Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with new rootkit


  • This topic is locked This topic is locked
2 replies to this topic

#1 atoth22

atoth22

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 17 September 2009 - 08:10 AM

I have posted in the Am I infected? What do I do? forum and the person helping me told me to run System Repair Engineer and post the log here.

The link to the discussion in that forum to give some history is below:

http://www.bleepingcomputer.com/forums/t/257775/cant-run-malwarebytes-hijackthisor-anything-else/

Thank you very much!

The System Repair Engineer log is as follows

2009-09-17,08:03:55

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<EPSON Stylus CX7000F Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKA.EXE /FU "C:\DOCUME~1\carol\LOCALS~1\Temp\E_S6.tmp" /EF "HKCU">  [File is missing]
	<EPSON Stylus CX7000F Series (Copy 1)><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKA.EXE /FU "C:\DOCUME~1\carol\LOCALS~1\Temp\E_SF.tmp" /EF "HKCU">  [File is missing]
	<swg><"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe">  [(Verified)CA]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
	<Persistence><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<cctray><"C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe">  [(Verified)CA]
	<CAVRID><"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe">  [(Verified)CA]
	<Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><C:\WINDOWS\system32\vivuyayo.dll c:\windows\system32\huverego.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
	<resajunem><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
	<WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{6c14d911-debb-4a6c-a593-e60a6ce01c96}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{f31449ef-6eb3-4660-a2fd-b55710da5882}]
	<N/A><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
	<SCRNSAVE.EXE><C:\WINDOWS\system32\sspipes.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
Startup Folders
[2Wire Wireless Client Manager]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client Manager.lnk --> C:\PROGRA~1\2WIREW~1\CLIENT~1\CmTWO.exe [N/A]><N>

==================================
Services
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[CaCCProvSP / CaCCProvSP][Running/Manual Start]
  <"C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe"><CA, Inc.>
[CAISafe / CAISafe][Running/Auto Start]
  <C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe><Computer Associates International, Inc.>
[Canon Camera Access Library 8 / CCALib8][Running/Auto Start]
  <C:\Program Files\Canon\CAL\CALMAIN.exe><Canon Inc.>
[Google Software Updater / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[CA Pest Patrol Realtime Protection Service / ITMRTSVC][Running/Auto Start]
  <"C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe"><CA, Inc.>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[McciCMService / McciCMService][Running/Auto Start]
  <"C:\Program Files\Common Files\Motive\McciCMService.exe"><Motive Communications, Inc.>
[PPCtlPriv / PPCtlPriv][Running/Manual Start]
  <"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"><CA, Inc.>
[VET Message Service / VETMSGNT][Stopped/Auto Start]
  <C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe><N/A>
[YPCService / YPCService][Stopped/Manual Start]
  <C:\WINDOWS\system32\YPCSER~1.EXE><Yahoo! Inc.>

==================================
Drivers
[2Wire USB / 2WIREPCP][Stopped/Manual Start]
  <system32\DRIVERS\2WirePCP.sys><2Wire, Inc.>
[PPdus ASPI Shell / Afc][Running/Manual Start]
  <system32\drivers\Afc.sys><Arcsoft, Inc.>
[grmnusb / grmnusb][Stopped/Manual Start]
  <system32\drivers\grmnusb.sys><GARMIN Corp.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[ksnmaizeyi / ksnmaizeyi][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\pmrzck.sys><N/A>
[MEMSWEEP2 / MEMSWEEP2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\1.tmp><N/A>
[MREMP50 NDIS Protocol Driver / MREMP50][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[MREMP50a64 NDIS Protocol Driver / MREMP50a64][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS><N/A>
[MRESP50 NDIS Protocol Driver / MRESP50][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[MRESP50a64 NDIS Protocol Driver / MRESP50a64][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS><N/A>
[Upper Class Filter Driver / NTIDrvr][Running/Manual Start]
  <system32\DRIVERS\NTIDrvr.sys><NewTech Infosystems, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[2Wire Wireless USB adapter Driver / wltwo51b][Stopped/Manual Start]
  <system32\DRIVERS\wltwo51b.sys><2wire>
[Logitech Virtual Bus Enumerator Driver / WmBEnum][Running/Manual Start]
  <system32\drivers\WmBEnum.sys><Logitech Inc.>
[Logitech Gaming HID Filter Driver / WmFilter][Stopped/Manual Start]
  <system32\drivers\WmFilter.sys><Logitech Inc.>
[Logitech Virtual Hid Device Driver / WmVirHid][Stopped/Manual Start]
  <system32\drivers\WmVirHid.sys><Logitech Inc.>
[Logitech Translation Layer Driver / WmXlCore][Running/Manual Start]
  <system32\drivers\WmXlCore.sys><Logitech Inc.>

==================================
Browser Add-ons
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[]
  {9e3d1490-a850-4034-9dc1-2292cd41d61d} <, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll, (Signed) Google Inc.>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll, (Signed) Google Inc.>
[PokerStars]
  {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} <C:\Program Files\PokerStars\PokerStarsUpdate.exe, (Signed) PokerStars>
[Spybot-S&D IE Protection]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Ask Toolbar]
  {3041d03e-fd4b-44e0-b742-2d9b88305f98} <C:\Program Files\AskBarDis\bar\bin\askBar.dll, (Signed) Ask.com>
[MSN Toolbar]
  {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} <C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll, (Signed) Microsoft Corp.>
[Google Toolbar]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[Installation Support]
  {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll, (Signed) Yahoo! Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[WTHoster Class]
  {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} <C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll, WildTangent>
[]
  {B9191F79-5613-4C76-AA2A-398534BB8999} <, >
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>
[PhotosCtrl Class]
  {D18F962A-3722-4B59-B08D-28BB9EB2281E} <C:\Program Files\Yahoo!\Common\YPhotos.dll, (Signed) Yahoo! Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[PopCapLoader Object]
  {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} <C:\WINDOWS\Downloaded Program Files\popcaploader.dll, (Signed) PopCap Games>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[Yahoo! Companion BHO]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Ask ToolbarSettings]
  {0702A2B6-13AA-4090-9E01-BCDC85DD933F} <C:\Program Files\AskBarDis\bar\bin\askBar.dll, (Signed) Ask.com>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[MSN Toolbar]
  {1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414} <C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll, (Signed) Microsoft Corp.>
[AskBar BHO]
  {201F27D4-3704-41D6-89C1-AA35E39143ED} <C:\Program Files\AskBarDis\bar\bin\askBar.dll, (Signed) Ask.com>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Google Toolbar]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[Shockwave ActiveX Control]
  {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[]
  {2499216C-4BA5-11D5-BD9C-000103C116D5} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template]
  {2933BF94-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2D62CC5C-EDAA-49A5-A69E-8D55E036D584} <, >
[Ask Toolbar]
  {3041D03E-FD4B-44E0-B742-2D9B88305F98} <C:\Program Files\AskBarDis\bar\bin\askBar.dll, (Signed) Ask.com>
[]
  {3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF} <, >
[]
  {4528BBE0-4E08-11D5-AD55-00010333D0AD} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Gamevance Text]
  {7370F91F-6994-4595-9949-601FA2261C8D} <C:\Program Files\Gamevance\gvtl.dll, N/A>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[]
  {9E3D1490-A850-4034-9DC1-2292CD41D61D} <, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll, (Signed) Google Inc.>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll, (Signed) Google Inc.>
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[MSN Toolbar Helper]
  {D2CE3E00-F94A-4740-988E-03DC2F38C34F} <C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll, (Signed) Microsoft Corp.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll, (Signed)  Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document]
  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >

==================================
Running Processes
[PID: 720 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 992 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1160 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1300 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1360 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 1952 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 428 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 888 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1024 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1480 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 1760 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 532 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\E_FLBBKA.DLL]  [SEIKO EPSON CORPORATION, 2, 2, 0, 0]
[PID: 764 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 980 / SYSTEM][C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafServ.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\iSafProd.dll]  [CA, Inc., Version 8.4.0.24]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\Arclib.dll]  [CA, Inc., 8.1.4.0]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafeEngine.dll]  [CA, Inc., Version 31.6.0.0]
[PID: 1152 / SYSTEM][C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Common Files\Scanner\ppctl.dll]  [CA, 5.6.9.5]
[PID: 1392 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 1520 / SYSTEM][C:\Program Files\Common Files\Motive\McciCMService.exe]  [Motive Communications, Inc., 6,2,0,87]
[PID: 2012 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1624 / SYSTEM][C:\Program Files\Canon\CAL\CALMAIN.exe]  [Canon Inc., 8, 0, 0, 21]
[PID: 2004 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 224 / carol][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll]  [N/A, ]
	[C:\PROGRA~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 6, 2, 14]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 2, 0, 0]
	[C:\Program Files\Yahoo!\Common\Ymmapi.dll]  [Yahoo! Inc., 2005, 1, 1, 12]
	[C:\PROGRA~1\ULTIMA~1\uzshlex.dll]  [N/A, ]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll]  [CA, Inc., Version 8.4.0.28]
	[C:\PROGRA~1\ULTIMA~1\uzshldr.dll]  [N/A, ]
[PID: 496 / carol][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.5.2]
[PID: 812 / carol][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe]  [Cyberlink Corp., 5.00.0000]
	[C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll]  [CyberLink Corp., 3.20.0000]
[PID: 1220 / carol][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.4864]
[PID: 2072 / carol][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 6.14.10.4864]
[PID: 2180 / carol][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 6.14.10.4864]
[PID: 2428 / carol][C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll]  [CA, Inc., Version 3.2.1.21]
	[C:\Program Files\CA\CA Internet Security Suite\ccissImg.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\ccissPrd.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\ccissRes.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\cctray\cctrayaspyplugin.dll]  [CA, Inc., 9, 0, 0, 9]
	[C:\Program Files\CA\CA Internet Security Suite\cctray\cctrayavplugin.dll]  [CA, Inc., Version 8.4.0.28]
	[C:\Program Files\CA\CA Internet Security Suite\cctray\cctrayissplugin.dll]  [CA, Inc., Version 3.2.1.20]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caAspyConst.dll]  [CA, Inc., 9.1.0.22]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caAspyResource.dll]  [CA, Inc., 9.1.0.22]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caAspyImages.dll]  [CA, Inc., 9.1.0.22]
	[C:\Program Files\CA\CA Internet Security Suite\caaspyinterface.dll]  [CA, Inc., 9.1.0.22]
	[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll]  [Computer Associates International, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAISSLicMod.dll]  [CA, 1, 0, 0, 4]
	[C:\Program Files\CA\CA Internet Security Suite\EZAVLIC.DLL]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\calic.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\License.dll]  [N/A, ]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\driverif.dll]  [CA, Inc., Version 8.4.0.28]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavProduct.dll]  [CA, Inc., Version 8.4.0.24]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavResource.dll]  [CA, Inc., Version 8.4.0.24]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavImages.dll]  [CA, Inc., Version 8.4.0.24]
	[C:\Program Files\CA\CA Internet Security Suite\caissresource.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\caISSImages.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\caISSProduct.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\CCUpdIf.dll]  [CA, Inc., Version 3.2.1.19]
[PID: 2736 / carol][C:\WINDOWS\system32\igfxsrvc.exe]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.4864]
	[C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 6.14.10.4864]
[PID: 3072 / carol][C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe]  [CA, Inc., Version 8.4.0.28]
	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll]  [CA, Inc., Version 3.2.1.21]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavProduct.dll]  [CA, Inc., Version 8.4.0.24]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavResource.dll]  [CA, Inc., Version 8.4.0.24]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavImages.dll]  [CA, Inc., Version 8.4.0.24]
	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll]  [CA, Inc., Version 3.2.1.19]
[PID: 2172 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 2664 / carol][C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe]  [CA, Inc., 9, 1, 0, 2]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\ITMRTAPI.dll]  [CA, Inc., 1.1.0.32]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll]  [CA, Inc., Version 3.2.1.21]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caAspyConst.dll]  [CA, Inc., 9.1.0.22]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caAspyResource.dll]  [CA, Inc., 9.1.0.22]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caAspyImages.dll]  [CA, Inc., 9.1.0.22]
	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll]  [Computer Associates International, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAISSLicMod.dll]  [CA, 1, 0, 0, 4]
	[C:\Program Files\CA\CA Internet Security Suite\EZAVLIC.DLL]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\calic.dll]  [CA, Inc., Version 3.2.1.19]
	[C:\Program Files\CA\CA Internet Security Suite\License.dll]  [N/A, ]
	[C:\Program Files\Common Files\Scanner\ppctl.dll]  [CA, 5.6.9.5]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
[PID: 2972 / carol][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 2040 / SYSTEM][C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe]  [CA, Inc., 9.1.0.9]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\ITMRTAPI.dll]  [CA, Inc., 1.1.0.32]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 2844 / SYSTEM][C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe]  [CA, Inc., Version 3.2.1.19]
[PID: 2872 / carol][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll]  [Google Inc., 5, 2, 4204, 1700]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll]  [Google Inc., 5, 2, 4204, 1700]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 3580 / carol][C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE]  [N/A, ]
	[C:\Program Files\2Wire Wireless\Client Manager\cmtwo.dll]  [2wire, 1, 3, 2, 0]
	[C:\WINDOWS\system32\watwo51b.dll]  [2wire, 7.86.38.623]
[PID: 2500 / carol][C:\Documents and Settings\carol\Application Data\U3\000015A2DA6002D3\LaunchPad.exe]  [, 1, 4, 0, 2]
	[C:\Documents and Settings\carol\Application Data\U3\000015A2DA6002D3\u3dapi10.dll]  [, 1, 0, 4, 0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CA\SharedComponents\PPRT\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Documents and Settings\carol\Application Data\U3\000015A2DA6002D3\SanDiskFormatExtension.dll]  [TODO: <Company name>, 1, 2, 0, 2]
	[C:\Documents and Settings\carol\Application Data\U3\000015A2DA6002D3\SanDiskSecurityExtension.dll]  [U3, 1, 2, 0, 2]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 2288 / carol][C:\Documents and Settings\carol\Desktop\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 2328 / carol][C:\Documents and Settings\carol\Desktop\sreng2\SREe77770df.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Documents and Settings\carol\Desktop\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[\\?\globalroot\Device\__max++>\10D5F3E8.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]
	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
	C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)
CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
	C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)
CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]
	C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)
CA ISafe LSP
	C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1520, C:\PROGRAM FILES\COMMON FILES\MOTIVE\MCCICMSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1624, C:\PROGRAM FILES\CANON\CAL\CALMAIN.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 812, C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3580, C:\PROGRAM FILES\2WIRE WIRELESS\CLIENT MANAGER\CMTWO.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2500, C:\DOCUMENTS AND SETTINGS\CAROL\APPLICATION DATA\U3\000015A2DA6002D3\LAUNCHPAD.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2288, C:\DOCUMENTS AND SETTINGS\CAROL\DESKTOP\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] CAAntiSpywareScan_Daily as Owner at 12 03 PM.job
		C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe 

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:10:30 AM

Posted 03 October 2009 - 07:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 PM

Posted 14 October 2009 - 12:48 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users