Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Antivirus Pro 2010


  • This topic is locked This topic is locked
8 replies to this topic

#1 ken S

ken S

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Michigan
  • Local time:08:11 PM

Posted 14 September 2009 - 11:10 AM

This is a copy of what I posted on the McAfee forum this morning. I was led to this forum because of the article about removing Antiviruspro 2010 using Malwarebytes. But it won't run..see 3rd paragraph below.

First, I am subscribed to McAfee Security Center through 2010 & OS is XP service pack 3. On 9-12-09, I started getting 'Your Computer is not protected' messages on the Security Center Home page, and a Pop-Up to scan and purchase Antivirus Pro 2010 to get rid of 'infected files'. It seemed legit & even showed up with a McAfee icon on the desktop. After more research in bleepingcomputer.com, I realize it is a scam & was advised to contact my credit card company. I removed the program using Windows Control Panel and got a refund request approved. Still having problems...
When I go to McAfee Support to run MVT, it says it can't find McAfee installed products on my computer. On the Security Center Home Page, Problems stated are "real time scanning disabled, spyware & unwanted program scanning is disabled, IM scanning, Script scanning & buffer overflow are all disabled". In the configuration page, when I click on ignored problems, none of the boxes are checked. When I click the 'Fix' button on the Security Center page, it says 'One or more problems cannot be fixed because of an error'. When I click on 'Update' the update icon in the task bar just disappears after a few minutes with no additional information. When I click on 'Quick Scan' the message says 'scanning encountered a problem from which it can't recover - error starting on demand scanner'.
I have read the thread titled "antiviruspro_2010". I already had Malwarebytes on my computer but now I get a message that Windows cannot access the specified path and that I may not have permission to access the item. Malwarebytes used to work for me, so I removed it and re-installed it from the link in bleepingcomputer.com. After re-installation it starts to run and then the scanning window just disappears after about 10 seconds. Also, what should the Windows XP security shield settings be? Where do I go from here???

Edited by ken S, 14 September 2009 - 11:13 AM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 AM

Posted 14 September 2009 - 07:29 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 ken S

ken S
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Michigan
  • Local time:08:11 PM

Posted 15 September 2009 - 08:26 AM

First of all, thanks for your response. This trouble started after Panda Antivirus Pro 2010 was downloaded based on a scam pop-up. I have since removed that software and am receiving a refund to my credit card. My McAfee still says I am unprotected. I have a log file of what Panda showed as virus files. Do you want to see that? I'm hope this is not as serious as it seems right now... Added edit 1:07 pm. I looked at my internet history, a bunch of sites showing up when I wasn't even on the computer. Also looked in windows update log and it shows a bunch of 'failures'. something is sure going on..

Results Below: Also got a msg window popping up about not reading Boot Sector. In Options, I moved the slider bar to medium, msg still popped up but the program ran after I closed the msg window each time.

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/09/15 09:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2282000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BB8000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF086000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF79E2000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF24FC000 Size: 61440 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: Volume C:\, Sector 1
Status: Sector mismatch

Path: Volume C:\, Sector 2
Status: Sector mismatch

Path: Volume C:\, Sector 3
Status: Sector mismatch

Path: Volume C:\, Sector 4
Status: Sector mismatch

Path: Volume C:\, Sector 5
Status: Sector mismatch

Path: Volume C:\, Sector 6
Status: Sector mismatch

Path: Volume C:\, Sector 7
Status: Sector mismatch

Path: Volume C:\, Sector 8
Status: Sector mismatch

Path: Volume C:\, Sector 9
Status: Sector mismatch

Path: Volume C:\, Sector 10
Status: Sector mismatch

Path: Volume C:\, Sector 11
Status: Sector mismatch

Path: Volume C:\, Sector 12
Status: Sector mismatch

Path: Volume C:\, Sector 13
Status: Sector mismatch

Path: Volume C:\, Sector 14
Status: Sector mismatch

Path: Volume C:\, Sector 15
Status: Sector mismatch

Path: Volume C:\, Sector 16
Status: Sector mismatch

Path: Volume C:\, Sector 17
Status: Sector mismatch

Path: Volume C:\, Sector 18
Status: Sector mismatch

Path: Volume C:\, Sector 19
Status: Sector mismatch

Path: Volume C:\, Sector 20
Status: Sector mismatch

Path: Volume C:\, Sector 21
Status: Sector mismatch

Path: Volume C:\, Sector 22
Status: Sector mismatch

Path: Volume C:\, Sector 23
Status: Sector mismatch

Path: Volume C:\, Sector 24
Status: Sector mismatch

Path: Volume C:\, Sector 25
Status: Sector mismatch

Path: Volume C:\, Sector 26
Status: Sector mismatch

Path: Volume C:\, Sector 27
Status: Sector mismatch

Path: Volume C:\, Sector 28
Status: Sector mismatch

Path: Volume C:\, Sector 29
Status: Sector mismatch

Path: Volume C:\, Sector 30
Status: Sector mismatch

Path: Volume C:\, Sector 31
Status: Sector mismatch

Path: Volume C:\, Sector 32
Status: Sector mismatch

Path: Volume C:\, Sector 33
Status: Sector mismatch

Path: Volume C:\, Sector 34
Status: Sector mismatch

Path: Volume C:\, Sector 35
Status: Sector mismatch

Path: Volume C:\, Sector 36
Status: Sector mismatch

Path: Volume C:\, Sector 37
Status: Sector mismatch

Path: Volume C:\, Sector 40
Status: Sector mismatch

Path: Volume C:\, Sector 41
Status: Sector mismatch

Path: Volume C:\, Sector 42
Status: Sector mismatch

Path: Volume C:\, Sector 43
Status: Sector mismatch

Path: Volume C:\, Sector 44
Status: Sector mismatch

Path: Volume C:\, Sector 45
Status: Sector mismatch

Path: Volume C:\, Sector 46
Status: Sector mismatch

Path: Volume C:\, Sector 47
Status: Sector mismatch

Path: Volume C:\, Sector 48
Status: Sector mismatch

Path: Volume C:\, Sector 49
Status: Sector mismatch

Path: Volume C:\, Sector 50
Status: Sector mismatch

Path: Volume C:\, Sector 51
Status: Sector mismatch

Path: Volume C:\, Sector 52
Status: Sector mismatch

Path: Volume C:\, Sector 53
Status: Sector mismatch

Path: Volume C:\, Sector 54
Status: Sector mismatch

Path: Volume C:\, Sector 55
Status: Sector mismatch

Path: Volume C:\, Sector 56
Status: Sector mismatch

Path: Volume C:\, Sector 57
Status: Sector mismatch

Path: Volume C:\, Sector 58
Status: Sector mismatch

Path: Volume C:\, Sector 59
Status: Sector mismatch

Path: Volume C:\, Sector 60
Status: Sector mismatch

Path: Volume C:\, Sector 61
Status: Sector mismatch

Path: Volume C:\, Sector 62
Status: Sector mismatch

Path: Volume D:\
Status: MBR Rootkit Detected!

Path: Volume D:\, Sector 1
Status: Sector mismatch

Path: Volume D:\, Sector 2
Status: Sector mismatch

Path: Volume D:\, Sector 3
Status: Sector mismatch

Path: Volume D:\, Sector 4
Status: Sector mismatch

Path: Volume D:\, Sector 5
Status: Sector mismatch

Path: Volume D:\, Sector 6
Status: Sector mismatch

Path: Volume D:\, Sector 7
Status: Sector mismatch

Path: Volume D:\, Sector 15
Status: Sector mismatch

Path: Volume D:\, Sector 16
Status: Sector mismatch

Path: Volume D:\, Sector 17
Status: Sector mismatch

Path: Volume D:\, Sector 18
Status: Sector mismatch

Path: Volume D:\, Sector 19
Status: Sector mismatch

Path: Volume D:\, Sector 20
Status: Sector mismatch

Path: Volume D:\, Sector 21
Status: Sector mismatch

Path: Volume D:\, Sector 22
Status: Sector mismatch

Path: Volume D:\, Sector 23
Status: Sector mismatch

Path: Volume D:\, Sector 24
Status: Sector mismatch

Path: Volume D:\, Sector 25
Status: Sector mismatch

Path: Volume D:\, Sector 26
Status: Sector mismatch

Path: Volume D:\, Sector 27
Status: Sector mismatch

Path: Volume D:\, Sector 28
Status: Sector mismatch

Path: Volume D:\, Sector 29
Status: Sector mismatch

Path: Volume D:\, Sector 30
Status: Sector mismatch

Path: Volume D:\, Sector 31
Status: Sector mismatch

Path: Volume D:\, Sector 32
Status: Sector mismatch

Path: Volume D:\, Sector 34
Status: Sector mismatch

Path: Volume D:\, Sector 35
Status: Sector mismatch

Path: Volume D:\, Sector 36
Status: Sector mismatch

Path: Volume D:\, Sector 37
Status: Sector mismatch

Path: Volume D:\, Sector 38
Status: Sector mismatch

Path: Volume D:\, Sector 39
Status: Sector mismatch

Path: Volume D:\, Sector 40
Status: Sector mismatch

Path: Volume D:\, Sector 41
Status: Sector mismatch

Path: Volume D:\, Sector 42
Status: Sector mismatch

Path: Volume D:\, Sector 43
Status: Sector mismatch

Path: Volume D:\, Sector 44
Status: Sector mismatch

Path: Volume D:\, Sector 45
Status: Sector mismatch

Path: Volume D:\, Sector 46
Status: Sector mismatch

Path: Volume D:\, Sector 47
Status: Sector mismatch

Path: Volume D:\, Sector 48
Status: Sector mismatch

Path: Volume D:\, Sector 49
Status: Sector mismatch

Path: Volume D:\, Sector 50
Status: Sector mismatch

Path: Volume D:\, Sector 51
Status: Sector mismatch

Path: Volume D:\, Sector 52
Status: Sector mismatch

Path: Volume D:\, Sector 53
Status: Sector mismatch

Path: Volume D:\, Sector 54
Status: Sector mismatch

Path: Volume D:\, Sector 55
Status: Sector mismatch

Path: Volume D:\, Sector 56
Status: Sector mismatch

Path: Volume D:\, Sector 57
Status: Sector mismatch

Path: Volume D:\, Sector 58
Status: Sector mismatch

Path: Volume D:\, Sector 59
Status: Sector mismatch

Path: Volume D:\, Sector 60
Status: Sector mismatch

Path: Volume D:\, Sector 61
Status: Sector mismatch

Path: Volume D:\, Sector 62
Status: Sector mismatch

SSDT
-------------------
#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\Drivers\Beep.SYS" at address 0xf78341a0

Stealth Objects
-------------------
Object: Hidden Module [Name: gasfkyaymmejyb.dll]
Process: svchost.exe (PID: 932) Address: 0x10000000 Size: 53248

==EOF==

Log file contents:
09:05:14: Could not enumerate files in dir \'\\?\D:\*\' with the Windows API! Error code - 0x000003ed
09:05:22: Could not read system registry! Please contact the author!

Edited by ken S, 15 September 2009 - 12:09 PM.


#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 AM

Posted 15 September 2009 - 04:41 PM

  • Please download System Repair Engineer from here
  • Unzip/extract sreng2.zip to a folder on your desktop
  • Double-click on SREngLdr.EXE to launch System Repair Engineer
  • Click the Smart Scan Icon
  • Click Scan
  • Wait for the scan to finish
  • Click on the Save Reports button
  • Save it to your desktop, using the recommended name of SREngLOG.log
  • Close System Repair Engineer
  • Use notepad to open the SREngLOG.log file
  • Copy & paste the contents of that file as a reply to this topic
  • Note: The log may be long, and you may need several posts to post all of it
  • If you are using a custom HOSTS file, please leave out the HOSTS File section, as it will make the log far too long

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 ken S

ken S
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Michigan
  • Local time:08:11 PM

Posted 16 September 2009 - 02:04 PM

Update: I was able to get to your website, & run SREng. Also, I was doing a 'find files' created 9-12-09 (the day this incident occured) and found two files created at exactly the time I started having problems. They are both in C:\Windows\sys32 and have names of wisdstr.exe with a McAfee logo in front of the filename in the find files results. The 2nd file is ~.exe with a logo that looks like a bluish colored smoke ring. SHOULD THE BE DELETED IMMEDIATELY?? There are (2) other files in the results: a.exe in C:\doc & settings\administrator\local settings\temp, & yfvbrxmsjt.exe in C:\Windows\Temp. Not as concerned about these because they are in temp, but should they be deleted as well? Again, thanks for you continued help. Ken S.

Results follow:

2009-09-16,16:37:54

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<OM_Monitor><; C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe> [OLYMPUS IMAGING CORP.]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher]
<DelayShred><; c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\ADMINI~1\LOCALS~1\temp\GOOGLE~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\GVYZWTU3\VERTI_~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\GVYZWTU3\FOOTER~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\DHIYTPW8\RIGHT-~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\WOT8FURZ\ONLINE~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\ILLMJIDC\MYFREE~3.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\9JVL7534\MEMBER~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\TRB3HXG6\PAGE_1~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\OD6LKNI7\VIVID_~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\N6JHDHRF\GCA_IF~2.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\9JVL7534\INDEX_~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\9JVL7534\SCOTTR~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\TRB3HXG6\GCA_IF~1.SH!> [N/A]
<PopRock><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe> []
<braviax><C:\WINDOWS\system32\braviax.exe> []
<autochk><rundll32.exe C:\DOCUME~1\ADMINI~1\protect.dll,_IWMPEvents@0> [Microsoft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ehTray><C:\WINDOWS\ehome\ehtray.exe> [(Verified)Microsoft Windows Publisher]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<SunKistEM><C:\Program Files\Digital Media Reader\shwiconem.exe> [Alcor Micro, Corp.]
<SigmatelSysTrayApp><sttray.exe> [N/A]
<IntelAudioStudio><"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT> [File is missing]
<Recguard><%WINDIR%\SMINST\RECGUARD.EXE> []
<RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<LXBXCATS><rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<lxbxmon.exe><"C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"> [Lexmark International, Inc.]
<FaxCenterServer4_in_1><"C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s> []
<EzPrint><"C:\Program Files\Lexmark 7100 Series\ezprint.exe"> []
<OM_Monitor><C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe> [OLYMPUS IMAGING CORP.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<Gateway Extended Warranty><"C:\Program Files\Gateway\GWCares\GWCares.exe"> [BillP Studios]
<mcagent_exe><"C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey> [(Verified)"McAfee, Inc."]
<McENUI><C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide> [(Verified)"McAfee, Inc."]
<McAfee Backup><"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"> [(Verified)"McAfee, Inc."]
<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<braviax><braviax.exe> []
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [File is missing]
<autochk><rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@0> [Microsoft]
<sysldtray><c:\windows\ld14.exe> []
<14520154><C:\Documents and Settings\All Users\Application Data\14520154\14520154.exe> []
<winupdate.exe><C:\WINDOWS\system32\winupdate.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Malwarebytes' Anti-Malware><C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent> [(Verified)Malwarebytes Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\UserInit.exe,C:\WINDOWS\system32\sdra64.exe,> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><cru629.dat> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]
<KB910393><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
<Media Center><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
<Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\Skurz.scr> [Alien Zone - Cybercorp]

==================================
Startup Folders
[BigFix]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk --> C:\PROGRA~1\BigFix\BigFix.exe [BigFix Inc.]><N>
[Event Planner Reminder 2009]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk --> C:\WINDOWS\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [Macrovision Corporation]><N>
[Photo Card Event Planner Reminder]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Card Event Planner Reminder.lnk --> C:\WINDOWS\Installer\{C885990F-A824-41A1-82FB-61E3859B4CE2}\Shortcut_Event_Pla_C885990FA82441A182FB61E3859B4CE2.exe [N/A]><N>
[ChkDisk]
<C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll --> [File is missing]><H>
[ChkDisk]
<C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ChkDisk.lnk --> C:\WINDOWS\system32\rundll32.exe [Microsoft Corporation]><H>

==================================
Services
[ddnsfilter / ddnsfilter][Others/Auto Start]
<C:\WINDOWS\sYSteM32\SvchOst.eXE -k ddnsfilter-->C:\Program Files\ddnsFilter\DDnsFilter.dll><N/A>
[Google Software Updater / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Intuit Update Service / IntuitUpdateService][Running/Auto Start]
<"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"><Intuit Inc.>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
<"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[lxbx_device / lxbx_device][Running/Manual Start]
<C:\WINDOWS\system32\lxbxcoms.exe -service><Lexmark International, Inc.>
[MBackMonitor / MBackMonitor][Stopped/Manual Start]
<"C:\Program Files\McAfee\MBK\MBackMonitor.exe"><McAfee>
[McAfee SiteAdvisor Service / McAfee SiteAdvisor Service][Running/Auto Start]
<"C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"><>
[McAfee Services / mcmscsvc][Running/Auto Start]
<C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe><McAfee, Inc.>
[McAfee Network Agent / McNASvc][Running/Auto Start]
<"c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS][Stopped/Manual Start]
<C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><N/A>
[McAfee Proxy Service / McProxy][Running/Auto Start]
<c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield][Stopped/Auto Start]
<C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon][Stopped/Manual Start]
<C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[MHN / MHN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mhn.dll><Microsoft Corporation>
[McAfee Personal Firewall Service / MpfService][Running/Auto Start]
<"C:\Program Files\McAfee\MPF\MPFSrv.exe"><McAfee, Inc.>
[McAfee Anti-Spam Service / MSK80Service][Running/Auto Start]
<"C:\Program Files\McAfee\MSK\MskSrver.exe"><McAfee, Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PrismXL / PrismXL][Running/Auto Start]
<C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS><New Boundary Technologies, Inc.>

==================================
Drivers
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[bjjxeoiloxkh / bjjxeoiloxkh][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\vasyfajnkcv.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[Intel® PRO Network Connection Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[Filter / Filter][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\Filter.sys><FILTER>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows ® Server 2003 DDK provider>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
<system32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[McAfee Inc. mfeavfk / mfeavfk][Stopped/Manual Start]
<system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. mfebopk / mfebopk][Stopped/Manual Start]
<system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. mfehidk / mfehidk][Running/System Start]
<system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. mferkdk / mferkdk][Stopped/Manual Start]
<system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. mfesmfk / mfesmfk][Stopped/Manual Start]
<system32\drivers\mfesmfk.sys><McAfee, Inc.>
[MHN driver / MHNDRV][Stopped/Manual Start]
<system32\DRIVERS\mhndrv.sys><Microsoft Corporation>
[MPFP / MPFP][Running/System Start]
<System32\Drivers\Mpfp.sys><McAfee, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[Macronix MX987xx Family Fast Ethernet NT Driver / mxnic][Stopped/Manual Start]
<system32\DRIVERS\mxnic.sys><Macronix International Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sonic Focus Plugin for Sigmatel HDA / sfng32][Running/Manual Start]
<system32\drivers\sfng32.sys><Sonic Focus, Inc>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
<system32\drivers\sthda.sys><SigmaTel, Inc.>
[Alcor Micro Corp Reader / SunkFilt][Running/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys><Alcor Micro Corp.>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
<system32\DRIVERS\wanatw4.sys><N/A>
[USB Bridge Cable Driver / Wdm1][Stopped/Manual Start]
<System32\Drivers\usbbc.sys><>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, (Signed) Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[McAfee SiteAdvisor Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >
[MSN Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} <C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll, (Signed) Microsoft Corp.>
[Isohunt-vuze Toolbar]
{6c3a1de1-94ca-4ad6-acdf-c1324adc487b} <C:\Program Files\Isohunt-vuze\tbIsoh.dll, (Signed) Conduit Ltd.>
[Google Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_15]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[McAfee SiteAdvisor Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >
[MSN Toolbar]
{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414} <C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll, (Signed) Microsoft Corp.>
[Google Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Isohunt-vuze Toolbar]
{6C3A1DE1-94CA-4AD6-ACDF-C1324ADC487B} <C:\Program Files\Isohunt-vuze\tbIsoh.dll, (Signed) Conduit Ltd.>
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll, (Signed) Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.dll, (Signed) N/A>
[]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE} <, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&AOL Toolbar search]
<res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML, N/A>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 684][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 708][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 752][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 764][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 936][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 1024][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 1072][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 1156][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1192][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1332][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\WINDOWS\system32\lxbxlmpm.DLL] [Lexmark International, Inc., 1.101.75.0]
[C:\WINDOWS\system32\LXBXPMON.DLL] [N/A, ]
[C:\WINDOWS\system32\IMGMAN32.dll] [Data Techniques, Inc., 7.20 ]
[C:\WINDOWS\system32\IM31IMG.DIL] [Data Techniques, Inc., 7.20 ]
[C:\WINDOWS\system32\lxbxpmrc.dll] [Lexmark International, Inc., 1.0.14.4]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxbxPP5C.dll] [, 1.212.0.0]
[PID: 1424][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1464][C:\WINDOWS\sYSteM32\SvchOst.eXE] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[c:\program files\ddnsfilter\ddnsfilter.dll] [N/A, ]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 1528][C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] [Intuit Inc., 1.0.24.0]
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll] [Microsoft Corporation, 2.0.50727.3082 (QFE.050727-3000)]
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll] [Intuit Inc., 1.0.24.0]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll] [Intuit Inc., 1.0.24.0]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll] [Intuit Inc., 2.1.72.22]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll] [Intuit Inc., 2.1.72.22]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll] [Intuit Inc., 2.0.145.4]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll] [Intuit Inc., 2.1.72.22]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll] [Intuit Inc., 3.1.2.2]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll] [Intuit, Inc., 3.1.2.2]
[C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll] [Intuit Inc., 3.1.2.2]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll] [Intuit Inc., 3.1.2.2]
[C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll] [Microsoft Corporation, 2.0.50727.3082 (QFE.050727-3000)]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll] [Intuit Inc., 2.1.72.22]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll] [Intuit Inc., 2.1.72.22]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll] [Intuit Inc., 2.1.72.22]
[C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll] [, 1.0.56.0]
[C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll] [, 4.0.114.0]
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll] [Intuit, 4.0.114.0]
[C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll] [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[PID: 1604][C:\Program Files\Java\jre6\bin\jqs.exe] [Sun Microsystems, Inc., 6.0.150.3]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 1632][C:\Program Files\McAfee\SiteAdvisor\McSACore.exe] [, ]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[c:\PROGRA~1\mcafee\SITEAD~1\apengine.dll] [, ]
[c:\PROGRA~1\mcafee\SITEAD~1\saupkeep.dll] [, ]
[C:\Program Files\McAfee\SiteAdvisor\SACore.dll] [, ]
[C:\Program Files\McAfee\SiteAdvisor\SASet.dll] [, ]
[c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL] [, ]
[c:\PROGRA~1\mcafee\msc\mcregobj\9_3_13~1\mcregobj.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\McUtil.dll] [McAfee, Inc., 9,3,114,0]
[c:\PROGRA~1\mcafee\SITEAD~1\McFrmWk.dll] [, ]
[c:\PROGRA~1\mcafee\SITEAD~1\CntScan.dll] [, ]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 1700][C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\McUtil.dll] [McAfee, Inc., 9,3,114,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\MSC\oem\332-176\Mccobres.dll] [McAfee, Inc., 8,0,226,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 9,3,106,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 9,3,114,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msk\mskmisp.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 10.3.106.0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 13,3,127,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\1033\vscobres.dll] [McAfee, Inc., 13,3,126,0]
[C:\Program Files\McAfee\MPF\1033\L10N.DLL] [McAfee, Inc., 10.3.102.0]
[c:\PROGRA~1\mcafee\mps\mpsmspap.dll] [McAfee, Inc., 11.3.103.0]
[C:\PROGRA~1\McAfee\MPS\1033\MpsRes.DLL] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mcmscver.dll] [McAfee, Inc., 9,3,162,0]
[c:\PROGRA~1\mcafee\msc\mcprotpv.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\McProHlp.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll] [McAfee, Inc., 13,3,130,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\mcproxy\proxyver.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll] [McAfee, Inc., 10.3.104.0]
[c:\PROGRA~1\mcafee\mps\mpsver.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\msc\mcnmcver.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\mqc\qcmisp.dll] [McAfee, Inc., 9,3,102,0]
[c:\PROGRA~1\mcafee\mqc\QcLite.dll] [McAfee, Inc., 9,3,102,0]
[c:\PROGRA~1\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 9,3,137,0]
[PID: 1752][c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\McUtil.dll] [McAfee, Inc., 9,3,114,0]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\mhn\mcensrv.dll] [McAfee, Inc., 3,3,105,0]
[c:\PROGRA~1\mcafee\msc\mcndsv.dll] [McAfee, Inc., 3,3,104,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\MSC\oem\332-176\Mccobres.dll] [McAfee, Inc., 8,0,226,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 9,3,106,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\msc\mcndcp.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\msc\mcregobj\9_3_13~1\mcregobj.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll] [McAfee, Inc., 10.3.106.0]
[c:\PROGRA~1\mcafee\msc\mcndsvps.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\msc\mcmismgr.dll] [McAfee, Inc., 9,3,137,0]
[PID: 1800][c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\escnplug.dll] [McAfee, Inc., 13,3,130,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\1033\EsPlgRes.dll] [McAfee, Inc., 13,3,113,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 13,3,130,0]
[c:\PROGRA~1\mcafee\mps\mps.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\mps\mpscfg.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\msk\mskpxplg.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\mps\mpsevh.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\mps\mpsmisp.dll] [McAfee, Inc., 11.3.103.0]
[C:\Program Files\McAfee\VirusScan\mvslog.dll] [McAfee, Inc., 13,3,127,0]
[PID: 1916][C:\Program Files\McAfee\MPF\MPFSrv.exe] [McAfee, Inc., 10.3.111.0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll] [McAfee, Inc., 10.3.104.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 10.3.106.0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[PID: 1976][C:\Program Files\McAfee\MSK\MskSrver.exe] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msk\mskengn.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msk\mskupd.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msk\mskwm.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msk\mskxaif.dll] [McAfee, Inc., 10.3.109.0]
[C:\Program Files\McAfee\MSK\MSKSet.dll] [McAfee, Inc., 10.3.109.0]
[C:\Program Files\McAfee\MSK\masecore.dll] [McAfee, Inc., 2.1.0.7825]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 244][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.7184]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[PID: 328][C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS] [New Boundary Technologies, Inc., 6.0.3.30]
[PID: 432][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 488][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Lexmark 7100 Series\lxbxdrs.dll] [Lexmark International, Inc., 1.206.0.0]
[C:\WINDOWS\system32\lxbxcfg.dll] [Lexmark International, 1, 0, 0, 1]
[C:\Program Files\Lexmark 7100 Series\lxbxcnv4.dll] [N/A, ]
[PID: 584][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1239)]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 2196][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe] [N/A, ]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 2420][C:\WINDOWS\ehome\ehtray.exe] [(Verified) Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1239)]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[PID: 2608][C:\Program Files\Digital Media Reader\shwiconem.exe] [Alcor Micro, Corp., 1, 4, 0, 8]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[PID: 2656][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 6.00.1027]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll] [CyberLink Corp., 3.2.2021 ]
[PID: 2672][C:\Program Files\Lexmark 7100 Series\lxbxmon.exe] [Lexmark International, Inc., 1.206.0.0]
[C:\Program Files\Lexmark 7100 Series\lxbxscw.dll] [Lexmark International, Inc., 1.206.0.0]
[C:\WINDOWS\system32\lxbxcfg.dll] [Lexmark International, 1, 0, 0, 1]
[C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbxtsfw.dll] [Lexmark International Inc., 1.36.0.0]
[C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbxdrec.dll] [Lexmark International Inc., 1.16.0.0]
[C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbxcfg.dll] [Lexmark International, 1, 0, 0, 1]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\WINDOWS\system32\lxbxcomc.dll] [Lexmark International, Inc., 1.101.75.0]
[C:\WINDOWS\system32\lxbxpplc.dll] [Lexmark International, Inc., 1.101.75.0]
[C:\WINDOWS\system32\lxbxprox.dll] [Lexmark International, Inc., 1.101.75.0]
[PID: 2688][C:\Program Files\Lexmark 7100 Series\ezprint.exe] [, ]
[C:\Program Files\Lexmark 7100 Series\Epwizard.DLL] [Lexmark International Inc., 1.0.0.1]
[C:\Program Files\Lexmark 7100 Series\customui.dll] [Lexmark International Inc., 1.0.0.1]
[C:\Program Files\Lexmark 7100 Series\Eputil.DLL] [Lexmark International Inc., 1.0.0.1]
[C:\Program Files\Lexmark 7100 Series\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\Lexmark 7100 Series\Imagutil.DLL] [Lexmark International Inc., 1.0.0.1]
[C:\Program Files\Lexmark 7100 Series\LTWVC13n.dll] [LEAD Technologies, Inc., 13.0.0.078]
[C:\Program Files\Lexmark 7100 Series\LTDIS13N.dll] [LEAD Technologies, Inc., 13.0.0.078]
[C:\Program Files\Lexmark 7100 Series\LTKRN13N.dll] [LEAD Technologies, Inc., 13.0.0.078]
[C:\Program Files\Lexmark 7100 Series\LTFIL13N.DLL] [LEAD Technologies, Inc., 13.0.0.078]
[C:\Program Files\Lexmark 7100 Series\LTIMG13N.dll] [LEAD Technologies, Inc., 13.0.0.078]
[C:\Program Files\Lexmark 7100 Series\LTEFX13N.dll] [LEAD Technologies, Inc., 13.0.0.078]
[C:\Program Files\Lexmark 7100 Series\Epfunct.DLL] [Lexmark International Inc., 1.0.0.1]
[C:\Program Files\Lexmark 7100 Series\epstring.dll] [Lexmark International Inc., 1.0.0.1]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[PID: 3112][C:\WINDOWS\Explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[\\?\globalroot\systemroot\system32\gasfkyqepnmult.dll] [N/A, ]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll] [Malwarebytes Corporation, 1, 2, 0, 0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll] [McAfee, Inc., 13,3,127,0]
[C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll] [Google Inc., 6, 2, 1815, 1002 ]
[C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_D5B8545F3CFB02D4.dll] [Google Inc., 6, 2, 1910, 1554 ]
[C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_9655453EC427A513.dll] [Google Inc., 6, 2, 1815, 1002 ]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.7184]
[C:\WINDOWS\system32\nvshell.dll] [NVIDIA Corporation, 6.14.10.10035]
[PID: 3172][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\tftp.msc] [N/A, ]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[PID: 3332][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\tftp.msc] [N/A, ]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[PID: 3800][C:\WINDOWS\system32\lxbxcoms.exe] [Lexmark International, Inc., 1.101.75.0]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\WINDOWS\system32\lxbxprox.dll] [Lexmark International, Inc., 1.101.75.0]
[C:\WINDOWS\system32\lxbxserv.dll] [Lexmark International, Inc., 1.101.75.0]
[C:\WINDOWS\system32\lxbxusb1.dll] [Lexmark International, Inc., 1.101.75.0]
[PID: 2220][c:\PROGRA~1\mcafee\msc\mcupdmgr.exe] [McAfee, Inc., 9,3,151,0]
[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\McUtil.dll] [McAfee, Inc., 9,3,114,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mcmscver.dll] [McAfee, Inc., 9,3,162,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\MSC\oem\332-176\Mccobres.dll] [McAfee, Inc., 8,0,226,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 9,3,106,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 13,3,127,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 10.3.106.0]
[c:\PROGRA~1\mcafee\SITEAD~1\saupkeep.dll] [, ]
[c:\PROGRA~1\mcafee\msk\mskmisp.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\mps\mpsmspap.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\mhn\mcmhnver.dll] [McAfee, Inc., 3,3,105,0]
[C:\Program Files\McAfee\MBK\MBKClient.dll] [McAfee Corporation, 3.3.102.0]
[PID: 1540][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 2952][C:\Documents and Settings\Administrator\Application Data\U3\00001564CB613E1C\LaunchPad.exe] [, 1, 4, 0, 2]
[C:\Documents and Settings\Administrator\Application Data\U3\00001564CB613E1C\u3dapi10.dll] [, 1, 0, 4, 0]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\Documents and Settings\Administrator\Application Data\U3\00001564CB613E1C\SanDiskFormatExtension.dll] [TODO: <Company name>, 1, 2, 0, 1]
[C:\Documents and Settings\Administrator\Application Data\U3\00001564CB613E1C\SanDiskSecurityExtension.dll] [U3, 1, 2, 0, 1]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 2368][C:\Documents and Settings\Administrator\Desktop\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279]
[PID: 2548][C:\Documents and Settings\Administrator\Desktop\sreng2\SREe3968684.EXE] [Smallfrogs Studio, 2.8.1.1279]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\Documents and Settings\Administrator\Desktop\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[\\?\globalroot\Device\__max++>\D9F6FE8C.x86.dll] [N/A, ]
[PID: 3728][c:\PROGRA~1\mcafee.com\agent\mcagent.exe] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\MSC\oem\332-176\Mccobres.dll] [McAfee, Inc., 8,0,226,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\PROGRA~1\McAfee\MSC\McAltLib.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\MispLF.dll] [McAfee, Inc., 9,3,114,0]
[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\McUtil.dll] [McAfee, Inc., 9,3,114,0]
[c:\PROGRA~1\mcafee\msc\mcuicfg.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 9,3,137,0]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 328, C:\PROGRAM FILES\COMMON FILES\NEW BOUNDARY\PRISMXL\PRISMXL.SYS]
Special Privileges Enabled: SeDebugPrivilege [PID = 2196, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\A.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2196, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\A.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 2608, C:\PROGRAM FILES\DIGITAL MEDIA READER\SHWICONEM.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2608, C:\PROGRAM FILES\DIGITAL MEDIA READER\SHWICONEM.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 2656, C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2656, C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 2672, C:\PROGRAM FILES\LEXMARK 7100 SERIES\LXBXMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2672, C:\PROGRAM FILES\LEXMARK 7100 SERIES\LXBXMON.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 2688, C:\PROGRAM FILES\LEXMARK 7100 SERIES\EZPRINT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2688, C:\PROGRAM FILES\LEXMARK 7100 SERIES\EZPRINT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2952, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\U3\00001564CB613E1C\LAUNCHPAD.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2368, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] {7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\msa.exe
[Enabled] McQcTask.job
c:\PROGRA~1\mcafee\mqc\QcConsol.exe
[Enabled] McDefragTask.job
c:\PROGRA~1\mcafee\mqc\QcConsol.exe
[Enabled] hzenbbzl.job
C:\WINDOWS\system32\rundll32.exe
[Enabled] AppleSoftwareUpdate.job
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[Enabled] {BB65B0FB-5712-401b-B616-E69AC55E2757}.job
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
[1848] C:\WINDOWS\system32\wuauclt.exe

==================================


[/CODE]

Edited by ken S, 16 September 2009 - 04:54 PM.


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 AM

Posted 20 September 2009 - 12:46 AM

I think it's time to head on over to the HijackThis forum for a closer look.

Preparation Guide for use before posting a HijackThis Log

Go straight to Step 6. If DDS won't run post your System Repair Engineer.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 ken S

ken S
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Michigan
  • Local time:08:11 PM

Posted 20 September 2009 - 11:29 AM

I think I am OK now, as I followed a thread found on majorgeeks.com while I was waiting for a reply from the bleepingcomputer forum for my post here. I ran ccleaner, superantispyware, combofix, mglogs and I think highjackthis ran inside of one of those programs. I never got Malwarebytes to run longer than about 30 seconds before the window just disappeared - not sure what's going on with that. I also uninstalled and re-downloaded my McAfee products today. So far so good.
I will say thay because of this reply, I did try the DDS thing you mentioned. The script file logo never appeared and just skipped to the two .log files displayed at the end. (dds.txt is added below) Thanks for your help. Ken S

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 11:59:26.29 on Sun 09/20/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.521 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
C:\Program Files\Hallmark\Hallmark Card Studio Photo Card Edition\Planner\PLNRnote.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\01234567\dds[2].scr

============== Pseudo HJT Report ===============

mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [OM_Monitor] ; c:\program files\olympus\olympus master\Monitor.exe
uRun: [MSMSGS] ; "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LXBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBXtime.dll,_RunDLLEntry@16
mRun: [lxbxmon.exe] "c:\program files\lexmark 7100 series\lxbxmon.exe"
mRun: [FaxCenterServer4_in_1] "c:\program files\lexmark 7100 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 7100 series\ezprint.exe"
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [Gateway Extended Warranty] "c:\program files\gateway\gwcares\GWCares.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{c4609419-c11e-4ce6-b369-f3f8a7ddd94c}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photoc~1.lnk - c:\windows\installer\{c885990f-a824-41a1-82fb-61e3859b4ce2}\Shortcut_Event_Pla_C885990FA82441A182FB61E3859B4CE2.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\www.update
Trusted Zone: turbotax.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193415415687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-5-28 61688]
R1 Filter;Filter;c:\windows\system32\drivers\FILTER.sys [2009-9-14 37504]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-20 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-20 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-20 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-20 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-20 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-20 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-20 40552]
S2 0240311253459555mcinstcleanup;McAfee Application Installer Cleanup (0240311253459555);c:\docume~1\admini~1\locals~1\temp\024031~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\024031~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 bjjxeoiloxkh;bjjxeoiloxkh;\??\c:\windows\system32\drivers\vasyfajnkcv.sys --> c:\windows\system32\drivers\vasyfajnkcv.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-20 34248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-1-29 15576]

=============== Created Last 30 ================

2009-09-20 11:35 <DIR> --d----- c:\docume~1\admini~1\applic~1\McAfee
2009-09-20 11:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee Anti-Theft
2009-09-20 11:16 4,105 a------- c:\windows\system32\Config.MPF
2009-09-20 11:12 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-09-20 11:12 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-09-20 11:12 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-09-20 11:12 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-09-20 11:12 <DIR> --d----- c:\program files\common files\McAfee
2009-09-20 11:12 <DIR> --d----- c:\program files\McAfee.com
2009-09-20 11:11 <DIR> --d----- c:\program files\McAfee
2009-09-20 11:04 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-09-20 10:05 98,137 a------- C:\MGlogs.zip
2009-09-20 10:05 <DIR> --d----- C:\MGtools
2009-09-20 09:26 <DIR> a-dshr-- C:\cmdcons
2009-09-20 09:19 229,888 a------- c:\windows\PEV.exe
2009-09-20 09:19 161,792 a------- c:\windows\SWREG.exe
2009-09-20 09:19 98,816 a------- c:\windows\sed.exe
2009-09-20 08:38 <DIR> --d----- c:\program files\MB
2009-09-20 08:06 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 08:06 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-20 07:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-20 07:04 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-20 07:04 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-09-20 06:53 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-20 06:23 2,381,322 a------- C:\MGtools.exe
2009-09-18 12:05 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 18:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-09-17 18:55 <DIR> --d----- c:\program files\IObit
2009-09-17 18:18 <DIR> --d----- c:\program files\CCleaner
2009-09-16 16:50 <DIR> --d-h--- c:\windows\PIF
2009-09-15 09:01 15 a------- c:\documents and settings\administrator\settings.dat
2009-09-14 14:02 2 a------- c:\windows\0535251103110107106.yux
2009-09-14 13:03 37,504 a------- c:\windows\system32\drivers\FILTER.sys
2009-09-14 13:00 25,088 a------- c:\windows\system32\tftp.msc
2009-09-14 11:14 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 23:28 4,224 ac------ c:\windows\system32\dllcache\beep.sys
2009-09-09 00:02 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-07 16:44 <DIR> --d----- c:\windows\Cache
2009-09-07 16:44 <DIR> --d----- c:\program files\Coupons
2009-08-29 10:06 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-28 09:26 <DIR> --d----- C:\419834feb939a6f84080
2009-08-28 09:26 <DIR> --d----- c:\windows\SxsCaPendDel

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-27 13:20 61,224 a------- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2009-06-26 12:50 666,624 -------- c:\windows\system32\wininet.dll
2009-06-26 12:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll

============= FINISH: 11:59:55.48 ===============

#8 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:11 PM

Posted 20 September 2009 - 07:02 PM

Now that you were able to produce a few logs you need to post them in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that these logs were all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:11 PM

Posted 24 September 2009 - 09:25 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/259173/hjt-mbam-logs-to-analyze/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users