Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Ready for next step

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Ready for next step

Unread postby Katana » January 8th, 2008, 5:24 pm

Which program is actually stopping you from downloading ?
What do you actually see, can you do a print screen when the popup is there.

Please run the new copy of combofix that I asked you to download.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Re: Ready for next step

Unread postby julie0527 » January 8th, 2008, 5:43 pm

I don't know which program is stopping it from loading. For example I click on the link from here to download hijackthis and it pops up. I'm going to try to attach the screenshot now.
You do not have the required permissions to view the files attached to this post.
julie0527
Regular Member
 
Posts: 22
Joined: November 30th, 2007, 8:35 am

Re: Ready for next step

Unread postby julie0527 » January 8th, 2008, 9:28 pm

Combofixlog as requested:

ComboFix 08-01-08.2 - Matthew 2008-01-08 20:16:58.5 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.638 [GMT -5:00]
Running from: F:\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-07 20:52 . 2008-01-07 21:27 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-07 20:34 . 2008-01-07 20:34 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-06 17:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-19 11:33 . 2007-12-19 11:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nova Development
2007-12-19 11:33 . 2007-12-19 11:33 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-19 11:10 . 2007-12-19 11:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2007-12-18 23:33 . 2007-12-18 23:33 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-18 23:29 . 2007-12-18 23:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-18 23:28 . 2007-12-19 11:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 01:07 . 2007-12-17 01:07 129 --a------ C:\Shortcut to CD Drive.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 02:00 --------- d-----w C:\Program Files\Quicken
2007-12-03 04:21 --------- d-----w C:\Program Files\McAfee
2007-12-03 04:21 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-03 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-30 01:18 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-29 21:49 --------- d-----w C:\Program Files\EsetOnlineScanner
2007-11-29 19:31 --------- d-----w C:\Documents and Settings\Matthew\Application Data\McAfee
2007-11-29 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-29 14:00 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-29 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2007-11-28 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-21 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-11 05:57 96,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-11 05:57 617,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-11 05:57 55,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-11 05:57 532,480 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-10-11 05:57 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-11 05:57 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-10-11 05:57 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-10-11 05:57 251,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-10-11 05:57 205,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-11 05:57 16,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-10-11 05:57 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2006-12-21 20:54 14,201 ----a-w C:\Program Files\INSTALL.LOG
2005-09-14 13:24 33,280 ----a-w C:\Program Files\EndProcess.exe
2004-04-21 03:55 1,760,378 ----a-w C:\Program Files\aaw6.exe
2004-03-14 22:48 2,800,777 ----a-w C:\Program Files\aucmak2.exe
2004-03-14 21:18 19,296,636 ----a-w C:\Program Files\PEERInstall.exe
2004-02-08 18:30 10 ----a-w C:\Program Files\Notes.txt
2004-02-08 18:07 336 ----a-w C:\Program Files\announce.txt
2004-02-07 03:26 5,864 ----a-w C:\Program Files\client.ini
2004-01-28 15:47 1,800 ----a-w C:\Program Files\TabConfig.txt
2004-01-08 20:24 41 ----a-w C:\Program Files\RemoveGlobalMsg.txt
2004-01-08 20:23 205 ----a-w C:\Program Files\ResendGlobalMsg.txt
2004-01-05 01:46 3,371,040 ---h--r C:\Documents and Settings\Matthew\SYSTEM.DAT
2004-01-05 01:45 831,520 ---h--r C:\Documents and Settings\Matthew\USER.DAT
2004-01-05 01:45 3,833,888 ---h--r C:\Documents and Settings\Matthew\CLASSES.DAT
2003-07-03 23:13 498 ----a-w C:\Documents and Settings\Matthew\eReg.dat
2003-05-26 23:17 30 ----a-w C:\Documents and Settings\Matthew\INTURS.DAT
2003-05-13 18:20 8,224 ----a-w C:\Documents and Settings\Matthew\Application Data\GDIPFONTCACHEV1.DAT
2003-05-09 04:45 19,281 ----a-w C:\Documents and Settings\Matthew\War3Unin.dat
2003-05-04 04:41 11,310 ----a-w C:\Documents and Settings\Matthew\scunin.dat
2003-05-03 17:03 1,536 ----a-w C:\Documents and Settings\Matthew\TrueSoft.dat
2003-05-01 22:32 163,872 ---h--r C:\Documents and Settings\Matthew\HWINFO.DAT
2003-02-28 21:35 6,550 ----a-w C:\Documents and Settings\Matthew\JAUTOEXP.DAT
2002-06-14 17:33 96,256 ----a-w C:\Program Files\UnGins.exe
2002-05-24 06:49 679,936 ----a-w C:\Program Files\libeay32.dll
2002-05-24 06:49 147,456 ----a-w C:\Program Files\ssleay32.dll
2002-05-23 11:25 147,728 ----a-w C:\Program Files\ASYCFILT.DLL
2001-11-29 19:58 456 ----a-w C:\Documents and Settings\Matthew\PTHSP.DAT
1999-06-22 05:45 57,344 ----a-w C:\Program Files\Zlib.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-07_ 9.42.46.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 11:57:26 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-08 01:34:43 10,567,680 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-01-08 01:34:43 24,576 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-05 11:57:26 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-08 01:34:42 10,567,680 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-01-08 01:34:42 24,576 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-01-02 06:00:00 284,016 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\ecmsvr32.dll
+ 2008-01-02 06:00:00 124,272 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\naveng32.dll
+ 2008-01-02 06:00:00 914,800 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\navex32a.dll
+ 2008-01-02 06:00:00 97,776 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\scrauth.dat
+ 2008-01-02 06:00:00 402,652 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\tcdefs.dat
+ 2008-01-02 06:00:00 2,570,338 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\tcscan7.dat
+ 2008-01-02 06:00:00 437,760 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\tcscan8.dat
+ 2008-01-02 06:00:00 1,011,347 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\tcscan9.dat
+ 2008-01-02 06:00:00 68,399 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\tscan1.dat
+ 2008-01-02 06:00:00 3,294 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\tscan1hd.dat
+ 2008-01-02 06:00:00 997,731 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\virscan1.dat
+ 2008-01-02 06:00:00 570,966 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\virscan2.dat
+ 2008-01-02 06:00:00 151,040 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\virscan3.dat
+ 2008-01-02 06:00:00 320,253 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\virscan4.dat
+ 2008-01-02 06:00:00 5,556,894 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\virscan5.dat
+ 2008-01-02 06:00:00 392,489 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\virscan6.dat
+ 2008-01-02 06:00:00 19,052,778 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\virscan7.dat
+ 2008-01-02 06:00:00 1,907,495 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\virscan8.dat
+ 2008-01-02 06:00:00 5,451,386 ----a-w C:\WINDOWS\LastGood\Downloaded Program Files\virscan9.dat
- 2008-01-07 14:37:24 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-01-08 01:55:45 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-01-07 14:37:24 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-01-08 01:55:45 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2008-01-07 14:37:24 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2008-01-08 01:55:45 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2005-09-29 09:44 597104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24 86016]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2003-09-15 01:00 126976]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 02:56 11776 C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47 204800]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 11:05 53248]
"Tgcmd"="c:\@Home\tioga\bin\tgcmd.exe" [2000-03-10 18:59 598016]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 19:46 270336]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2004-01-20 11:45 1757184]
"PDUiP6000DMon"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe" [2004-05-31 13:26 57344]
"PDUiP6000DTskbr"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe" [2004-05-28 09:29 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-11 17:52 98304]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2005-08-23 08:36 1110079]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2005-08-23 08:22 188416]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-14 20:47 180269]
"Motive SmartBridge"="C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2007-07-06 07:00 438359]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 11:44 20480]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-07-28 09:32 1279336]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\
Picaboo.lnk - C:\Program Files\Picaboo\Picaboo\PicabooMain.exe [2007-04-04 12:10:52]
PictureProject In Touch.lnk - C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 17:30:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-08 17:36:15]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Forget Me Not.lnk - C:\Program Files\Mindscape\CreataParty\PMREMIND.EXE [2005-10-10 20:24:47]
Gomez PEER.lnk - C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe [2004-03-14 16:19:25]
Kodak EasyShare software.lnk - C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2003-09-18 10:47:10]
KODAK Software Updater.lnk - C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 17:48:18]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-12-11 18:03:15]
Virtual Assistant.lnk - C:\Program Files\Virtual Assistant\bin\matcli.exe [2006-12-21 16:11:39]

S2 ptssvc;ptssvc;C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [2001-08-15 06:43]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2003-07-01 12:51]

*Newly Created Service* - DCFS2K
.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 06:48:56 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-12-01 06:03:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 20:22:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 20:23:16
ComboFix-quarantined-files.txt 2008-01-09 01:23:01
ComboFix2.txt 2008-01-07 15:41:39
ComboFix3.txt 2008-01-07 14:43:05
ComboFix4.txt 2008-01-06 23:36:32
.
2007-12-06 01:14:19 --- E O F ---
julie0527
Regular Member
 
Posts: 22
Joined: November 30th, 2007, 8:35 am

Re: Ready for next step

Unread postby Katana » January 8th, 2008, 10:36 pm

Well, that last log looks fine ?


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\WINDOWS\SYSTEM32\mrxofpgb.tmp
    C:\WINDOWS\SYSTEM32\obdekini.tmp
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Let's see if we can find the problem with the downloads

Again, these are perfectly safe to download to any PC :)


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply


Please download FireFox. Install it on the infected machine and use it to try and dowload Hijack this.
This will tell us if the problem is Internet Explorer
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Ready for next step

Unread postby julie0527 » January 8th, 2008, 11:30 pm

Here is the last combofix from the notepad paste:

ComboFix 08-01-08.2 - Matthew 2008-01-08 22:17:01.6 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.652 [GMT -5:00]
Running from: F:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Matthew\Desktop\CFScript.txt

FILE
C:\WINDOWS\SYSTEM32\mrxofpgb.tmp
C:\WINDOWS\SYSTEM32\obdekini.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\mrxofpgb.tmp
C:\WINDOWS\SYSTEM32\obdekini.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-07 20:52 . 2008-01-07 21:27 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-07 20:34 . 2008-01-07 20:34 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-06 17:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-19 11:33 . 2007-12-19 11:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nova Development
2007-12-19 11:33 . 2007-12-19 11:33 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-19 11:10 . 2007-12-19 11:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2007-12-18 23:33 . 2007-12-18 23:33 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-18 23:29 . 2007-12-18 23:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-18 23:28 . 2007-12-19 11:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 01:07 . 2007-12-17 01:07 129 --a------ C:\Shortcut to CD Drive.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 02:00 --------- d-----w C:\Program Files\Quicken
2007-12-03 04:21 --------- d-----w C:\Program Files\McAfee
2007-12-03 04:21 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-03 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-30 01:18 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-29 21:49 --------- d-----w C:\Program Files\EsetOnlineScanner
2007-11-29 19:31 --------- d-----w C:\Documents and Settings\Matthew\Application Data\McAfee
2007-11-29 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-29 14:00 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-29 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2007-11-28 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-21 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-11 05:57 96,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-11 05:57 617,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-11 05:57 55,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-11 05:57 532,480 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-10-11 05:57 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-11 05:57 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-10-11 05:57 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-10-11 05:57 251,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-10-11 05:57 205,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-11 05:57 16,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-10-11 05:57 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2006-12-21 20:54 14,201 ----a-w C:\Program Files\INSTALL.LOG
2005-09-14 13:24 33,280 ----a-w C:\Program Files\EndProcess.exe
2004-04-21 03:55 1,760,378 ----a-w C:\Program Files\aaw6.exe
2004-03-14 22:48 2,800,777 ----a-w C:\Program Files\aucmak2.exe
2004-03-14 21:18 19,296,636 ----a-w C:\Program Files\PEERInstall.exe
2004-02-08 18:30 10 ----a-w C:\Program Files\Notes.txt
2004-02-08 18:07 336 ----a-w C:\Program Files\announce.txt
2004-02-07 03:26 5,864 ----a-w C:\Program Files\client.ini
2004-01-28 15:47 1,800 ----a-w C:\Program Files\TabConfig.txt
2004-01-08 20:24 41 ----a-w C:\Program Files\RemoveGlobalMsg.txt
2004-01-08 20:23 205 ----a-w C:\Program Files\ResendGlobalMsg.txt
2004-01-05 01:46 3,371,040 ---h--r C:\Documents and Settings\Matthew\SYSTEM.DAT
2004-01-05 01:45 831,520 ---h--r C:\Documents and Settings\Matthew\USER.DAT
2004-01-05 01:45 3,833,888 ---h--r C:\Documents and Settings\Matthew\CLASSES.DAT
2003-07-03 23:13 498 ----a-w C:\Documents and Settings\Matthew\eReg.dat
2003-05-26 23:17 30 ----a-w C:\Documents and Settings\Matthew\INTURS.DAT
2003-05-13 18:20 8,224 ----a-w C:\Documents and Settings\Matthew\Application Data\GDIPFONTCACHEV1.DAT
2003-05-09 04:45 19,281 ----a-w C:\Documents and Settings\Matthew\War3Unin.dat
2003-05-04 04:41 11,310 ----a-w C:\Documents and Settings\Matthew\scunin.dat
2003-05-03 17:03 1,536 ----a-w C:\Documents and Settings\Matthew\TrueSoft.dat
2003-05-01 22:32 163,872 ---h--r C:\Documents and Settings\Matthew\HWINFO.DAT
2003-02-28 21:35 6,550 ----a-w C:\Documents and Settings\Matthew\JAUTOEXP.DAT
2002-06-14 17:33 96,256 ----a-w C:\Program Files\UnGins.exe
2002-05-24 06:49 679,936 ----a-w C:\Program Files\libeay32.dll
2002-05-24 06:49 147,456 ----a-w C:\Program Files\ssleay32.dll
2002-05-23 11:25 147,728 ----a-w C:\Program Files\ASYCFILT.DLL
2001-11-29 19:58 456 ----a-w C:\Documents and Settings\Matthew\PTHSP.DAT
1999-06-22 05:45 57,344 ----a-w C:\Program Files\Zlib.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2005-09-29 09:44 597104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24 86016]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2003-09-15 01:00 126976]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 02:56 11776 C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47 204800]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 11:05 53248]
"Tgcmd"="c:\@Home\tioga\bin\tgcmd.exe" [2000-03-10 18:59 598016]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 19:46 270336]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2004-01-20 11:45 1757184]
"PDUiP6000DMon"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe" [2004-05-31 13:26 57344]
"PDUiP6000DTskbr"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe" [2004-05-28 09:29 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-11 17:52 98304]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2005-08-23 08:36 1110079]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2005-08-23 08:22 188416]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-14 20:47 180269]
"Motive SmartBridge"="C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2007-07-06 07:00 438359]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 11:44 20480]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-07-28 09:32 1279336]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\
Picaboo.lnk - C:\Program Files\Picaboo\Picaboo\PicabooMain.exe [2007-04-04 12:10:52]
PictureProject In Touch.lnk - C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 17:30:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-08 17:36:15]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Forget Me Not.lnk - C:\Program Files\Mindscape\CreataParty\PMREMIND.EXE [2005-10-10 20:24:47]
Gomez PEER.lnk - C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe [2004-03-14 16:19:25]
Kodak EasyShare software.lnk - C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2003-09-18 10:47:10]
KODAK Software Updater.lnk - C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 17:48:18]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-12-11 18:03:15]
Virtual Assistant.lnk - C:\Program Files\Virtual Assistant\bin\matcli.exe [2006-12-21 16:11:39]

S2 ptssvc;ptssvc;C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [2001-08-15 06:43]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2003-07-01 12:51]

*Newly Created Service* - DCFS2K
.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 06:48:56 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-12-01 06:03:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 22:18:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 22:19:07
ComboFix-quarantined-files.txt 2008-01-09 03:18:53
ComboFix2.txt 2008-01-09 01:23:16
ComboFix3.txt 2008-01-07 15:41:39
ComboFix4.txt 2008-01-07 14:43:05
ComboFix5.txt 2008-01-06 23:36:32
.
2007-12-06 01:14:19 --- E O F ---
julie0527
Regular Member
 
Posts: 22
Joined: November 30th, 2007, 8:35 am

Re: Ready for next step

Unread postby julie0527 » January 8th, 2008, 11:45 pm

Tried starting it normally and it is still flashing black w/what looks like lines flashing on the screen and it locked up.

DSS main:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-01-08 22:35:30
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-08 22:37:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ProxyReset Class - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINDOWS\SYSTEM32\ahiehelp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Tgcmd] "c:\@Home\tioga\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: NkbMonitor.exe.lnk = ?
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} () - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} () - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/ ... mv9VCM.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} () - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applica ... uncher.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se2895.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/Conn ... uncher.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/fl ... rashim.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/ww ... LENT_2.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ ... oupons.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/co ... ontrol.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://198.99.241.129/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_6us.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma ... der_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/ ... uncher.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/ ... 0.0.10.cab?
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\McAfee\MWL\MwlSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\SYSTEM32\ScsiAccess.EXE


--
End of file - 13114 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
S3 catchme - c:\docume~1\matthew\locals~1\temp\catchme.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S2 PDUiP6000DMemCrdMgr (Canon PIXMA iP6000D Memory Card Manager) - c:\program files\canon\memory card utility\pixma ip6000d\pduip6000dmemcrdmgr.exe <Not Verified; CANON INC.; Memory Card Utility>
S2 ptssvc - c:\program files\kodak\kodak picture transfer software\ptssvc.exe <Not Verified; KODAK; KODAK PTS service>
S2 ScsiAccess - c:\windows\system32\scsiaccess.exe
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-01 01:03:01 360 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-11-15 01:48:56 268 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2007-12-08 and 2008-01-08 -----------------------------

2008-01-07 20:52:17 0 d-------- C:\WINDOWS\LastGood
2008-01-07 20:34:41 0 d-------- C:\WINDOWS\ERUNT
2008-01-06 16:38:22 0 d--hs---- C:\WINDOWS\CSC
2007-12-19 11:33:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nova Development
2007-12-19 11:10:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2007-12-18 23:33:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-12-18 23:33:48 0 d--hs---- C:\WINDOWS\ftpcache
2007-12-18 23:29:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-18 23:29:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-01-06 18:01:10 0 d-------- C:\Program Files\Common Files
2007-12-30 23:40:24 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2007-12-30 23:40:24 288 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2007-12-30 21:00:49 0 d-------- C:\Program Files\Quicken
2007-12-02 23:21:33 0 d-------- C:\Program Files\McAfee
2007-12-02 23:21:33 0 d-------- C:\Program Files\Common Files\McAfee
2007-11-29 16:49:16 0 d-------- C:\Program Files\EsetOnlineScanner
2007-11-29 13:09:44 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-29 05:18:41 126 --a------ C:\WINDOWS\resetRefreshForAppCatalog() -
2007-11-26 06:17:16 656 --a------ C:\WINDOWS\x·
2007-11-13 11:25:33 1135 --a------ C:\WINDOWS\Cº
2007-11-09 20:42:42 529 --a------ C:\WINDOWS\ټ
2007-11-09 20:38:22 1185 --a------ C:\WINDOWS\i½
2007-11-09 20:38:22 556 --a------ C:\WINDOWS\#½
2007-11-08 20:42:42 653 --a------ C:\WINDOWS\+½
2007-11-08 20:38:22 556 --a------ C:\WINDOWS\0½
2007-11-07 20:38:22 556 --a------ C:\WINDOWS\$½
2007-11-06 23:52:42 126 --a------ C:\WINDOWS\connectedToInternet() -
2007-11-06 13:46:14 126 --a------ C:\WINDOWS\ÿÁ
2007-10-25 22:16:28 556 --a------ C:\WINDOWS\15 PM Eastern Daylight Time
2007-10-25 21:23:00 656 --a------ C:\WINDOWS\ɵ
2007-10-25 21:18:00 529 --a------ C:\WINDOWS\12 PM Eastern Daylight Time
2007-10-22 14:00:50 655 --a------ C:\WINDOWS\`½
2007-10-21 16:10:50 1136 --a------ C:\WINDOWS\Œ½
2007-10-20 15:10:52 1666 --a------ C:\WINDOWS\†½
2007-10-20 15:06:35 1666 --a------ C:\WINDOWS\C½
2007-10-20 15:06:35 1162 --a------ C:\WINDOWS\B½
2007-10-20 04:05:50 126 --a------ C:\WINDOWS\¾


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/06/2003 02:16 PM]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 05:24 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [09/15/2003 01:00 AM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [10/29/2002 10:18 AM]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [09/30/2002 02:00 AM]
"CTHelper"="CTHELPER.EXE" [02/20/2003 05:45 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [08/04/2004 02:56 AM C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/13/2003 11:27 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 08:47 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/06/2003 11:05 AM]
"Tgcmd"="c:\@Home\tioga\bin\tgcmd.exe" [03/10/2000 06:59 PM]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [05/02/2003 07:46 PM]
"nwiz"="nwiz.exe" [10/06/2003 02:16 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [01/20/2004 11:45 AM]
"PDUiP6000DMon"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe" [05/31/2004 01:26 PM]
"PDUiP6000DTskbr"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe" [05/28/2004 09:29 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2005 05:52 PM]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [08/23/2005 08:36 AM]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [08/23/2005 08:22 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 10:46 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/14/2006 08:47 PM]
"Motive SmartBridge"="C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [07/06/2007 07:00 AM]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [07/12/2006 11:44 AM]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [07/28/2007 09:32 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 2:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/8/2006 5:36:15 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
DESKTOP.INI [9/3/2002 2:36:04 PM]
Forget Me Not.lnk - C:\Program Files\Mindscape\CreataParty\PMREMIND.EXE [10/10/2005 8:24:47 PM]
Gomez PEER.lnk - C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe [3/14/2004 4:19:25 PM]
Kodak EasyShare software.lnk - C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [9/18/2003 10:47:10 AM]
KODAK Software Updater.lnk - C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [6/8/2003 5:48:18 PM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [12/11/2005 6:03:15 PM]
Virtual Assistant.lnk - C:\Program Files\Virtual Assistant\bin\matcli.exe [12/21/2006 4:11:39 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - DCFS2K



-- End of Deckard's System Scanner: finished at 2008-01-08 22:37:54 ------------

------------------------------------------------------------------------------------------
DSS extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1022.99 MiB / 652.69 MiB
Pagefile Memory (total/avail): 2461.35 MiB / 2246.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.32 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.73 GiB total, 29.3 GiB free.
D: is CDROM (CDFS)
E: is Fixed (FAT32) - 19.39 GiB total, 0.04 GiB free.
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - Maxtor 6E020L0 - 19.41 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 19.4 GiB - E:

\\.\PHYSICALDRIVE1 - ST3120026AS - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 111.73 GiB - C:

\\.\PHYSICALDRIVE2 - KINGSTON USB DRIVE USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 243.98 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=12.223.4.9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\12.223.4.9
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=12.223.4.9
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Julie (admin)
Matthew (admin)
Melissa (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
--> C:\PROGRA~1\VIRTUA~1\Uninstall.exe Sprint
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
@Home Components --> C:\@Home\Log\UNWISE.EXE C:\@Home\Log\INSTALL.LOG
@Home/Support.com Agent --> "c:\@Home\tioga\bin\tgfix.exe" /rm /nq
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
American Greetings CreataParty! --> C:\WINDOWS\IsUninst.exe -f"c:\Program Files\Mindscape\CreataParty\Uninst.isu"
American Greetings® Art & More Store --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mindscape\Art & More Store\Uninst.isu"
Andale Lister Pro --> C:\PROGRA~1\ANDALE~1\UNWISE.EXE C:\PROGRA~1\ANDALE~1\INSTALL.LOG
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
Bejeweled Deluxe 1.862 --> C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{093625E3-7B87-49D3-AA53-AD0FCFABAF49}
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP6000D --> C:\WINDOWS\System32\CNMCP69.exe "-PRINTERNAMECanon PIXMA iP6000D" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP6000D Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP6000D Installer\Inst2\cnmi0409.dll"
Canon PIXMA iP6000D Memory Card Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35F768BD-330E-4A2C-89C5-A38B588AF08D}\setup.exe" /PDUUninstall
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities File Viewer Utility 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Casino Tropez --> "C:\WINDOWS\Casino Tropez Setup.exe" /uninstall
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
DA920EN --> MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Delta Force - Black Hawk Down --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FE54D21-8254-4CCF-AEE0-066496AE43F4}\setup.exe" -l0x9 -uninst
DesignCAD 3D Max --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0446B5F3-A156-11D5-8C1F-00A0CC78A0AC}\Setup.exe" -l0x9 -uninst
Desktop Weather by The Weather Channel --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSstore --> MsiExec.exe /I{6016734B-42A7-4AEB-9248-1D1E4F69AB52}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
FP3 Player --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{44170B31-F47A-4FF9-9D77-382D1FE2A728}
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GomezPEER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{123FFE67-B1F1-4125-90E2-389485B9F842}\Setup.exe" -l0x9
Intel Application Accelerator RAID Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -INTELUNINST
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
IntelliMover --> MsiExec.exe /X{B6751A10-2389-4AEF-870A-4DD925F48733}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{24960CD0-661D-4957-9D5F-D2905A30EDB1}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
John Deere American Builder Deluxe --> "C:\Program Files\John Deere American Builder Deluxe\unins000.exe"
John Deere American Farmer TM v1.0 --> "C:\Program Files\John Deere American Farmer\unins000.exe"
Kazaa 3.2.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC8923CA-D7F5-46E4-98BB-E083E6E1C40D}\Setup.exe" -l0x9 --AddRemove
Keynote Connector --> C:\WINDOWS\DOWNLO~1\CONNEC~1.EXE /Uninstall
KODAK EASYSHARE Gallery Upload ActiveX Control --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\Downloaded Program Files\axofupld.inf, Uninstall
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_1ccea2\Setup.exe /APR-REMOVE
KODAK Memory Albums --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A8F1CA0-9085-11D4-B869-0050DA73F204}\Setup.exe"
KODAK Picture Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51661BCF-F22A-11D4-82B4-00500494EF5C}\setup.exe"
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LeadTool --> MsiExec.exe /I{050ED764-D5FD-4D33-8FCD-AC48250C0798}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech G-series Keyboard Software --> MsiExec.exe /X{0AE04A46-AA6D-430F-AE18-ACE1D5E59C0F}
Magic 3D Coloring Book Amazing Animals --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM and Crayola\Amazing Animals\Uninst.isu"
Mahjongg Towers --> C:\WINDOWS\iun6002.exe "C:\Program Files\Mahjongg Towers\irunin.ini"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MGI PhotoSuite II SE (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite II\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite II\Uninst.isu" -y -c"C:\Program Files\MGI\MGI PhotoSuite II\System\CustomUninstall.dll"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
MyPublisher BookMaker --> C:\WINDOWS\System32\MypubUninstaller.exe
NetDiag --> C:\WINDOWS\IsUninst.exe -fC:\@Home\Tools\DeIsL1.isu
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
PartyPoker --> c:\program files\tmpUpgrade\..\UnGins.exe "c:\program files\tmpUpgrade\..\install.log"
PCDADDIN --> MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP --> MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCDrdsho --> MsiExec.exe /I{C42C10A8-F2F4-4846-B772-ABD1912A2E85}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photo Explosion Deluxe --> MsiExec.exe /X{5360DF11-A876-460B-9953-6817AA2BF9D5}
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Picaboo 1.8.214 --> MsiExec.exe /I{2973D09C-3DCD-43E5-88ED-54B052DAF75F}
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PictureProject In Touch 1.0 --> C:\Program Files\Nikon\PictureProject In Touch\uninst.exe
PictureProject In Touch Downloader 1.0 --> C:\Program Files\PictureProject In Touch Downloader\uninst.exe
Poker Superstars 2 --> "C:\Program Files\Oberon Media\Poker Superstars 2\Uninstall.exe" "C:\Program Files\Oberon Media\Poker Superstars 2\install.log"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Restaurant Empire --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC255660-F987-41C8-8416-7376305A3FE5}\setup.exe" -l0x9 -uninst
Retribution --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\STARCR~1\maps\RETRIB~1\Uninst.isu
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Secure Delivery --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\kdx\kdx.inf,DefaultUninstall,5
Secure Game Player --> C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\INSTALL.LOG
Shutterfly Studio --> C:\Program Files\Shutterfly\Studio\SFlyStudioUninstall.exe
SimCity 3000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu"
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Sound Blaster Audigy 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\setup.exe" -l0x9
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Squad Leader --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microprose\Squad Leader\Uninst.isu"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Stronghold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97A19679-4C07-4B34-8ACB-D5565C3440FC}\setup.exe" -l0x9
The Sims --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\The Sims\Uninst.isu"
Turbo Lister --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99CC78D1-2356-497C-84C1-F239884001EC}
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
USB MassStorage CardReader --> C:\Program Files\Kodak\040a_5005\Remove.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Assistant --> C:\WINDOWS\Motive\Sprint\MCCUninst.exe
Weather Services --> C:\WINDOWS\System32\control.exe C:\WINDOWS\System32\wxfw.cpl,4
WebIQ Client Software --> C:\WINDOWS\System32\WebIQInstall.exe /u
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wondershare Photo Collage Studio (1.4.2.0) --> "C:\Program Files\Wondershare\Photo Collage Studio\unins000.exe"
Yahoo! Photos Easy Upload Tool 1v6 --> C:\WINDOWS\System32\regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\YDropper.dll"


-- Application Event Log -------------------------------------------------------

Event Record #/Type11778 / Error
Event Submitted/Written: 01/08/2008 08:25:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3231, fault address 0x0003b5ce.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type11775 / Error
Event Submitted/Written: 01/08/2008 03:09:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3231, fault address 0x0000e23f.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type11774 / Error
Event Submitted/Written: 01/07/2008 09:05:33 PM
Event ID/Source: 2004 / PerfNet
Event Description:
Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Event Record #/Type11767 / Error
Event Submitted/Written: 01/07/2008 04:17:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3231, fault address 0x0003b5ce.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type11766 / Error
Event Submitted/Written: 01/07/2008 11:08:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3231, fault address 0x0003b5ce.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19899 / Error
Event Submitted/Written: 01/08/2008 10:33:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type19898 / Error
Event Submitted/Written: 01/08/2008 10:32:57 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type19897 / Error
Event Submitted/Written: 01/08/2008 10:32:39 PM
Event ID/Source: 10001 / DCOM
Event Description:
Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%%233"
Happened while starting this command:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe -Embedding

Event Record #/Type19896 / Error
Event Submitted/Written: 01/08/2008 10:31:27 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type19895 / Error
Event Submitted/Written: 01/08/2008 10:09:39 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-01-08 22:37:54 ------------

_________________________________________________________________________
Bingo! Should we uninstall IE and reinstall it? Sorry that we are so clueless. We REALLY appreciate your help!

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:32 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.excite.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ProxyReset Class - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINDOWS\System32\AHIEHelp.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Tgcmd] "c:\@Home\tioga\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3192319433-4067009964-1200344768-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Matthew')
O4 - HKUS\S-1-5-21-3192319433-4067009964-1200344768-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Matthew')
O4 - HKUS\S-1-5-21-3192319433-4067009964-1200344768-1007\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" (User 'Matthew')
O4 - S-1-5-21-3192319433-4067009964-1200344768-1007 Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'Matthew')
O4 - S-1-5-21-3192319433-4067009964-1200344768-1007 Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe (User 'Matthew')
O4 - S-1-5-21-3192319433-4067009964-1200344768-1007 User Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'Matthew')
O4 - S-1-5-21-3192319433-4067009964-1200344768-1007 User Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe (User 'Matthew')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Mindscape\CreataParty\PMREMIND.EXE
O4 - Global Startup: Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.excite.com/
O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applica ... uncher.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se2895.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/Conn ... uncher.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/ww ... LENT_2.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ ... oupons.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/co ... ontrol.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://198.99.241.129/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_6us.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma ... der_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/ ... uncher.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/ ... 0.0.10.cab?
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

--
End of file - 13217 bytes
julie0527
Regular Member
 
Posts: 22
Joined: November 30th, 2007, 8:35 am

Re: Ready for next step

Unread postby Katana » January 9th, 2008, 8:52 am

Do you know what these folders are ?
2007-11-26 06:17:16 656 --a------ C:\WINDOWS\x·
2007-11-13 11:25:33 1135 --a------ C:\WINDOWS\Cº
2007-11-09 20:42:42 529 --a------ C:\WINDOWS\ټ
2007-11-09 20:38:22 1185 --a------ C:\WINDOWS\i½
2007-11-09 20:38:22 556 --a------ C:\WINDOWS\#½
2007-11-08 20:42:42 653 --a------ C:\WINDOWS\+½
2007-11-08 20:38:22 556 --a------ C:\WINDOWS\0½
2007-11-07 20:38:22 556 --a------ C:\WINDOWS\$½
2007-11-06 23:52:42 126 --a------ C:\WINDOWS\connectedToInternet() -
2007-11-06 13:46:14 126 --a------ C:\WINDOWS\ÿÁ
2007-10-25 22:16:28 556 --a------ C:\WINDOWS\15 PM Eastern Daylight Time
2007-10-25 21:23:00 656 --a------ C:\WINDOWS\ɵ
2007-10-25 21:18:00 529 --a------ C:\WINDOWS\12 PM Eastern Daylight Time
2007-10-22 14:00:50 655 --a------ C:\WINDOWS\`½
2007-10-21 16:10:50 1136 --a------ C:\WINDOWS\Œ½
2007-10-20 15:10:52 1666 --a------ C:\WINDOWS\†½
2007-10-20 15:06:35 1666 --a------ C:\WINDOWS\C½
2007-10-20 15:06:35 1162 --a------ C:\WINDOWS\B½
2007-10-20 04:05:50 126 --a------ C:\WINDOWS\¾


Kaspersky Online Scanner .
Use Firefox, if it won't work let me know.
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Ready for next step

Unread postby julie0527 » January 9th, 2008, 2:28 pm

We don't know what those folders are. If the times/dates are correct on them, then we were sleeping for the majority of the time.

The scan results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 09, 2008 1:25:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/01/2008
Kaspersky Anti-Virus database records: 504809
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 248761
Number of viruses found: 22
Number of infected objects: 285
Number of suspicious objects: 2
Duration of the scan process: 02:08:20

Infected Object Name / Virus Name / Last Action
C:\40a6c9cf92abaec075\sp2\update\update.exe Object is locked skipped
C:\8caa4f2fba917480f09e2bd9a729d268\sp2\update\update.exe Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23cde21c13e46b7cdd97b4529a6d04df_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\770c65a9488815dc125cbc91bea48529_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a99169f5b41e47fe3e8e25e274ec0ec5_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c36be7ad2f8b82bf621f5d32dbd166ac_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip/asmend.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip/upwlwlml.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartPops.zip/RH.exe Infected: not-a-virus:AdWare.Win32.SmartPops.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartPops.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartPops1.zip/RH.DLL Infected: not-a-virus:AdWare.Win32.SmartPops.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartPops1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\hsperfdata_Matthew\2124 Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\ZumaSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\acbsmprl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ardjfeyu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bdiiordw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bdrfbcdu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cmybudfd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cpeyeajl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dthtsukq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dxkoscma.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\esanaxvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fprnbxte.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gbgdwpau.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hhvadehk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iaxgfsse.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iucscqfx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jcflpkxd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jofdkfsy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jyvppkgt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kjmytrdv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\klovdqaa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kvhoqsqq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lnlblkjp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lqtvxnna.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lxjwknap.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mclyibqg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\moauokmt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nikblfqo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\obrvvqrd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\obytreeb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\opoijthb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\orqygtfw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pffiivox.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pxxxnwib.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qfubefvc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qhjkyfqe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rbyridwa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\revsoame.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rsbyuiol.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rufvjyab.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\syibleni.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tbveodem.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tktirhac.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\udyjkssi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vablmsix.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\veyvmpqh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\viqjcift.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vygjicie.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vyimocxi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wekfxsau.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wewbhqum.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wtfmqged.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wxeuyqje.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xhsxuiff.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ydqwvvtk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\catchme2008-01-07_ 93609.64.zip/d3dx9_2.dll Infected: Trojan.Win32.BHO.abo skipped
C:\QooBox\Quarantine\catchme2008-01-07_ 93609.64.zip/iowacykc.dat Infected: Trojan.Win32.Agent.cid skipped
C:\QooBox\Quarantine\catchme2008-01-07_ 93609.64.zip ZIP: infected - 2 skipped
C:\SDFix\backups\backups.zip/backups/d3dx9_2.10 Infected: Trojan.Win32.BHO.yr skipped
C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\cpbrkpie.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\d3dx9_2.1 Infected: Trojan-Spy.Win32.BZub.btd skipped
C:\WINDOWS\SYSTEM32\DRIVERS\hmeewwyk.dat Infected: Trojan.Win32.Agent.cid skipped
C:\WINDOWS\SYSTEM32\DRIVERS\iowacykc.sys Infected: Rootkit.Win32.Agent.iy skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_iwaKb4cqdswcUvc Object is locked skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\A3.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ACYPKEDR.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ADSLD.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ADSN.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ADSND.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\AFOMBYLE.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\AJBYUCSE.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\AJIUWTMN.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\AJTIWBS.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ATMLI.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\AVICA.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\AVXBRJNI.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BDIIORD.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BHOFTBUH.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BIBHCVNO.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BJKHTVUC.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BKLULAXK.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BKWJAPFF.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BPDEIPGF.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\bpggtluh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BQTFEVKR.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BRNOVEUJ.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BROMXHIC.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BROWSE.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BTHC.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\BTYYBVYB.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CGCQUJRC.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CKMADMLD.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CKSRSCET.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CMCFG3.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CNJYRCNY.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CNMLM6.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CONSOL.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CPEYEAJ.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\cqowstgh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CTDPROX.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CTMEDEN.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\CTOSUSE.0LL Infected: Trojan-Dropper.Win32.Agent.bxm skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\cvufvasj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\D3D8TH.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\D3DR.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\d3dx9_2.11 Infected: Trojan-Downloader.Win32.Delf.dbo skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DAKJTQGF.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DBGHEL.0LL Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DCEIDMCW.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DDIIPAPX.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DEDICWIG.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DFFJXHCE.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DGTMPRNV.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DHBAJFIB.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DHULRBCM.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DLPWEXAO.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DMFPNTMX.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DMTUIKYL.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DNBOUAXO.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DNLHGALH.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DNPFDPBJ.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DPCUETXY.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DQHPUYDB.0LL Infected: Trojan.Win32.BHO.hj skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DUTFJJKX.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DYOFSJST.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\EACKWXQR.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\EFAUGRXJ.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\EJOHYADK.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\EMGWTKVC.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\enpvread.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\EQXYAKSX.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\EWDNECWI.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\FBUPQUET.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\FIMILHLD.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\FKCTXGEK.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\FMVPHYFU.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\FNPXBDPA.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\FOXDOGLE.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\fybopbkg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\GBXQVOJQ.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\GLFXVOSQ.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\GTFQLXOR.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\GWSOSXSW.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\GXINAMPX.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\hamjmuqg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\HBGEAOMD.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\HCVESQER.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\HEHGIKHC.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\HNIQOLHK.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\HNNVQCKV.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\HRQLEYUK.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ILGDQHQY.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\IMSXTBHK.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\INYVEDJP.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\JAHNYAYL.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\JAYACIGU.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\JCPBXLMI.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\JGMRJHUU.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\JKDYERWL.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\JNWXRCWX.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\JQWEEVYN.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\KBCRYHBW.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\KCJWGBXU.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\KCYDIGLT.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\KOSNSXMN.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\KPNFOSUI.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\kskfhhqg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\KSMRHCTD.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\KVGCXOJD.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\LESMTRQS.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\LFOOGUNF.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\LGUOEOUN.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\LJOWSFHG.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\lxjygbrm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\MHKYHRPU.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\MMWDNKFQ.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\MSXJVBTE.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\muxgcjtq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\NEVRRUHG.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\NIUOGRKJ.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\NMJDNTXN.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\NOYKBQWP.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\NPSPFJDU.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\NQDMVTVS.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\NREETITT.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\NSUEIQAS.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\OIPBOVQK.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ORRABPCF.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ORVMPEHP.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\OVWGTQAT.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PEITOHKX.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PFORILOC.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PGCNCGOK.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PGINAADV.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PHCIMYRD.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PKFMJUOG.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PMBBAREW.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PQBMXQQL.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PUEWBBOL.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PURYUKWD.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PXEVUDRO.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\PXUWFAKR.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QBQMVUWQ.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QJGDBASM.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QLRCLLGW.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QNPECMLR.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QNPGUBIA.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QOWTAOGV.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QPTREWHG.0LL Infected: Trojan.Win32.BHO.bw skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\qrwksbpe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QURYURYQ.0LL Infected: Trojan.Win32.BHO.bw skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QVNWEJXV.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\QXCBPWWX.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\RBRNIOOW.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\rcvwvtrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\RFSGHWCW.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\RJJYMAXI.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\RMODASBH.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\rowthwjg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\RQENJDLK.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\rtmcvrgk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\RXDIITCD.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\RYJGFCTV.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\SCUWVDLY.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\SEGPWGIO.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\SHAQSUWK.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\STUMYUQT.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\SXSUDHUF.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TAAWFBRD.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TBQTEDDL.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TCHWUPXA.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TDLGOLSN.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TIGNLUVJ.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TKKILDIS.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TNXQEYHP.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TQCELJBC.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TTFJHROT.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TWGNGGTC.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\TWTPLUDA.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\UAJUWBSA.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\UASXVWWT.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ubhpwagt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\UCKXROGC.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\UDDWHLXY.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\UFSJARYY.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\UQSHQMPJ.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\USCCFQNV.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\UTVQRRSG.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\vbrjhsob.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\VCJUKORQ.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\VCNAUGDW.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\VCOGHMJC.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\voospell.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\vymjcoil.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WCVRLIQJ.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WDIFRVFG.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WHLDMHBT.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WHLXWSEL.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WLQFHNAP.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WPFLHIDE.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WQJJPCYG.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WRWLXCYP.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WVJHFNAX.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\WYLJVQIW.0LL Infected: Trojan.Win32.BHO.hj skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\XASMIEXP.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\XDUQCJKG.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\xlfmkhfl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\XOLJOLQA.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\xtbndrad.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\XXJMVATI.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\YASLXQLF.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\YCWXIGIX.0LL Infected: Trojan.Win32.BHO.bd skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\YFACCNNA.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\YFWSFVFL.0XE Infected: Trojan.Win32.Agent.aoy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ygdwdlqe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\YPOGGOTH.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\YRAWEMXB.0XE Infected: Trojan-Dropper.Win32.Agent.bmk skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\DRIVERS\HMEEWWYK.0YS Infected: Trojan.Win32.BHO.gy skipped
F:\_OTMoveIt\MovedFiles\WINDOWS\Downloaded Program Files\CONFLICT.1\UGA6P_0001_N122M2210NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

Scan process completed.
julie0527
Regular Member
 
Posts: 22
Joined: November 30th, 2007, 8:35 am

Re: Ready for next step

Unread postby Katana » January 9th, 2008, 4:35 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    DirLook::
    C:\Windows\xú
    C:\Windows\C§
    C:\Windows\Y§
    C:\Windows\i«
    C:\Windows\#«
    C:\Windows\+«
    C:\Windows\0«
    C:\Windows\$«
    C:\Windows\connectedToInternet() -
    C:\Windows\˜µ
    C:\Windows\15 PM Eastern Daylight Time
    C:\Windows\æ
    C:\Windows\12 PM Eastern Daylight Time
    C:\Windows\`«
    C:\Windows\O«
    C:\Windows\Å«
    C:\Windows\C«
    C:\Windows\B«
    C:\Windows\ó
    
    File::
    C:\Downloads\ZumaSetup-dm[1].exe
    C:\WINDOWS\cpbrkpie.ocx
    C:\WINDOWS\SYSTEM32\d3dx9_2.1
    C:\WINDOWS\SYSTEM32\DRIVERS\hmeewwyk.dat
    C:\WINDOWS\SYSTEM32\DRIVERS\iowacykc.sys
    
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Ready for next step

Unread postby julie0527 » January 9th, 2008, 4:57 pm

ComboFix 08-01-08.2 - Administrator 2008-01-09 15:48:07.7 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.657 [GMT -5:00]
Running from: F:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

FILE
C:\Downloads\ZumaSetup-dm[1].exe
C:\WINDOWS\cpbrkpie.ocx
C:\WINDOWS\SYSTEM32\d3dx9_2.1
C:\WINDOWS\SYSTEM32\DRIVERS\hmeewwyk.dat
C:\WINDOWS\SYSTEM32\DRIVERS\iowacykc.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Downloads\ZumaSetup-dm[1].exe
C:\WINDOWS\cpbrkpie.ocx
C:\WINDOWS\SYSTEM32\d3dx9_2.1
C:\WINDOWS\SYSTEM32\DRIVERS\hmeewwyk.dat
C:\WINDOWS\SYSTEM32\DRIVERS\iowacykc.sys

.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-09 11:01 . 2008-01-09 11:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-09 11:01 . 2008-01-09 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-08 23:03 . 2008-01-08 23:03 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-08 22:52 . 2008-01-08 22:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-08 22:31 . 2008-01-08 22:31 <DIR> d-------- C:\Deckard
2008-01-07 20:34 . 2008-01-07 20:34 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-06 17:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-19 11:33 . 2007-12-19 11:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nova Development
2007-12-19 11:33 . 2007-12-19 11:33 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-19 11:10 . 2007-12-19 11:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2007-12-18 23:33 . 2007-12-18 23:33 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-18 23:29 . 2007-12-18 23:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-18 23:28 . 2007-12-19 11:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 01:07 . 2007-12-17 01:07 129 --a------ C:\Shortcut to CD Drive.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 02:00 --------- d-----w C:\Program Files\Quicken
2007-12-03 04:21 --------- d-----w C:\Program Files\McAfee
2007-12-03 04:21 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-03 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-30 01:18 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-29 21:49 --------- d-----w C:\Program Files\EsetOnlineScanner
2007-11-29 19:31 --------- d-----w C:\Documents and Settings\Matthew\Application Data\McAfee
2007-11-29 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-29 14:00 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-29 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2007-11-28 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-21 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-11 05:57 96,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-11 05:57 617,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-11 05:57 55,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-11 05:57 532,480 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-10-11 05:57 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-11 05:57 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-10-11 05:57 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-10-11 05:57 251,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-10-11 05:57 205,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-11 05:57 16,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-10-11 05:57 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2006-12-21 20:54 14,201 ----a-w C:\Program Files\INSTALL.LOG
2005-09-14 13:24 33,280 ----a-w C:\Program Files\EndProcess.exe
2004-04-21 03:55 1,760,378 ----a-w C:\Program Files\aaw6.exe
2004-03-14 22:48 2,800,777 ----a-w C:\Program Files\aucmak2.exe
2004-03-14 21:18 19,296,636 ----a-w C:\Program Files\PEERInstall.exe
2004-02-08 18:30 10 ----a-w C:\Program Files\Notes.txt
2004-02-08 18:07 336 ----a-w C:\Program Files\announce.txt
2004-02-07 03:26 5,864 ----a-w C:\Program Files\client.ini
2004-01-28 15:47 1,800 ----a-w C:\Program Files\TabConfig.txt
2004-01-08 20:24 41 ----a-w C:\Program Files\RemoveGlobalMsg.txt
2004-01-08 20:23 205 ----a-w C:\Program Files\ResendGlobalMsg.txt
2004-01-05 01:46 3,371,040 ---h--r C:\Documents and Settings\Matthew\SYSTEM.DAT
2004-01-05 01:45 831,520 ---h--r C:\Documents and Settings\Matthew\USER.DAT
2004-01-05 01:45 3,833,888 ---h--r C:\Documents and Settings\Matthew\CLASSES.DAT
2003-07-03 23:13 498 ----a-w C:\Documents and Settings\Matthew\eReg.dat
2003-05-26 23:17 30 ----a-w C:\Documents and Settings\Matthew\INTURS.DAT
2003-05-13 18:20 8,224 ----a-w C:\Documents and Settings\Matthew\Application Data\GDIPFONTCACHEV1.DAT
2003-05-09 04:45 19,281 ----a-w C:\Documents and Settings\Matthew\War3Unin.dat
2003-05-04 04:41 11,310 ----a-w C:\Documents and Settings\Matthew\scunin.dat
2003-05-03 17:03 1,536 ----a-w C:\Documents and Settings\Matthew\TrueSoft.dat
2003-05-01 22:32 163,872 ---h--r C:\Documents and Settings\Matthew\HWINFO.DAT
2003-02-28 21:35 6,550 ----a-w C:\Documents and Settings\Matthew\JAUTOEXP.DAT
2002-06-14 17:33 96,256 ----a-w C:\Program Files\UnGins.exe
2002-05-24 06:49 679,936 ----a-w C:\Program Files\libeay32.dll
2002-05-24 06:49 147,456 ----a-w C:\Program Files\ssleay32.dll
2002-05-23 11:25 147,728 ----a-w C:\Program Files\ASYCFILT.DLL
2001-11-29 19:58 456 ----a-w C:\Documents and Settings\Matthew\PTHSP.DAT
1999-06-22 05:45 57,344 ----a-w C:\Program Files\Zlib.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Windows\ó ----

C:\Windows\ó\

---- Directory of C:\Windows\#« ----

C:\Windows\#«\

---- Directory of C:\Windows\$« ----

C:\Windows\$«\

---- Directory of C:\Windows\`« ----

C:\Windows\`«\

---- Directory of C:\Windows\+« ----

C:\Windows\+«\

---- Directory of C:\Windows\Å« ----

C:\Windows\Å«\

---- Directory of C:\Windows\0« ----

C:\Windows\0«\

---- Directory of C:\Windows\12 PM Eastern Daylight Time ----

C:\Windows\12 PM Eastern Daylight Time\

---- Directory of C:\Windows\15 PM Eastern Daylight Time ----

C:\Windows\15 PM Eastern Daylight Time\

---- Directory of C:\Windows\B« ----

C:\Windows\B«\

---- Directory of C:\Windows\C« ----

C:\Windows\C«\

---- Directory of C:\Windows\C§ ----

C:\Windows\C§\

---- Directory of C:\Windows\connectedToInternet() - ----

C:\Windows\connectedToInternet() -\

---- Directory of C:\Windows\æ ----

C:\Windows\æ\

---- Directory of C:\Windows\i« ----

C:\Windows\i«\

---- Directory of C:\Windows\O« ----

C:\Windows\O«\

---- Directory of C:\Windows\xú ----

C:\Windows\xú\

---- Directory of C:\Windows\˜µ ----

C:\Windows\˜µ\

---- Directory of C:\Windows\Y§ ----

C:\Windows\Y§\


((((((((((((((((((((((((((((( snapshot_2008-01-08_20.22.36.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-08 01:55:45 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-01-09 04:06:25 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-01-08 01:55:45 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-01-09 04:06:25 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2008-01-08 01:55:45 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2008-01-09 04:06:25 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24 86016]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2003-09-15 01:00 126976]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 02:56 11776 C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47 204800]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 11:05 53248]
"Tgcmd"="c:\@Home\tioga\bin\tgcmd.exe" [2000-03-10 18:59 598016]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 19:46 270336]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2004-01-20 11:45 1757184]
"PDUiP6000DMon"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe" [2004-05-31 13:26 57344]
"PDUiP6000DTskbr"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe" [2004-05-28 09:29 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-11 17:52 98304]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2005-08-23 08:36 1110079]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2005-08-23 08:22 188416]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-14 20:47 180269]
"Motive SmartBridge"="C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2007-07-06 07:00 438359]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 11:44 20480]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-07-28 09:32 1279336]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\
Picaboo.lnk - C:\Program Files\Picaboo\Picaboo\PicabooMain.exe [2007-04-04 12:10:52]
PictureProject In Touch.lnk - C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 17:30:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-08 17:36:15]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Forget Me Not.lnk - C:\Program Files\Mindscape\CreataParty\PMREMIND.EXE [2005-10-10 20:24:47]
Gomez PEER.lnk - C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe [2004-03-14 16:19:25]
Kodak EasyShare software.lnk - C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2003-09-18 10:47:10]
KODAK Software Updater.lnk - C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 17:48:18]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-12-11 18:03:15]
Virtual Assistant.lnk - C:\Program Files\Virtual Assistant\bin\matcli.exe [2006-12-21 16:11:39]

S2 ptssvc;ptssvc;C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [2001-08-15 06:43]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2003-07-01 12:51]

*Newly Created Service* - DCFS2K
.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 06:48:56 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-12-01 06:03:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 15:54:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 15:55:26
ComboFix-quarantined-files.txt 2008-01-09 20:55:12
ComboFix2.txt 2008-01-09 03:19:08
ComboFix3.txt 2008-01-09 01:23:16
ComboFix4.txt 2008-01-07 15:41:39
ComboFix5.txt 2008-01-07 14:43:05
.
2007-12-06 01:14:19 --- E O F ---
julie0527
Regular Member
 
Posts: 22
Joined: November 30th, 2007, 8:35 am

Re: Ready for next step

Unread postby Katana » January 9th, 2008, 5:10 pm

Well, it looks like all the malware is taken care of.
Do you still have the same problem in normal mode ?
How old is the machine, have you installed any new software or hardware ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Ready for next step

Unread postby julie0527 » January 9th, 2008, 5:43 pm

Well that's good news, thank you!!

I just tried starting it up normally and it was flashing on the blue screen where you select the user. Once I chose the user it locked up almost immediately.

It's just a few weeks over 3 years old. The only thing I can think of is when it first started flashing I switched my monitor w/my husbands work one but they are both dell. In July we installed McAfee and we can't remember if the download problem started before or after that but it started in July. Around the same time we caught our 4 yr old trying to look at websites.

Then at the end of November or beginning of December it started flashing, gradually got worse over 2-3 days. I changed the hardware acceleration but that was it. We can't think of any hardware or software that we've installed in the past 6 months (Except for backing it up on the external harddrive).

Trying to think of everything we've done. I mistakenly did McAfee's quickclean and deleted my outlook express messages in early December. I tried doing a system restore after that but it wouldn't let me pick a previous date so I was never able to do one. Dell was not much help at the time. I also uninstalled McAfee. We're also getting a low disk space message now.
julie0527
Regular Member
 
Posts: 22
Joined: November 30th, 2007, 8:35 am

Re: Ready for next step

Unread postby Katana » January 9th, 2008, 6:13 pm

If it gradually got worse over a few days, it sounds like it may be the graphics card that has died.

Let me ask a few questions with people who know more about hardware, and I will get back to you.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Ready for next step

Unread postby julie0527 » January 9th, 2008, 6:18 pm

I really really appreciate it. Thank you!!
julie0527
Regular Member
 
Posts: 22
Joined: November 30th, 2007, 8:35 am

Re: Ready for next step

Unread postby Katana » January 10th, 2008, 8:53 am

OK, the general opinion is that it is probably a corrupted driver that is causing the problem.

You need to contact Dell, or visit the website, and find the drivers for the monitor that you are using.
Install the latest driver and see if that helps.

Let me know how you get on.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 322 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware