on 12/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\windows\explorer.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe -- End of file - 7472 bytes Thanks Joy Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 22, 2007 Hi.justjoy Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 3. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name.- Examples of older versions in Add or Remove Programs: Java 2 Runtime Environment, SE v1.4.2 J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 6 [*]Click the Remove or Change/Remove button. [*]Repeat as many times as necessary to remove each Java versions. [*]Reboot your computer once all Java components are removed. [*]Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version. Let me know in your next reply how things are now. ========================== Download SDFix and save it to your Desktop. * Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) * Reboot into Safe Mode: ( without networking support !) °To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum with a new HijackThis log ============================ Could you also run an update with Ad-Aware, then run a Full System scan show me, it's log as well. Gogo Share this post Link to post Share on other sites
justjoy 0 Report post Posted December 22, 2007 not sure if this is right. it is very big Scan Results Ad-Aware 2007 Free Edition Log File Created on:2007-12-2214:19:52 Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef Computer name:GLENDA Name of user performing scan:SYSTEM Name of user ordering scan:user Scan completed successfully System Information File Version Information Ad-Aware 2007 Settings Extended Ad-Aware 2007 Settings Database Information Scan Statistics Scan Detailed Statistics Infections Found Listing of running processes System Information Number of processors:1 Processor type:AMD Athlon 64 Processor 3000+ Memory Available:60% Total Physical Memory:1073201152 Bytes Available Physical Memory:642367488 Bytes Total Page File Size:3115118592 Bytes Available On Page File:2641514496 Bytes Total Virtual Memory:2147352576 Bytes Available Virtual Memory:1977987072 Bytes OS:Microsoft Windows XP 5.1 (Build 2600) [to top] File Verion Information File Version CEAPI.dll 7, 0, 2, 3 aawservice.exe 7, 0, 2, 5 Ad-Aware2007.exe 7.0.2.5 [to top] Ad-Aware 2007 Settings Skipping files larger than:1048576 Bytes Ignoring infections with lower TAI than:3 Safe Mode:False [to top] Extended Ad-Aware 2007 Settings Unload malicious processes and modules Unload Modules Let Windows remove files at Start-Up Deactivate Ad-Watch Re-analyze Scan Result Delete Restored Items Write Protect System Files Create Log file Include basic settings Include advanced settings Include user and computer name Environment information Running processes Running processes and modules Include info about ignored objects in log file Consider definitions File Outdated after x days Proxy URL Proxy Port [to top] Database Info Version number:40 Build Number:0 Build Date and Time:2007/12/1702:47:35 [to top] Scan Statistics Method:Smart Items Scanned:136161 Infections Detected:113 Infections Removed:0 Infections Quarantined:0 Infections Ignored:0 [to top] Scan Detailed Statistics Type Critical Total Process Scan 0 0 Registry Scan 0 0 Registry PE Scan 0 0 Hosts Scan 0 0 File Scan 0 0 Folder Scan 0 0 LSP Scan 0 0 ADS Scan 0 0 Cookie Scan 111 111 File Hash Scan 0 0 [to top] Infections Found Family Id Name Category TAI 725 Tracking Cookie DataMiner 3 [600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ehg-bestbuy.hitbox.com WSS_MIGRATION / [600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ehg-bestbuy.hitbox.com DM540724E8RDV6 / [600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat atdmt.com AA002 / [600000190] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1071654568/ [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net TID / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net ANRTT / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net TData / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net Anxd / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net Tcc / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net Tsid / [600000050] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tribalfusion.com ANON_ID / [600000144] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat doubleclick.net id / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat anad.tacoda.net /PC / [600000263] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat mediaplex.com svid / [600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 3.adbrite.com ihc_34742 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBanners895 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com lastInviteTime / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIinvited895 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBannerCounter25863 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIControlCounter895 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBanners875 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBannerCounter24908 / [600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat revsci.net NETID01 / [600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat revsci.net NETSEGS_J05532 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net pjw / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m2 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net adv_ic / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net pluto / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m1 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m3 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net vt / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m6 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m8 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net zru / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net rt / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net DMEXP / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net CTCI / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net HS / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net DGI / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net UI / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net LO / [600000175] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat bilbo.counted.com C_Bilbo60696 / [600000175] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat bilbo.counted.com C_Bilbo_pe_60696 / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com dly2 / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com dmg2 / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com hst2 / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com rth / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com uid2 / [600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adbrite.com Apache / [600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adbrite.com b / [600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.revsci.net rsi_us_1000000 /adserver [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMID / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMPS / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMPP / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMPH / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMFP / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMX2 / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMCLICK2 / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMX1 / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMS / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMIMP / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMX3 / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMCLICK3 / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net dmc / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net dmk / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net smc / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net smk / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net dmp / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net smx / [600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat hitbox.com CTG / [600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat hitbox.com WSS_GW / [600000101] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat overture.com ConvData / [600000101] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat overture.com UserData / [600000457] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.euroclick.com NSC_mc-bepqu.fvspdmjdl.dpn-iuuq / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRID / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRimp / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRca / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRcp / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRpl / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRcr / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRpc / [600000085] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat questionmarket.com ES / [600000085] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat questionmarket.com CS1 / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_nx60cfalcfjax7Bbnfc / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_kefx7Dofiego / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_gijupe / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_oabhjamfx7Dzx7Cgx7Ex7D / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_zx7Cgnefkhe / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_x7Fybhizix60cx7Cix7E / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_usheik / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_hex7Foczix7Eomx7Eh / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com ZEDOIDX / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com ZEDOIDA / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com geo / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com FFChanCap / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com PI / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com FFbh / [600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat network.realmedia.com NSC_f4pbto1efm_qppm_iuuqt / [600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat realmedia.com RMID / [600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat realmedia.com RMFL / [600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat realmedia.com NXCLICK2 / [600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat media.adrevolver.com BIGipServerar-slave / [600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ad.yieldmanager.com uid / [600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ad.yieldmanager.com bh / [600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ad.yieldmanager.com fl_inst / [600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adrevolver.com adrev_adpath / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com ACID / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com C2 / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com BASE / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com ROLL / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com F1 / 9999 MRU Object MRU Object 0 [1] MRU Path: C:\Documents and Settings\user\Recent Count: 5 [3] MRU Registry Key: S-1-5-21-583907252-1500820517-725345543-1004\Software\Microsoft\Internet Explorer\TypedURLs Count: 3 Quarantined Objects Family Id Name Category TAI Removed Objects Family Id Name Category TAI [to top] Listing of Running Processes C:\WINDOWS\SYSTEM32\SMSS.EXE c:\windows\system32\smss.exe c:\windows\system32\ntdll.dll C:\WINDOWS\SYSTEM32\CSRSS.EXE c:\windows\system32\csrss.exe c:\windows\system32\ntdll.dll c:\windows\system32\csrsrv.dll c:\windows\system32\basesrv.dll c:\windows\system32\winsrv.dll c:\windows\system32\gdi32.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\sxs.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll C:\WINDOWS\SYSTEM32\WINLOGON.EXE c:\windows\system32\winlogon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\authz.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\nddeapi.dll c:\windows\system32\profmap.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\windows\system32\psapi.dll c:\windows\system32\regapi.dll c:\windows\system32\secur32.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\imm32.dll c:\windows\system32\msgina.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\system32\odbc32.dll c:\windows\system32\comdlg32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\odbcint.dll c:\windows\system32\shsvcs.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\ole32.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\winscard.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\sxs.dll c:\windows\system32\uxtheme.dll c:\windows\system32\winmm.dll c:\windows\system32\ati2evxx.dll c:\windows\system32\rsaenh.dll c:\windows\system32\cscdll.dll c:\windows\system32\wlnotify.dll c:\windows\system32\winspool.drv c:\windows\system32\mpr.dll c:\windows\system32\wgalogon.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\cscui.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll C:\WINDOWS\SYSTEM32\SERVICES.EXE c:\windows\system32\services.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\userenv.dll c:\windows\system32\scesrv.dll c:\windows\system32\authz.dll c:\windows\system32\umpnpmgr.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\msvcp60.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acadproc.dll c:\windows\system32\imm32.dll c:\windows\system32\secur32.dll c:\windows\system32\apphelp.dll c:\windows\system32\version.dll c:\windows\system32\eventlog.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll C:\WINDOWS\SYSTEM32\LSASS.EXE c:\windows\system32\lsass.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\lsasrv.dll c:\windows\system32\mpr.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\msvcrt.dll c:\windows\system32\netapi32.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wldap32.dll c:\windows\system32\secur32.dll c:\windows\system32\samlib.dll c:\windows\system32\samsrv.dll c:\windows\system32\cryptdll.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msprivs.dll c:\windows\system32\kerberos.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\netlogon.dll c:\windows\system32\w32time.dll c:\windows\system32\msvcp60.dll c:\windows\system32\schannel.dll c:\windows\system32\crypt32.dll c:\windows\system32\wdigest.dll c:\windows\system32\rsaenh.dll c:\windows\system32\scecli.dll c:\windows\system32\setupapi.dll c:\windows\system32\ipsecsvc.dll c:\windows\system32\authz.dll c:\windows\system32\oakley.dll c:\windows\system32\winipsec.dll c:\windows\system32\pstorsvc.dll c:\windows\system32\psbase.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dssenh.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\rpcss.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\termsrv.dll c:\windows\system32\icaapi.dll c:\windows\system32\setupapi.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\authz.dll c:\windows\system32\mstlsapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\atl.dll c:\windows\system32\regapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rpcss.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dnsapi.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\shsvcs.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\secur32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\rtutils.dll c:\windows\system32\wmi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\esent.dll c:\windows\system32\atl.dll c:\windows\system32\rastls.dll c:\windows\system32\cryptui.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\schannel.dll c:\windows\system32\winscard.dll c:\windows\system32\raschap.dll c:\windows\system32\msv1_0.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msvcp60.dll c:\windows\system32\wzcsapi.dll c:\windows\system32\schedsvc.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\msidle.dll c:\windows\system32\audiosrv.dll c:\windows\system32\wkssvc.dll c:\windows\system32\qmgr.dll c:\windows\system32\mpr.dll c:\windows\system32\shfolder.dll c:\windows\system32\winhttp.dll c:\windows\system32\cryptsvc.dll c:\windows\system32\certcli.dll c:\windows\system32\ersvc.dll c:\windows\system32\es.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\pchealth\helpctr\binaries\pchsvc.dll c:\windows\system32\hidserv.dll c:\windows\system32\hid.dll c:\windows\system32\srvsvc.dll c:\windows\system32\netman.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\windows\system32\seclogon.dll c:\windows\system32\sens.dll c:\windows\system32\srsvc.dll c:\windows\system32\powrprof.dll c:\windows\system32\trkwks.dll c:\windows\system32\w32time.dll c:\windows\system32\wbem\wmisvc.dll c:\windows\system32\vssapi.dll c:\windows\system32\wuauserv.dll c:\windows\system32\browser.dll c:\windows\system32\wuaueng.dll c:\windows\system32\winspool.drv c:\windows\system32\cabinet.dll c:\windows\system32\mspatcha.dll c:\windows\system32\ipnathlp.dll c:\windows\system32\authz.dll c:\windows\system32\wscsvc.dll c:\windows\system32\msi.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\wbem\wbemcore.dll c:\windows\system32\wbem\esscli.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\wbem\wmiutils.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\sxs.dll c:\windows\system32\winrnr.dll c:\windows\system32\wbem\repdrvfs.dll c:\windows\system32\wbem\wmiprvsd.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\wbem\wbemess.dll c:\windows\system32\comsvcs.dll c:\windows\system32\colbact.dll c:\windows\system32\mtxclu.dll c:\windows\system32\wsock32.dll c:\windows\system32\clusapi.dll c:\windows\system32\resutils.dll c:\windows\system32\wbem\ncprov.dll c:\windows\system32\netcfgx.dll c:\windows\system32\rasmans.dll c:\windows\system32\winipsec.dll c:\windows\system32\tapisrv.dll c:\windows\system32\psapi.dll c:\windows\system32\rastapi.dll c:\windows\system32\unimdm.tsp c:\windows\system32\uniplat.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\apphelp.dll c:\windows\system32\kmddsp.tsp c:\windows\system32\ndptsp.tsp c:\windows\system32\ipconf.tsp c:\windows\system32\h323.tsp c:\windows\system32\hidphone.tsp c:\windows\system32\rasppp.dll c:\windows\system32\ntlsapi.dll c:\windows\system32\kerberos.dll c:\windows\system32\cryptdll.dll c:\windows\system32\rasdlg.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\mlang.dll c:\windows\system32\xmlprovi.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\dnsrslvr.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\lmhsvc.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\webclnt.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\secur32.dll c:\windows\system32\ssdpsrv.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\upnphost.dll c:\windows\system32\winhttp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\netapi32.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE c:\program files\lavasoft\ad-aware 2007\aawservice.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\lavasoft\ad-aware 2007\ceapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll c:\windows\system32\shell32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wldap32.dll c:\windows\system32\psapi.dll c:\windows\system32\version.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\program files\lavasoft\ad-aware 2007\update.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\secur32.dll C:\WINDOWS\SYSTEM32\SPOOLSV.EXE c:\windows\system32\spoolsv.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\spoolss.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\dnsapi.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\localspl.dll c:\windows\system32\secur32.dll c:\windows\system32\sfc_os.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\winspool.drv c:\windows\system32\netapi32.dll c:\windows\system32\cnbjmon.dll c:\windows\system32\hpz3l463.dll c:\windows\system32\hpz3l4pi.dll c:\windows\system32\pjlmon.dll c:\windows\system32\tcpmon.dll c:\windows\system32\usbmon.dll c:\windows\system32\spool\prtprocs\w32x86\hpzpp463.dll c:\windows\system32\spool\prtprocs\w32x86\hpzpp4pi.dll c:\windows\system32\mswsock.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\windows\system32\win32spl.dll c:\windows\system32\netrap.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\inetpp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE c:\program files\common files\aol\acs\aolacsd.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\common files\aol\acs\aolacsd.dll c:\windows\system32\winmm.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\tapi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\rtutils.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\common files\aol\acs\xpat.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\program files\common files\aol\acs\acsmdiag.dll c:\program files\common files\aol\aoldiag\tbdiag.dll c:\program files\common files\aol\acs\acscmn.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\mswsock.dll c:\program files\common files\aol\acs\acsswu.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\secur32.dll c:\windows\system32\msv1_0.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\samlib.dll c:\windows\system32\sensapi.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\dnsapi.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\w3ssl.dll c:\windows\system32\strmfilt.dll c:\windows\system32\secur32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\httpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll C:\PROGRAM FILES\COMMON FILES\MCAFEE\HACKERWATCH\HWAPI.EXE c:\program files\common files\mcafee\hackerwatch\hwapi.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\psapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll c:\windows\system32\winhttp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dnsapi.dll c:\windows\system32\rasadhlp.dll C:\PROGRA~1\MCAFEE\MSC\MCMSCSVC.EXE c:\progra~1\mcafee\msc\mcmscsvc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\psapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\uxtheme.dll c:\windows\system32\xpsp2res.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\progra~1\common~1\mcafee\msc\sqlite3.dll c:\windows\system32\setupapi.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\windows\system32\msv1_0.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\progra~1\mcafee\msc\mcshllps.dll c:\progra~1\mcafee\msc\mcdbmgr.dll C:\PROGRA~1\COMMON~1\MCAFEE\MNA\MCNASVC.EXE c:\progra~1\common~1\mcafee\mna\mcnasvc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\psapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\uxtheme.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\progra~1\common~1\mcafee\msc\mcutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\setupapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\progra~1\mcafee\msc\mcnmcsrv.dll c:\windows\system32\mpr.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\progra~1\mcafee\msc\mcshllps.dll c:\progra~1\common~1\mcafee\mna\mcnasv~1.dll c:\progra~1\mcafee\msc\mcnmcsps.dll c:\windows\system32\msxml4.dll c:\progra~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll c:\progra~1\mcafee\msc\mcmismgr.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\msi.dll c:\windows\system32\ntmarta.dll c:\progra~1\common~1\mcafee\mna\mcuj.dll c:\progra~1\mcafee\msc\mcnmcres.dll c:\progra~1\mcafee\msc\mcnmclor.dll c:\progra~1\mcafee\msc\mcnmccor.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\msvcp60.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\progra~1\mcafee\msc\mcmispps.dll C:\PROGRA~1\MCAFEE\VIRUSS~1\MCODS.EXE c:\progra~1\mcafee\viruss~1\mcods.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\psapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\sxs.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\msv1_0.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll C:\PROGRA~1\MCAFEE\MSC\MCPROMGR.EXE c:\progra~1\mcafee\msc\mcpromgr.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\winsta.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\advapi32.dll c:\windows\system32\netapi32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\urlmon.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\iertutil.dll c:\windows\system32\shell32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\progra~1\common~1\mcafee\msc\mcutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\progra~1\mcafee\msc\mcshllps.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\setupapi.dll c:\windows\system32\msi.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\msxml4.dll c:\progra~1\mcafee\msc\mcprotpv.dll c:\progra~1\mcafee\msc\mcnmcres.dll c:\progra~1\mcafee\msc\mcnmclor.dll c:\progra~1\mcafee\msc\mcnmccor.dll c:\windows\system32\sxs.dll c:\progra~1\mcafee\msc\mcprohlp.dll C:\PROGRA~1\COMMON~1\MCAFEE\MCPROXY\MCPROXY.EXE c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\psapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\secur32.dll c:\windows\system32\xpsp2res.dll c:\progra~1\mcafee\mps\mpsppm.dll c:\windows\system32\oleaut32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\rsaenh.dll c:\windows\system32\uxtheme.dll c:\windows\system32\userenv.dll c:\windows\system32\netapi32.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\progra~1\common~1\mcafee\redirsvc\redirps.dll C:\PROGRA~1\COMMON~1\MCAFEE\REDIRSVC\REDIRSVC.EXE c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\psapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\secur32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\windows\system32\rsaenh.dll c:\windows\system32\uxtheme.dll c:\windows\system32\userenv.dll c:\windows\system32\netapi32.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll c:\progra~1\common~1\mcafee\redirsvc\redirps.dll C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSYSMON.EXE c:\progra~1\mcafee\viruss~1\mcsysmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\psapi.dll c:\windows\system32\version.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\rsaenh.dll c:\windows\system32\uxtheme.dll c:\windows\system32\secur32.dll c:\progra~1\mcafee\viruss~1\mvslog.dll c:\windows\system32\msxml3.dll c:\progra~1\mcafee\viruss~1\mfesmfa.dll c:\progra~1\mcafee\viruss~1\mfehida.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll c:\progra~1\mcafee\viruss~1\mvscfg.dll c:\windows\system32\sxs.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\shell32.dll c:\windows\system32\setupapi.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\progra~1\mcafee\viruss~1\mcvsps.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\mstask.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\comdlg32.dll c:\windows\system32\mpr.dll C:\PROGRAM FILES\MCAFEE\MPF\MPFSRV.EXE c:\program files\mcafee\mpf\mpfsrv.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\setupapi.dll c:\windows\system32\imm32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\secur32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\psapi.dll c:\windows\system32\userenv.dll c:\windows\system32\netapi32.dll c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\progra~1\mcafee\mpf\mc\mpfmisp.dll c:\windows\system32\comdlg32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\msimg32.dll c:\windows\system32\urlmon.dll c:\windows\system32\winmm.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\windows\system32\netshell.dll c:\windows\system32\rtutils.dll c:\windows\system32\credui.dll c:\windows\system32\atl.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\sxs.dll c:\progra~1\mcafee\mpf\mc\mpfaltps.dll c:\windows\system32\msi.dll c:\windows\system32\msxml4.dll C:\PROGRA~1\MCAFEE\MPS\MPS.EXE c:\progra~1\mcafee\mps\mps.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\psapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\secur32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\dunzip32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\mlang.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\windows\system32\userenv.dll c:\progra~1\mcafee\mps\mpsps.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\sxs.dll c:\windows\system32\msi.dll C:\WINDOWS\SYSTEM32\NVSVC32.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\userenv.dll c:\windows\system32\msvcrt.dll c:\windows\system32\powrprof.dll c:\windows\system32\imm32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\secur32.dll c:\windows\system32\msv1_0.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\version.dll C:\WINDOWS\SYSTEM32\HPZIPM12.EXE c:\windows\system32\hpzipm12.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\imm32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\ole32.dll c:\windows\system32\samlib.dll c:\windows\system32\uxtheme.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\wiaservc.dll c:\windows\system32\cfgmgr32.dll c:\windows\system32\setupapi.dll c:\windows\system32\mscms.dll c:\windows\system32\winspool.drv c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\actxprxy.dll c:\windows\system32\sti.dll C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE c:\program files\windows media player\wmpnetwk.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\windows\system32\winhttp.dll c:\windows\system32\shlwapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\shell32.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\httpapi.dll c:\windows\system32\wmpmde.dll c:\windows\system32\mfplat.dll c:\windows\system32\userenv.dll c:\windows\system32\faultrep.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\setupapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\secur32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\upnp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\msi.dll c:\windows\system32\sxs.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\wmp.dll c:\windows\system32\msvfw32.dll c:\windows\system32\winmm.dll c:\windows\system32\dbghelp.dll c:\windows\system32\wmploc.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\actxprxy.dll c:\windows\system32\wmpps.dll C:\WINDOWS\EXPLORER.EXE c:\windows\explorer.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\browseui.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\oleaut32.dll c:\windows\system32\shdocvw.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\cryptui.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\netapi32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\wldap32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\msacm32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctfime.ime c:\windows\system32\apphelp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\cscui.dll c:\windows\system32\cscdll.dll c:\windows\system32\themeui.dll c:\windows\system32\secur32.dll c:\windows\system32\msimg32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\actxprxy.dll c:\windows\system32\urlmon.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\setupapi.dll c:\windows\system32\msi.dll c:\windows\system32\ntshrui.dll c:\windows\system32\atl.dll c:\windows\system32\linkinfo.dll c:\windows\system32\netshell.dll c:\windows\system32\rtutils.dll c:\windows\system32\credui.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\msctf.dll c:\windows\system32\winsta.dll c:\windows\system32\webcheck.dll c:\windows\system32\stobject.dll c:\windows\system32\batmeter.dll c:\windows\system32\powrprof.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\winhttp.dll c:\windows\system32\mlang.dll c:\windows\system32\mydocs.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\wzcsapi.dll c:\windows\system32\mpr.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\netrap.dll c:\windows\system32\samlib.dll c:\windows\system32\davclnt.dll c:\windows\system32\sxs.dll c:\windows\system32\msisip.dll c:\windows\system32\wshext.dll c:\windows\system32\mfc42.dll c:\windows\system32\comdlg32.dll C:\PROGRAM FILES\MCAFEE\MPS\MPSEVH.EXE c:\program files\mcafee\mps\mpsevh.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\psapi.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\version.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\progra~1\mcafee\msc\mcaltlib.dll c:\windows\system32\riched20.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\windows\system32\winmm.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msxml3.dll c:\progra~1\mcafee\mps\mpsps.dll c:\progra~1\mcafee\mps\mpsmisp.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\windows\system32\msi.dll c:\windows\system32\sxs.dll c:\windows\system32\msctf.dll c:\windows\system32\setupapi.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll C:\WINDOWS\SYSTEM32\ALG.EXE c:\windows\system32\alg.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\atl.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\mswsock.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll C:\PROGRAM FILES\ADOBE\PHOTOSHOP ALBUM STARTER EDITION\3.0\APPS\APDPROXY.EXE c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\adobe\photoshop album starter edition\3.0\apps\apdboot.dll c:\windows\system32\shlwapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\psapi.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\adobe\photoshop album starter edition\3.0\apps\msvcp71.dll c:\program files\adobe\photoshop album starter edition\3.0\apps\msvcr71.dll c:\windows\system32\comctl32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\winspool.drv c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\dsound.dll c:\windows\system32\winmm.dll c:\windows\system32\version.dll c:\windows\system32\msctf.dll c:\windows\system32\sti.dll c:\windows\system32\cfgmgr32.dll c:\windows\system32\setupapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msctfime.ime c:\windows\system32\xpsp2res.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll C:\PROGRAM FILES\SPYWAREFIGHTER\SPFTRAY.EXE c:\program files\spywarefighter\spftray.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\shell32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\msi.dll c:\windows\system32\sxs.dll c:\windows\system32\xpsp2res.dll c:\program files\spywarefighter\spywarefighterbo.dll c:\windows\system32\msvbvm60.dll c:\windows\system32\msctfime.ime c:\program files\spywarefighter\spfrm.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\msctf.dll C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE c:\program files\hp\hp software update\hpwuschd2.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll c:\windows\system32\msctf.dll C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSRMON.EXE c:\program files\hp\digital imaging\bin\hpqsrmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\winsta.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\advapi32.dll c:\windows\system32\netapi32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctfime.ime c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\sti.dll c:\windows\system32\cfgmgr32.dll c:\windows\system32\setupapi.dll c:\windows\system32\msctf.dll C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE c:\program files\java\jre1.6.0_03\bin\jusched.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\wininet.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\ole32.dll c:\windows\system32\shell32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctf.dll c:\windows\system32\apphelp.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\system32\userenv.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\sensapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\windows\system32\urlmon.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll C:\WINDOWS\SYSTEM32\CTFMON.EXE c:\windows\system32\ctfmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msctf.dll c:\windows\system32\msutb.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\msctfime.ime C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE c:\program files\windows media player\wmpnscfg.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\shlwapi.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\imm32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\windows\system32\msctf.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\msctfime.ime c:\program files\windows media player\wmpnssci.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll C:\PROGRAM FILES\SPYWAREFIGHTER\SPFPRC.EXE c:\program files\spywarefighter\spfprc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\advapi32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\program files\spywarefighter\engine.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\winmm.dll c:\windows\system32\shell32.dll c:\windows\system32\psapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\msi.dll c:\windows\system32\sxs.dll c:\program files\spywarefighter\spfrm.dll c:\windows\system32\iphlpapi.dll c:\program files\spywarefighter\spywarefighterbo.dll c:\windows\system32\msvbvm60.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime C:\PROGRA~1\MCAFEE.COM\AGENT\MCAGENT.EXE c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\version.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\msctf.dll c:\windows\system32\msctfime.ime c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\setupapi.dll c:\progra~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll c:\windows\system32\psapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\msxml4.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\windows\system32\msxml3.dll c:\progra~1\mcafee.com\agent\mcagntps.dll c:\progra~1\mcafee\msc\mccfgpv.dll c:\progra~1\mcafee\msc\mcuicfg.dll C:\PROGRAM FILES\COMMON FILES\AOL\1175982866\EE\AOLSOFTWARE.EXE c:\program files\common files\aol\1175982866\ee\aolsoftware.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\program files\common files\aol\1175982866\ee\aolsvcmgr.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\common files\aol\1175982866\ee\xprt6.dll c:\windows\system32\imm32.dll c:\windows\system32\msctf.dll c:\program files\common files\aol\aoldiag\tbdiag.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\msctfime.ime c:\windows\system32\msi.dll c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\os.dll c:\program files\common files\aol\1175982866\ee\xprt5.dll c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\aolidlemon.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\notify.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\secur32.dll c:\windows\system32\msv1_0.dll c:\program files\common files\aol\1175982866\ee\services\localstorage\ver7_1_6_1\clssvc.dll c:\windows\system32\comctl32.dll c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll c:\windows\system32\shell32.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\msvcp60.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\hnetcfg.dll c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\aolsystrayservice.dll c:\program files\common files\aol\1175982866\ee\services\suiteframework\ver4_1_6_1\suiteframework.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll C:\PROGRAM FILES\AOL 9.0B\WAOL.EXE c:\program files\aol 9.0b\waol.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcr71.dll c:\program files\aol 9.0b\waol.dll c:\program files\aol 9.0b\supersub.dll c:\windows\system32\msvcp71.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\program files\aol 9.0b\xprt5.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\aol 9.0b\coolcore46.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\program files\aol 9.0b\zlib.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\system32\shell32.dll c:\windows\system32\imm32.dll c:\windows\system32\winmm.dll c:\windows\system32\msimg32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\program files\aol 9.0b\xmlparse.dll c:\program files\aol 9.0b\xmltok.dll c:\program files\aol 9.0b\comm.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\program files\aol 9.0b\manager.dll c:\windows\system32\urlmon.dll c:\windows\system32\winspool.drv c:\program files\aol 9.0b\synccore.dll c:\program files\aol 9.0b\proxymgr.dll c:\program files\aol 9.0b\appdata.dll c:\windows\system32\version.dll c:\program files\aol 9.0b\acfbase.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\msctf.dll c:\program files\common files\aol\1175982866\ee\aolsvcmgr.dll c:\program files\common files\aol\1175982866\ee\xprt6.dll c:\windows\system32\msctfime.ime c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\program files\aol 9.0b\resource.dll c:\program files\common files\aol\aoldiag\tbdiag.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\msxml3.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\uxtheme.dll c:\program files\common files\aol\acs\acscmn.dll c:\windows\system32\sxs.dll c:\program files\aol 9.0b\tool\imfdecode.rct c:\program files\aol 9.0b\tool\coretool.rct c:\program files\aol 9.0b\dunzip32.dll c:\program files\aol 9.0b\tool\mip.tol c:\program files\aol 9.0b\abook.dll c:\program files\aol 9.0b\tool\rich.rct c:\program files\aol 9.0b\tool\actvx.rct c:\program files\aol 9.0b\tool\sec.cct c:\program files\aol 9.0b\tool\chat.tol c:\windows\system32\setupapi.dll c:\program files\aol 9.0b\tool\htmlview.tol c:\program files\aol 9.0b\tool\www.tol c:\program files\aol 9.0b\tool\lvi.tol c:\program files\aol 9.0b\coolapi.dll c:\program files\aol 9.0b\idleproc.dll c:\program files\aol 9.0b\tool\talk.tol c:\windows\system32\vbscript.dll c:\program files\viewpoint\viewpoint experience technology\axmetastream_0305000d.dll c:\program files\viewpoint\viewpoint experience technology\componentmgr_0305000d.dll c:\program files\viewpoint\viewpoint experience technology\components\scenecomponent.dll c:\windows\system32\msvfw32.dll c:\windows\system32\dciman32.dll c:\program files\viewpoint\viewpoint experience technology\components\aolusershell.dll c:\windows\system32\msi.dll c:\program files\viewpoint\viewpoint experience technology\components\sreedmmx.dll c:\windows\system32\secur32.dll c:\program files\viewpoint\viewpoint experience technology\components\swfview.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\jgpl400.dll c:\windows\system32\jgdw400.dll c:\windows\system32\msvcrt20.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\psapi.dll c:\windows\system32\ieframe.dll c:\windows\system32\msv1_0.dll c:\windows\system32\userenv.dll c:\windows\system32\sensapi.dll c:\windows\system32\msimtf.dll c:\windows\system32\mlang.dll c:\windows\system32\mshtmled.dll c:\progra~1\mcafee\viruss~1\scriptcl.dll c:\windows\system32\jscript.dll c:\windows\system32\dxtrans.dll c:\windows\system32\atl.dll c:\windows\system32\ddrawex.dll c:\windows\system32\ddraw.dll c:\windows\system32\dxtmsft.dll C:\PROGRAM FILES\AOL 9.0B\SHELLMON.EXE c:\program files\aol 9.0b\shellmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\msimg32.dll c:\windows\system32\version.dll c:\windows\system32\msvcr71.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctf.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE c:\progra~1\mcafee\viruss~1\mcshield.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\lz32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\progra~1\mcafee\viruss~1\lockdown.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\progra~1\mcafee\viruss~1\mytilus.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\progra~1\mcafee\viruss~1\mytilus2.dll c:\windows\system32\shfolder.dll c:\windows\system32\shlwapi.dll c:\windows\system32\imm32.dll c:\progra~1\mcafee\viruss~1\res00\mcshield.dll c:\progra~1\mcafee\viruss~1\ftl.dll c:\windows\system32\psapi.dll c:\progra~1\mcafee\viruss~1\naiann.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\mcafee\viruss~1\mcvsps.dll c:\progra~1\mcafee\viruss~1\naiannps.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\progra~1\mcafee\viruss~1\mvscfg.dll c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\sxs.dll c:\progra~1\mcafee\viruss~1\mcvsqt.dll c:\progra~1\mcafee\viruss~1\mcqtlib.dll c:\windows\system32\shell32.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\progra~1\mcafee\viruss~1\mvslog.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\sfc_os.dll c:\progra~1\mcafee\viruss~1\scriptsv.dll c:\program files\mcafee\virusscan\mcscan32.dll c:\progra~1\mcafee\viruss~1\mfebopa.dll c:\progra~1\mcafee\viruss~1\mfehida.dll c:\progra~1\mcafee\viruss~1\mfeavfa.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\setupapi.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\imm32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\comctl32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shell32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\inetmib1.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\snmpapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\mpr.dll c:\windows\system32\winmm.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\windows\system32\msctf.dll c:\windows\system32\msctfime.ime c:\windows\system32\uxtheme.dll c:\windows\system32\apphelp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\userenv.dll c:\windows\system32\olepro32.dll c:\windows\system32\secur32.dll [to top] SDFix: Version 1.119 Run by user on Sat 12/22/2007 at 10:37 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:30:22 PM, on 12/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system32\svchost.exe C:\windows\Explorer.EXE C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SPYWAREfighter\spfprc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe -- End of file - 7516 bytes Share this post Link to post Share on other sites
