Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Infection - can't run explorer.exe, HiJackThis, Mbam, among other programs


  • This topic is locked This topic is locked
2 replies to this topic

#1 yaytaco27

yaytaco27

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 September 2009 - 09:29 PM

Long story [somewhat] short, my explorer.exe, HiJackThis, and Malwarebytes will not run. Attempting to run explorer.exe through task manager yields this message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them," while HiJackThis and Malwarebytes tell me "The database you are using is not supported by this version of Malwarebytes' Anti-Malware." I've attempted to download and use many several other spyware programs (and used them in safe mode, where the situation is exactly the same), and those programs either close up, don't actually show up other than in the running processes menu under task manager, or just don't find anything.

If you want the more detailed story, you can view this: http://www.bleepingcomputer.com/forums/t/258276/cannot-run-explorerexe-hijackthis-mbam-or-combofix/
As per the directions of boopme, I am posting the following logs from System Repair Engineer here.


2009-09-17,21:16:32

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
	<ctfmon.exe><C:WINDOWSsystem32ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Aim6><>  [N/A]
[HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
	<Apoint><C:Program FilesApointApoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<IntelWireless><C:Program FilesIntelWirelessBinifrmewrk.exe /tf Intel PROSet/Wireless>  [Intel Corporation]
	<igfxtray><C:WINDOWSsystem32igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<igfxhkcmd><C:WINDOWSsystem32hkcmd.exe>  []
	<igfxpers><C:WINDOWSsystem32igfxpers.exe>  [Intel Corporation]
	<Dell QuickSet><C:Program FilesDellQuickSetQuickset.exe>  []
	<SunJavaUpdateSched><"C:Program FilesJavajre6binjusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<Malwarebytes Anti-Malware (reboot)><"C:Program FilesMbalwarebytesmbam.exe" /runcleanupscript>  [(Verified)Malwarebytes Corporation]
	<KernelFaultCheck><%systemroot%system32dumprep 0 -k>  [File is missing]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
	<Malwarebytes' Anti-Malware><C:Program FilesMbytesmbamgui.exe /install /silent>  [(Verified)Malwarebytes Corporation]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
	<shell><Explorer.exe>  []
	<Userinit><C:WINDOWSsystem32userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows]
	<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%system32SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%system32SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:WINDOWSsystem32webcheck.dll>  [(Verified)Microsoft Windows]
	<SysTray><C:WINDOWSsystem32stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WPDShServiceObj><C:WINDOWSsystem32WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifydimsntfy]
	<WinlogonNotify: dimsntfy><%SystemRoot%System32dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyIntelWireless]
	<WinlogonNotify: IntelWireless><C:Program FilesIntelWirelessBinLgNotify.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifySchedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifysclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifySensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifytermsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifywlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%system32browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%system32browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<Internet Explorer Version Update><C:WINDOWSsystem32ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:WINDOWSinfunregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><%systemroot%system32shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<"C:WINDOWSsystem32rundll32.exe" "C:WINDOWSsystem32iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
	<RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%system32shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%Outlook Expresssetup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFwmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%Outlook Expresssetup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:WINDOWSsystem32ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><c:WINDOWSsystem32Rundll32.exe c:WINDOWSsystem32mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{8b15971b-5355-4c82-8c07-7e181ea07608}]
	<Fax><rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFfxsocm.inf,Fax.UnInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
	<Fax Provider><rundll32.exe C:WINDOWSsystem32SetupFxsOcm.dll,XP_UninstallProvider>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USERControl PanelDesktop]
	<SCRNSAVE.EXE><C:WINDOWSsystem32scrnsave.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
Startup Folders
[Adobe Gamma Loader]
  <C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Gamma Loader.lnk --> C:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Adobe Reader Speed Launch]
  <C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk --> C:PROGRA~1AdobeACROBA~1.0ReaderREADER~1.EXE [Adobe Systems Incorporated]><N>

==================================
Services
[AG Windows Service / AGWinService][Running/Auto Start]
  <"C:Program FilesAGIcommonwin32PythonService.exe"><>
[EvtEng / EvtEng][Running/Auto Start]
  <C:Program FilesIntelWirelessBinEvtEng.exe><Intel Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:WINDOWSSystem32svchost.exe -k netsvcs-->%SystemRoot%System32hidserv.dll><N/A>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:Program FilesJavajre6binjqs.exe" -service -config "C:Program FilesJavajre6libdeployjqsjqs.conf"><Sun Microsystems, Inc.>
[Message Queuing / MSMQ][Stopped/Auto Start]
  <C:WINDOWSsystem32mqsvc.exe><Microsoft Corporation>
[Message Queuing Triggers / MSMQTriggers][Stopped/Auto Start]
  <C:WINDOWSsystem32mqtgsvc.exe><Microsoft Corporation>
[NICCONFIGSVC / NICCONFIGSVC][Running/Auto Start]
  <C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe><Dell Inc.>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Disabled]
  <C:WINDOWSsystem32HPZipm12.exe><HP>
[RegSrvc / RegSrvc][Running/Auto Start]
  <C:Program FilesIntelWirelessBinRegSrvc.exe><Intel Corporation>
[Remote Procedure Call (RPC) Net / Rpcnet][Running/Auto Start]
  <C:WINDOWSSYSTEM32Rpcnet.exe><Absolute Software Corp.>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
  <C:Program FilesIntelWirelessBinS24EvMon.exe><Intel Corporation>
[Viewpoint Manager Service / Viewpoint Manager Service][Stopped/Auto Start]
  <"C:Program FilesViewpointCommonViewpointService.exe"><Viewpoint Corporation>
[WLANKEEPER / WLANKEEPER][Running/Auto Start]
  <C:Program FilesIntelWirelessBinWLKeeper.exe><Intel® Corporation>

==================================
Drivers
[AEGIS Protocol (IEEE 802.1x) v3.1.0.1 / AegisP][Running/Auto Start]
  <system32DRIVERSAegisP.sys><Meetinghouse Data Communications>
[AliIde / AliIde][Stopped/Disabled]
  <SystemRootsystem32DRIVERSaliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <SystemRootsystem32DRIVERSamdagp.sys><Advanced Micro Devices, Inc.>
[Alps Touch Pad Filter Driver for Windows 2000/XP / ApfiltrService][Running/Manual Start]
  <system32DRIVERSApfiltr.sys><Alps Electric Co., Ltd.>
[APPDRV / APPDRV][Running/System Start]
  <SystemRootSYSTEM32DRIVERSAPPDRV.SYS><Dell Inc>
[asc / asc][Stopped/Disabled]
  <SystemRootsystem32DRIVERSasc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Disabled]
  <SystemRootsystem32DRIVERSasc3550.sys><Advanced System Products, Inc.>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32DRIVERSAvgAsCln.sys><GRISOFT, s.r.o.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
  <system32DRIVERSbcm4sbxp.sys>
[catchme / catchme][Stopped/Manual Start]
  <??C:DOCUME~1PAULJO~1LOCALS~1Tempcatchme.sys><N/A>
[CmdIde / CmdIde][Stopped/Disabled]
  <SystemRootsystem32DRIVERScmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <SystemRootsystem32DRIVERSdac2w2k.sys><Mylex Corporation>
[drvmcdb / drvmcdb][Running/Boot Start]
  <SystemRootsystem32driversdrvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
  <system32driversdrvnddm.sys><Sonic Solutions>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <system32DRIVERSe100b325.sys><Intel Corporation>
[Hitman Pro 3 Support Driver / hitmanpro3][Stopped/Manual Start]
  <??C:WINDOWSsystem32driverbleepmanpro3.sys><N/A>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
  <system32DRIVERSHPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
  <system32DRIVERSHPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
  <system32DRIVERSHPZius12.sys><HP>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <system32DRIVERSHSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32DRIVERSHSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32DRIVERSialmnt5.sys><Intel Corporation>
[Intel Wireless Connection Agent Miniport for Win XP / IWCA][Running/Manual Start]
  <system32DRIVERSiwca.sys><Intel Corporation>
[KLIF / KLIF][Running/System Start]
  <System32DRIVERSklif.sys><Kaspersky Lab>
[LibUsb-Win32 - Kernel Driver, Version 0.1.10.1 / libusb0][Stopped/Manual Start]
  <system32driverslibusb0.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32DRIVERSmdmxsdk.sys><Conexant>
[MmedFilter / MmedFilter][Stopped/Manual Start]
  <??C:WINDOWSsystem32DriversMmedFilter.sys><N/A>
[Message Queuing access control / MQAC][Running/Manual Start]
  <??C:WINDOWSsystem32driversmqac.sys><Microsoft Corporation>
[mraid35x / mraid35x][Stopped/Disabled]
  <SystemRootsystem32DRIVERSmraid35x.sys><American Megatrends Inc.>
[MREMP50 NDIS Protocol Driver / MREMP50][Stopped/Manual Start]
  <??C:PROGRA~1COMMON~1MotiveMREMP50.SYS><N/A>
[MREMP50a64 NDIS Protocol Driver / MREMP50a64][Stopped/Manual Start]
  <??C:PROGRA~1COMMON~1MotiveMREMP50a64.SYS><N/A>
[MREMPR5 NDIS Protocol Driver / MREMPR5][Stopped/Manual Start]
  <??C:PROGRA~1COMMON~1MotiveMREMPR5.SYS><N/A>
[MRENDIS5 NDIS Protocol Driver / MRENDIS5][Stopped/Manual Start]
  <??C:PROGRA~1COMMON~1MotiveMRENDIS5.SYS><N/A>
[MRESP50 NDIS Protocol Driver / MRESP50][Stopped/Manual Start]
  <??C:PROGRA~1COMMON~1MotiveMRESP50.SYS><N/A>
[MRESP50a64 NDIS Protocol Driver / MRESP50a64][Stopped/Manual Start]
  <??C:PROGRA~1COMMON~1MotiveMRESP50a64.SYS><N/A>
[nv / nv][Stopped/Manual Start]
  <system32DRIVERSnv4_mini.sys><NVIDIA Corporation>
[OMCI / OMCI][Running/System Start]
  <SystemRootSYSTEM32DRIVERSOMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32DRIVERSptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <SystemRootSystem32DriversPxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <SystemRootsystem32DRIVERSql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <SystemRootsystem32DRIVERSql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <SystemRootsystem32DRIVERSql1280.sys><QLogic Corporation>
[WLAN Transport / s24trans][Running/Auto Start]
  <system32DRIVERSs24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32DRIVERSsecdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <SystemRootsystem32DRIVERSsisagp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32DRIVERSSONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Stopped/Disabled]
  <SystemRootsystem32DRIVERSsparrow.sys><Adaptec, Inc.>
[sscdbhk5 / sscdbhk5][Running/System Start]
  <system32driverssscdbhk5.sys><Sonic Solutions>
[ssfs0bbc / ssfs0bbc][Running/Boot Start]
  <SystemRootsystem32DRIVERSssfs0bbc.sys><Webroot Software, Inc. (www.webroot.com)>
[sshrmd / sshrmd][Running/Boot Start]
  <SystemRootsystem32DRIVERSsshrmd.sys><Webroot Software, Inc. (www.webroot.com)>
[ssidrv / ssidrv][Running/Boot Start]
  <SystemRootsystem32DRIVERSssidrv.sys><Webroot Software, Inc. (www.webroot.com)>
[ssrtln / ssrtln][Running/System Start]
  <system32driversssrtln.sys><Sonic Solutions>
[SigmaTel C-Major Audio / STAC97][Running/Manual Start]
  <system32driversSTAC97.sys><SigmaTel, Inc.>
[symc810 / symc810][Stopped/Disabled]
  <SystemRootsystem32DRIVERSsymc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <SystemRootsystem32DRIVERSsymc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <SystemRootsystem32DRIVERSsym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <SystemRootsystem32DRIVERSsym_u3.sys><LSI Logic>
[tfsnboio / tfsnboio][Running/Auto Start]
  <system32dlatfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
  <system32dlatfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
  <system32dlatfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
  <system32dlatfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
  <system32dlatfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
  <system32dlatfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
  <system32dlatfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
  <system32dlatfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
  <system32dlatfsnudfa.sys><Sonic Solutions>
[tmcomm / tmcomm][Running/Auto Start]
  <??C:WINDOWSsystem32driverstmcomm.sys><Trend Micro Inc.>
[ultra / ultra][Stopped/Disabled]
  <SystemRootsystem32DRIVERSultra.sys><Promise Technology, Inc.>
[Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP / w29n51][Running/Manual Start]
  <system32DRIVERSw29n51.sys><Intel® Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32DRIVERSHSF_CNXT.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:Program FilesJavajre6binjp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll, Sun Microsystems, Inc.>
[AIM]
  {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:Program FilesAIMaim.exe, (Signed) America Online, Inc.>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%Network Diagnosticxpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:Program FilesMessengermsmsgs.exe, (Signed) Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:WINDOWSsystem32legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[Facebook Photo Uploader 4 Control]
  {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} <C:WINDOWSDownloaded Program FilesImageUploader4.1.ocx, (Signed) The Facebook>
[Windows Live Safety Center Base Module]
  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:WINDOWSDownloaded Program FileswlscBase.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:Program FilesJavajre6binnpjpi160_15.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:WINDOWSsystem32MacromedFlashFlash9d.ocx, (Signed) Adobe Systems, Inc.>
[]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <, >
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:WINDOWSsystem32wmpdxm.dll, (Signed) Microsoft Corporation>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} <, >
[]
  {0BC6E3FA-78EF-4886-842C-5A1258C4455A} <, >
[]
  {13DD78D3-2194-419A-85AB-6EAF19E4B754} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:WINDOWSsystem32legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[]
  {2017CF68-5A8D-4B35-8780-13FED3AD6EA3} <, >
[]
  {21F6ADFF-CCEA-4148-82FC-C3B026A5CB93} <, >
[]
  {243EABF2-53C0-4A5B-9382-B68319FB2F0B} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:WINDOWSsystem32mshtml.dll, (Signed) Microsoft Corporation>
[]
  {270494FF-C44A-4859-8537-E049F9526426} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%system32msxml3.dll, (Signed) N/A>
[]
  {2ADAFEE8-9304-4799-A7AC-CFD76364269C} <, >
[]
  {2B64CCF0-D916-4933-BC8E-4DE8226263D4} <, >
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:Program FilesCommon FilesMicrosoft SharedTrieditdhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2F282084-4526-470B-B37A-921260164EE2} <, >
[]
  {31C7C77A-BC11-41DC-8DA2-8224600DB0AD} <, >
[]
  {350D02A9-62C4-4B9A-9114-AF9ABE5053BA} <, >
[]
  {35FE37C0-96D9-4A37-976A-4EBFB653DDEA} <, >
[]
  {367925B4-8F74-47CD-955A-048FEF076700} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:PROGRA~1COMMON~1MICROS~1SMARTT~1IETAG.DLL, (Signed) Microsoft Corporation>
[]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <, >
[]
  {3E767BEF-7A64-4A3E-97CA-381DA0A8DD92} <, >
[]
  {3EEC59CC-1F1E-42AC-9E9D-32BAC3D126D1} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%system32msxml3.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%system32mstscax.dll, (Signed) N/A>
[]
  {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} <, >
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%system32mstscax.dll, (Signed) N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:WINDOWSsystem32ieframe.dll, (Signed) Microsoft Corporation>
[]
  {58112A01-1F24-4EFE-A6B2-297DC7CDFEF2} <, >
[]
  {58A22607-5016-4735-980F-77E80EEEB76B} <, >
[Facebook Photo Uploader 4 Control]
  {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} <C:WINDOWSDownloaded Program FilesImageUploader4.1.ocx, (Signed) The Facebook>
[]
  {5CA3D70E-1895-11CF-8E15-001234567890} <, >
[Windows Live Safety Center Base Module]
  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:WINDOWSDownloaded Program FileswlscBase.dll, (Signed) Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:WINDOWSsystem32wuweb.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:WINDOWSsystem32wmp.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:WINDOWSsystem32muweb.dll, (Signed) Microsoft Corporation>
[]
  {7027D7DA-CCB6-4F84-9FA9-2B812890778F} <, >
[]
  {706D2C16-6647-42B4-9CF1-0289679FACCE} <, >
[]
  {71FFA580-18B2-4B76-8D43-EB3DBBC2DC87} <, >
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%system32mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%system32mstscax.dll, (Signed) N/A>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
  {76947A08-DFBC-48F3-977F-5612E575B6B1} <, >
[]
  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <, >
[]
  {7F248C6A-D0D3-4309-B199-C391010E5693} <, >
[]
  {82CBDF68-AE26-445F-BCEC-0A52FD3EC415} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:WINDOWSsystem32ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <c:WINDOWSsystem32msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <c:WINDOWSsystem32msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSXML5.DLL, (Signed) Microsoft Corporation>
[]
  {891F621C-85C4-406A-9666-1B7C822A91F4} <, >
[]
  {8AF3F23C-BAA1-4ADC-9DA2-D45EC40E432A} <, >
[]
  {8E36CB36-A412-42D1-ACA5-AF073D99D0B4} <, >
[Windows Live Safety Center Control Module]
  {8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:Program FilesWindows Live Safety CenterwlscCtrl.dll, (Signed) Microsoft Corporation>
[]
  {8FD68625-2346-418A-8899-67CB36B1917F} <, >
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%system32mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {996D9F72-CF7B-44FA-B7C3-5BFD3437C054} <, >
[]
  {A0C474B8-A343-4E03-A3F7-CB48E60AEA76} <, >
[]
  {A7327C09-B521-4EDB-8509-7D2660C9EC98} <, >
[]
  {AC9E2541-2814-11D5-BC6D-00B0D0A1DE45} <, >
[]
  {B0DC520C-535C-45B8-8074-F31440837283} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%system32shdocvw.dll, (Signed) N/A>
[]
  {BB3B91F7-1070-4BFD-AA42-6C523B9162B9} <, >
[]
  {BD3B94F2-6C22-4A11-9703-8FFCACB44B20} <, >
[]
  {C17590D2-ECB4-4B15-8820-F58798DCC118} <, >
[]
  {C5AE2BDB-A470-4230-9D93-244E663A8E7E} <, >
[]
  {C7EA9C6F-5871-4967-A4B3-A3ECCA8758CF} <, >
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:Program FilesAdobeAcrobat 7.0ActiveXAcroPDF.dll, (Signed) Adobe Systems, Inc.>
[]
  {D21F5F2A-AF9C-482C-805B-080555EAECE0} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:WINDOWSsystem32MacromedFlashFlash9d.ocx, (Signed) Adobe Systems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:Program FilesJavajre6binjp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {DEA64501-A711-43E1-B568-6BE43189B0E5} <, >
[]
  {DFC1DB93-C9A2-4A7C-BB99-5DBC8726E6E5} <, >
[]
  {E29CA232-286B-423C-A67B-B9E5A32ECF00} <, >
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
  {E69CAF33-4F0C-4F2B-A2E5-0D4F458EC22F} <, >
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll, Sun Microsystems, Inc.>
[]
  {E95657E2-93EF-4849-AE46-A4430A734A5F} <, >
[]
  {ECEEA73F-40EB-4861-B540-C7A03DBE2949} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%system32msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%system32msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%system32msxml3.dll, (Signed) N/A>
[]
  {F7808D00-B85D-4584-8255-A6E52B042FDE} <, >
[]
  {F8AD5AA5-D966-4667-9DAF-2561D68B2012} <, >
[]
  {FAC92BCD-5754-49C7-9FD6-99964A118893} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
  {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} <, >

==================================
Running Processes
[PID: 724][SystemRootSystem32smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 804][??C:WINDOWSsystem32csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 828][??C:WINDOWSsystem32winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:Program FilesIntelWirelessBinLgNotify.dll]  [Intel Corporation, 9, 0, 1, 0]
[PID: 876][C:WINDOWSsystem32services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 888][C:WINDOWSsystem32lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1060][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]
	[?globalrootsystemrootsystem32UACneruncnirb.dll]  [N/A, ]
	[?globalrootsystemrootsystem32UACkfhvfcseqj.dll]  [N/A, ]
[PID: 1224][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootsystemrootsystem32UACneruncnirb.dll]  [N/A, ]
	[?globalrootsystemrootsystem32UACkfhvfcseqj.dll]  [N/A, ]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]
[PID: 1272][C:WINDOWSSystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootsystemrootsystem32UACneruncnirb.dll]  [N/A, ]
	[?globalrootsystemrootsystem32UACkfhvfcseqj.dll]  [N/A, ]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]
[PID: 1348][C:Program FilesIntelWirelessBinEvtEng.exe]  [Intel Corporation, 9, 0, 1, 12]
	[C:Program FilesIntelWirelessBinPsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
	[C:Program FilesIntelWirelessBinTraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
[PID: 1420][C:Program FilesIntelWirelessBinS24EvMon.exe]  [Intel Corporation , 9, 0, 1, 41]
	[C:Program FilesIntelWirelessBinTraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
	[C:Program FilesIntelWirelessBinPsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
[PID: 1472][C:Program FilesIntelWirelessBinZcfgSvc.exe]  [Intel Corporation, 9, 0, 1, 45]
	[C:Program FilesIntelWirelessBinPfMgrApi.dll]  [Intel Corporation, 9, 0, 1, 45]
	[C:Program FilesIntelWirelessBinTraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
	[C:Program FilesIntelWirelessBinPsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
	[C:Program FilesIntelWirelessBinMurocApi.dll]  [Intel Corporation, 9, 0, 1, 54]
	[C:Program FilesIntelWirelessBinS24MUDLL.dll]  [Intel Corporation, 9, 0, 1, 7]
	[C:Program FilesIntelWirelessBinC1XStngs.dll]  [Intel Corporation, 9, 0, 1, 31]
	[C:Program FilesIntelWirelessBinLSAWRAPI.dll]  [Intel Corporation, 9, 0, 1, 1]
	[C:Program FilesIntelWirelessBinD8021Xps.DLL]  [N/A, ]
[PID: 1520][C:Program FilesIntelWirelessBinWLKeeper.exe]  [Intel® Corporation, 9, 0, 1, 14]
	[C:Program FilesIntelWirelessBinPfMgrApi.dll]  [Intel Corporation, 9, 0, 1, 45]
	[C:Program FilesIntelWirelessBinTraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
	[C:Program FilesIntelWirelessBinPsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
	[C:Program FilesIntelWirelessBinMurocApi.dll]  [Intel Corporation, 9, 0, 1, 54]
	[C:Program FilesIntelWirelessBinS24MUDLL.dll]  [Intel Corporation, 9, 0, 1, 7]
	[C:Program FilesIntelWirelessBinC1XStngs.dll]  [Intel Corporation, 9, 0, 1, 31]
	[C:Program FilesIntelWirelessBinLSAWRAPI.dll]  [Intel Corporation, 9, 0, 1, 1]
[PID: 1564][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootsystemrootsystem32UACneruncnirb.dll]  [N/A, ]
	[?globalrootsystemrootsystem32UACkfhvfcseqj.dll]  [N/A, ]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]
[PID: 1696][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootsystemrootsystem32UACneruncnirb.dll]  [N/A, ]
	[?globalrootsystemrootsystem32UACkfhvfcseqj.dll]  [N/A, ]
[PID: 1752][C:WINDOWSsystem32spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]
	[C:WINDOWSsystem32DELS1LMK.DLL]  [, 1.0.1.0]
[PID: 436][C:PROGRA~1IntelWirelessBin1XConfig.exe]  [Intel, 9, 0, 1, 33]
	[C:PROGRA~1IntelWirelessBinIntelAE5.dll]  [Meetinghouse Data Communications, 3, 0, 0, 40]
	[C:PROGRA~1IntelWirelessBinTraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
	[C:PROGRA~1IntelWirelessBinPsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
	[C:Program FilesIntelWirelessBinD8021Xps.DLL]  [N/A, ]
[PID: 1612][C:WINDOWSsystem32taskmgr.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
	[C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 1692][C:Program FilesMozilla Firefoxfirefox.exe]  [Mozilla Corporation, 1.9.0.13]
	[C:Program FilesMozilla Firefoxxul.dll]  [Mozilla Foundation, 1.9.0.13]
	[C:Program FilesMozilla Firefoxsqlite3.dll]  [sqlite.org, 3.6.10]
	[C:Program FilesMozilla FirefoxMOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
	[C:Program FilesMozilla Firefoxjs3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:Program FilesMozilla Firefoxnspr4.dll]  [Mozilla Foundation, 4.7.5]
	[C:Program FilesMozilla Firefoxsmime3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:Program FilesMozilla Firefoxnss3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:Program FilesMozilla Firefoxnssutil3.dll]  [Mozilla Foundation, 3.12.3.1]
	[C:Program FilesMozilla Firefoxplc4.dll]  [Mozilla Foundation, 4.7.5]
	[C:Program FilesMozilla Firefoxplds4.dll]  [Mozilla Foundation, 4.7.5]
	[C:Program FilesMozilla Firefoxssl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:Program FilesMozilla Firefoxxpcom.dll]  [Mozilla Foundation, 1.9.0.13]
	[?globalrootsystemrootsystem32UACneruncnirb.dll]  [N/A, ]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]
	[C:Program FilesMozilla Firefoxcomponentsbrowserdirprovider.dll]  [Mozilla Foundation, 1.9.0.13]
	[C:Program FilesMozilla Firefoxcomponentsbrwsrcmp.dll]  [Mozilla Foundation, 1.9.0.13]
	[C:Program FilesMozilla Firefoxsoftokn3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:Program FilesMozilla Firefoxnssdbm3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:Program FilesMozilla Firefoxfreebl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:Program FilesMozilla Firefoxnssckbi.dll]  [Mozilla Foundation, 1.75]
[PID: 656][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootsystemrootsystem32UACneruncnirb.dll]  [N/A, ]
	[?globalrootsystemrootsystem32UACkfhvfcseqj.dll]  [N/A, ]
[PID: 696][C:Program FilesAGIcommonwin32PythonService.exe]  [, 2.5.211.0]
	[C:WINDOWSsystem32python25.dll]  [Python Software Foundation, 2.5.2]
	[C:WINDOWSsystem32MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:WINDOWSsystem32pywintypes25.dll]  [, 2.5.211.0]
	[C:Program FilesAGIcommonwin32servicemanager.pyd]  [, 2.5.211.0]
	[C:Program FilesAGIcommonwin32win32api.pyd]  [, 2.5.211.0]
	[C:Program FilesAGIcommonwin32_win32sysloader.pyd]  [, 2.5.211.0]
	[C:WINDOWSsystem32pythoncom25.dll]  [, 2.5.211.0]
	[C:Program FilesAGIcommonwin32comextshellshell.pyd]  [, 2.5.211.0]
	[C:Program FilesAGIcommonwin32win32process.pyd]  [, 2.5.211.0]
	[C:Program FilesAGIcommonwin32win32pdh.pyd]  [, 2.5.211.0]
	[C:Program FilesAGIcommonwin32win32security.pyd]  [, 2.5.211.0]
	[C:Program FilesAGIcommonwin32win32profile.pyd]  [, 2.5.211.0]
	[C:Program FilesAGIPython25dlls_ctypes.pyd]  [N/A, ]
	[C:Program FilesAGIPython25dlls_socket.pyd]  [N/A, ]
	[C:Program FilesAGIPython25dlls_ssl.pyd]  [N/A, ]
	[C:Program FilesAGIPython25dlls_hashlib.pyd]  [N/A, ]
	[C:Program FilesAGIcommonwin32win32service.pyd]  [, 2.5.211.0]
	[C:Program FilesAGIcommonwin32win32event.pyd]  [, 2.5.211.0]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]
[PID: 744][C:WINDOWSsystem32inetsrvinetinfo.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]
[PID: 764][C:Program FilesJavajre6binjqs.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[C:Program FilesJavajre6binMSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]
[PID: 1132][C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 1576][C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe]  [Dell Inc., 1, 0, 0, 1]
[PID: 276][C:Program FilesIntelWirelessBinRegSrvc.exe]  [Intel Corporation, 9, 0, 1, 10]
[PID: 260][C:WINDOWSSYSTEM32Rpcnet.exe]  [Absolute Software Corp., 8.0.885.0]
	[C:WINDOWSSYSTEM32Rpcnet.dll]  [Absolute Software Corp., 8.0.885.0]
[PID: 1528][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootsystemrootsystem32UACneruncnirb.dll]  [N/A, ]
	[?globalrootsystemrootsystem32UACkfhvfcseqj.dll]  [N/A, ]
[PID: 2552][C:WINDOWSSystem32dmadmin.exe]  [(Verified) Microsoft Corp., Veritas Software, 2600.5512.503.0]
[PID: 3020][C:WINDOWSsystem32wbemwmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 3568][C:WINDOWSsystem32wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
[PID: 2984][C:Documents and SettingsPaul Joseph BohmannDesktopSREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 2964][C:Documents and SettingsPaul Joseph BohmannDesktopSRE986f36c3.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:Documents and SettingsPaul Joseph BohmannDesktopUpload3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[?globalrootDevice__max++>7931CF14.x86.dll]  [N/A, ]

==================================
File Associations
.TXT  OK. [%SystemRoot%system32NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:WINDOWShh.exe" %1]
.HLP  OK. [%SystemRoot%System32winhlp32.exe %1]
.INI  OK. [%SystemRoot%System32NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%System32NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%System32WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%System32WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1348, C:PROGRAM FILESINTELWIRELESSBINEVTENG.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1420, C:PROGRAM FILESINTELWIRELESSBINS24EVMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1520, C:PROGRAM FILESINTELWIRELESSBINWLKEEPER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 696, C:PROGRAM FILESAGICOMMONWIN32PYTHONSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1576, C:PROGRAM FILESDELLNICCONFIGSVCNICCONFIGSVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 276, C:PROGRAM FILESINTELWIRELESSBINREGSRVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2984, C:DOCUMENTS AND SETTINGSPAUL JOSEPH BOHMANNDESKTOPSRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] {7B02EF0B-A410-4938-8480-9BA26420A627}.job
		C:WINDOWSmsa.exe 
[Enabled] SmartDefrag.job
		C:Program FilesIObitIObit SmartDefragIObit SmartDefrag.exe 
[Enabled] ParetoLogic Registration.job
		C:WINDOWSsystem32rundll32.exe 

==================================
Windows Security Update Check
KB940157,  Windows Search 4.0 for Windows XP (KB940157) 
KB943729,  Group Policy Preference Client Side Extensions for Windows XP (KB943729) 
KB943729,  Windows Live Essentials 
KB926139,  Windows PowerShell 1.0 for Windows XP (KB926139) 
KB931125,  Update for Root Certificates [May 2009] (KB931125) 
KB953331,  Microsoft Office Compatibility Pack Service Pack 2 (SP2) 
KB953331,  Office Live add-in 1.4 
KB949810,  Office Genuine Advantage Notifications (KB949810) 
KB944036,  Internet Explorer 8 for Windows XP 
KB974331,  Microsoft Silverlight (KB974331) 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

And I tried to follow the prep guide, but I wasn't able to get the DDS to run.

Merged posts. ~ OB

Edited by Orange Blossom, 18 September 2009 - 08:46 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 AM

Posted 03 October 2009 - 10:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please reply to this so we know you are there. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon replying, another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:17 PM

Posted 14 October 2009 - 12:39 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users