Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vundo virus + 48hour superantispyware scan? [RESOLVED]

Started by shirleycrabtree , Jan 24 2008 03:31 PM

  • This topic is locked This topic is locked

#1
shirleycrabtree
Posted 24 January 2008 - 03:31 PM

shirleycrabtree

    Member

  • Member
  • PipPip
  • 18 posts
I want to post a hijackthis log because I'm told I have a vundo virus but to do so I've also been running a SUPERAntiSpyware scan.

The problem is the scan's taken 50 hours and counting and I have scanned over 4,500,000 files. Is this normal? It seems to be scanning the same files more than once.

Any help would be appreciated.

Here's the hijack this log while I wait for my scan to finish!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:24, on 24/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Windows\System32\cem.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\AOL\1163708591\ee\aolsoftware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061109
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061109
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {1B1C290C-AC98-4185-9F76-60BC82879F7D} - C:\WINDOWS\system32\certcliq.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {82B84105-CAD7-43B8-9523-EFCCBD27E3E2} - C:\WINDOWS\system32\certcliq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [cem] C:\WINDOWS\system32\cem.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163708591\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [cem] C:\Windows\System32\cem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2778902474-1672239889-419508607-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Rod Stewart')
O4 - HKUS\S-1-5-21-2778902474-1672239889-419508607-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Rod Stewart')
O4 - HKUS\S-1-5-21-2778902474-1672239889-419508607-1006\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (User 'Rod Stewart')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{906964AB-1695-45DD-80C9-9BF3E4A0FC24}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EC02047-24F9-46E5-9FC2-B962E427AAB2}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0055341201084562) (0055341201084562mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\005534~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\Windows\system32\brsvc01a.exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 12883 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 25 January 2008 - 10:27 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
shirleycrabtree
Posted 25 January 2008 - 10:48 AM

shirleycrabtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for the reply.

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:31, on 25/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Windows\System32\cem.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\AOL\1163708591\ee\aolsoftware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061109
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {1B1C290C-AC98-4185-9F76-60BC82879F7D} - C:\WINDOWS\system32\certcliq.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {82B84105-CAD7-43B8-9523-EFCCBD27E3E2} - C:\WINDOWS\system32\certcliq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [cem] C:\WINDOWS\system32\cem.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163708591\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [cem] C:\Windows\System32\cem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2778902474-1672239889-419508607-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Rod Stewart')
O4 - HKUS\S-1-5-21-2778902474-1672239889-419508607-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Rod Stewart')
O4 - HKUS\S-1-5-21-2778902474-1672239889-419508607-1006\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (User 'Rod Stewart')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{906964AB-1695-45DD-80C9-9BF3E4A0FC24}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EC02047-24F9-46E5-9FC2-B962E427AAB2}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0055341201084562) (0055341201084562mcinstcleanup) - Unknown owner - C:\Windows\TEMP\005534~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\Windows\system32\brsvc01a.exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 12734 bytes


Combofix log:

ComboFix 08-01-23.1C - Gary Stewart 2008-01-25 16:36:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.837 [GMT 0:00]
Running from: C:\Users\Gary Stewart\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-25 16:35 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-21 19:57 . 2008-01-22 20:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 19:56 . 2008-01-21 19:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 17:30 . 2008-01-21 17:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-15 23:59 . 2008-01-15 23:59 <DIR> d-------- C:\Program Files\iPod
2008-01-15 23:59 . 2008-01-15 23:59 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-15 23:59 . 2008-01-15 23:59 1,409 --a------ C:\Windows\QTFont.for
2008-01-15 23:58 . 2008-01-15 23:59 <DIR> d-------- C:\Program Files\iTunes
2008-01-15 23:56 . 2008-01-15 23:57 <DIR> d-------- C:\Program Files\QuickTime
2008-01-14 18:52 . 2008-01-14 18:52 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-14 18:52 . 2008-01-14 18:56 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-13 21:24 . 2008-01-13 21:24 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-13 21:24 . 2008-01-13 21:24 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-13 21:24 . 2008-01-13 21:24 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-13 21:24 . 2008-01-13 21:24 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-01-13 21:24 . 2008-01-13 21:24 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-01-13 21:24 . 2008-01-13 21:24 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-01-13 21:24 . 2008-01-13 21:24 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-01-13 21:24 . 2008-01-13 21:24 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-01-13 21:23 . 2008-01-13 21:23 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-01-13 21:23 . 2008-01-13 21:23 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-01-13 21:23 . 2008-01-13 21:23 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-01-13 21:23 . 2008-01-13 21:23 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-01-13 21:23 . 2008-01-13 21:23 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-01-13 21:23 . 2008-01-13 21:23 223,232 --a------ C:\Windows\System32\SLC.dll
2008-01-13 21:23 . 2008-01-13 21:23 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-01-13 21:23 . 2008-01-13 21:23 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-01-13 21:23 . 2008-01-13 21:23 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-01-13 21:23 . 2008-01-13 21:23 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-01-13 21:21 . 2007-09-17 08:07 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2008-01-13 21:21 . 2007-09-17 08:07 753,664 --a------ C:\Windows\System32\nvcplui.exe
2008-01-13 21:21 . 2007-09-17 08:07 413,696 --a------ C:\Windows\System32\nvcpl.cpl
2008-01-13 21:21 . 2007-09-17 08:07 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2008-01-11 03:57 . 2008-01-10 23:32 <DIR> d-------- C:\Windows\Panther
2008-01-11 03:56 . 2006-07-06 11:59 246,784 --------- C:\Windows\System32\drivers\iaStor.sys
2008-01-11 03:56 . 2003-09-05 06:58 70,624 --a------ C:\Windows\System32\drivers\alcaudsl.sys
2008-01-11 03:56 . 2003-09-05 06:58 53,600 --a------ C:\Windows\System32\drivers\alcan5wn.sys
2008-01-11 03:56 . 2003-09-05 06:58 5,607 --a------ C:\Windows\System32\stci.dll
2008-01-11 03:56 . 2003-09-05 06:58 5,280 --a------ C:\Windows\System32\drivers\alcawh.sys
2008-01-11 03:56 . 2003-09-05 06:58 3,968 --a------ C:\Windows\System32\drivers\alcacr.sys
2008-01-11 03:56 . 2008-01-11 03:56 862 --a------ C:\Windows\System32\termcap
2008-01-11 03:48 . 2008-01-11 03:48 <DIR> d--h----- C:\$WINDOWS.~Q
2008-01-11 01:25 . 2008-01-11 01:32 <DIR> d-------- C:\Program Files\Windows Live
2008-01-11 01:25 . 2008-01-11 01:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-10 23:36 . 2008-01-10 23:36 512 --a------ C:\Upgrade_MBR_Fixer_Saved.MBR
2008-01-10 23:17 . 2008-01-10 23:17 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-01-10 23:17 . 2008-01-10 23:17 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-01-10 23:17 . 2008-01-10 23:17 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-01-10 23:16 . 2008-01-10 23:16 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 23:16 . 2008-01-10 23:16 414,208 --a------ C:\Windows\System32\msscp.dll
2008-01-10 23:16 . 2008-01-10 23:16 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-01-10 23:16 . 2008-01-10 23:16 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-10 23:16 . 2008-01-10 23:16 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 23:16 . 2008-01-10 23:16 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 23:16 . 2008-01-10 23:16 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-01-10 23:16 . 2008-01-10 23:16 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 23:16 . 2008-01-10 23:16 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 23:15 . 2008-01-10 23:15 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-01-10 23:15 . 2008-01-10 23:15 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-01-10 23:15 . 2008-01-10 23:15 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-01-10 23:15 . 2008-01-10 23:15 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-01-10 23:15 . 2008-01-10 23:15 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-01-10 23:15 . 2008-01-10 23:15 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-01-10 23:15 . 2008-01-10 23:15 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-01-10 23:15 . 2008-01-10 23:15 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-01-10 23:15 . 2008-01-10 23:15 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-01-10 23:13 . 2008-01-10 23:13 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-01-10 23:13 . 2008-01-10 23:13 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2008-01-10 23:13 . 2008-01-10 23:13 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-01-10 23:12 . 2008-01-10 23:12 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-01-10 23:12 . 2008-01-10 23:12 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-10 23:12 . 2008-01-10 23:12 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-01-10 23:12 . 2008-01-10 23:12 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-10 23:12 . 2008-01-10 23:12 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-01-10 23:12 . 2008-01-10 23:12 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-10 23:12 . 2008-01-10 23:12 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-10 23:12 . 2008-01-10 23:12 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-01-10 23:12 . 2008-01-10 23:12 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-10 23:10 . 2008-01-10 23:10 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-10 23:10 . 2008-01-10 23:10 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-10 23:10 . 2008-01-10 23:10 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-01-10 23:10 . 2008-01-10 23:10 633,856 --a------ C:\Windows\System32\user32.dll
2008-01-10 23:10 . 2008-01-10 23:10 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-01-10 23:10 . 2008-01-10 23:10 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-01-10 23:10 . 2008-01-10 23:10 5,120 --a------ C:\Windows\System32\wmi.dll
2008-01-10 23:10 . 2008-01-10 23:10 2,048 --a------ C:\Windows\System32\tzres.dll
2008-01-10 23:04 . 2007-01-12 16:51 303,104 --a------ C:\Windows\sttray.exe
2008-01-10 23:04 . 2007-01-12 16:52 90,112 --a------ C:\Windows\System32\stacsv.exe
2008-01-10 23:03 . 2007-01-12 16:52 647,680 --a------ C:\Windows\System32\drivers\stwrt.sys
2008-01-10 23:03 . 2007-01-12 16:51 141,824 --a------ C:\Windows\System32\staco.dll
2008-01-10 23:02 . 2007-01-12 16:52 535,552 --a------ C:\Windows\System32\stapo.dll
2008-01-10 23:02 . 2007-01-12 16:51 238,592 --a------ C:\Windows\System32\stapi32.dll
2008-01-10 23:01 . 2008-01-10 23:01 <DIR> d-------- C:\Program Files\SigmaTel
2008-01-10 23:01 . 2006-11-22 20:16 416,256 --a------ C:\Windows\System32\ctapo32.dll
2008-01-10 23:01 . 2006-11-22 20:16 45,568 --a------ C:\Windows\System32\ctppld.dll
2008-01-10 22:56 . 2008-01-10 22:56 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-01-10 22:56 . 2008-01-10 22:56 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-01-10 22:56 . 2008-01-10 22:56 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-01-10 22:56 . 2008-01-10 22:56 43,352 --a------ C:\Windows\System32\wups2.dll
2008-01-10 22:55 . 2008-01-10 22:55 549,720 --a------ C:\Windows\System32\wuapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 10:36 --------- d-----w C:\Program Files\McAfee
2008-01-14 22:04 --------- d-----w C:\Program Files\Roxio
2008-01-14 22:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-13 21:33 174 --sha-w C:\Program Files\desktop.ini
2008-01-13 21:30 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 21:30 --------- d-----w C:\Program Files\Windows Defender
2008-01-13 21:30 --------- d-----w C:\Program Files\Windows Calendar
2008-01-13 21:25 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-13 21:25 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-13 21:25 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-13 21:25 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-13 21:25 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-13 21:25 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-13 21:25 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-13 21:25 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-13 21:25 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-13 21:25 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-13 21:25 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-13 21:25 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-13 21:25 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-13 21:25 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-13 21:25 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-13 21:25 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-13 21:25 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-13 21:25 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-13 21:25 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-13 21:25 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-13 21:25 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-13 21:25 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-13 21:25 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-13 21:25 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-13 21:25 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-13 21:25 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-13 21:25 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-13 21:25 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-13 21:25 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-13 21:25 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-13 21:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-13 21:24 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-13 21:24 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-13 21:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-13 21:22 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-13 21:22 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-13 21:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-13 21:22 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-13 21:22 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-13 21:22 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-13 21:22 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-13 21:22 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-13 21:22 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-01-13 21:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-13 21:22 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-13 21:22 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-13 21:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-13 21:22 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-13 21:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-13 21:22 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-13 21:22 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-13 21:22 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-13 21:22 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-13 21:22 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-11 00:10 --------- d-----w C:\Program Files\Google
2008-01-10 23:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 23:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-10 23:39 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-10 23:29 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 23:11 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-10 23:11 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-10 23:11 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-10 23:11 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-10 23:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-10 23:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-10 23:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-10 23:11 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-10 23:11 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-10 20:39 --------- d-----w C:\Program Files\Windows Plus
2008-01-10 20:39 --------- d-----w C:\Program Files\Wanadoo
2008-01-10 20:39 --------- d-----w C:\Program Files\Viewpoint
2008-01-10 20:39 --------- d-----w C:\Program Files\Tiscali
2008-01-10 20:39 --------- d-----w C:\Program Files\THQ
2008-01-10 20:39 --------- d-----w C:\Program Files\Thomson
2008-01-10 20:39 --------- d-----w C:\Program Files\Symantec
2008-01-10 20:39 --------- d-----w C:\Program Files\SpeedTouch
2008-01-10 20:39 --------- d-----w C:\Program Files\Skype
2008-01-10 20:39 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-10 20:39 --------- d-----w C:\Program Files\RGB
2008-01-10 20:39 --------- d-----w C:\Program Files\Real
2008-01-10 20:39 --------- d-----w C:\Program Files\Point Buy
2008-01-10 20:39 --------- d-----w C:\Program Files\Orange
2008-01-10 20:39 --------- d-----w C:\Program Files\Norton Ghost
2008-01-10 20:39 --------- d-----w C:\Program Files\Nikon
2008-01-10 20:39 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-10 20:39 --------- d-----w C:\Program Files\Microsoft Works
2008-01-10 20:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-10 20:39 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-10 20:39 --------- d-----w C:\Program Files\McAfee.com
2008-01-10 20:39 --------- d-----w C:\Program Files\MAKEMSI Package Documentation
2008-01-10 20:37 --------- d-----w C:\Program Files\LucasArts
2008-01-10 20:37 --------- d-----w C:\Program Files\Learn2.com
2008-01-10 20:37 --------- d-----w C:\Program Files\Java
2007-02-15 22:47 88 --sha-r C:\Windows\System32\294B5CB768.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B1C290C-AC98-4185-9F76-60BC82879F7D}]
2004-08-10 05:00 83968 --a------ C:\WINDOWS\system32\certcliq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82B84105-CAD7-43B8-9523-EFCCBD27E3E2}]
2004-08-10 05:00 83968 --a------ C:\WINDOWS\system32\certcliq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 23:12 1232896]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-24 11:15 50760]
"cem"="C:\Windows\System32\cem.exe" [2008-01-10 00:34 16384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 09:45 8704]
"STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-09-09 16:09 118784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:41 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-13 21:24 1006264]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240]
"cem"="C:\WINDOWS\system32\cem.exe" [2008-01-10 00:34 16384]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"HostManager"="C:\Program Files\Common Files\AOL\1163708591\ee\AOLSoftware.exe" [2006-05-24 11:15 50760]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 16:59 124520]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 04:37 36904]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-18 23:56 185896]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-12 16:51 303104 C:\Windows\sttray.exe]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-11-09 14:43:14 156784]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2007-06-05 18:12:15 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

S2 0055341201084562mcinstcleanup;McAfee Application Installer Cleanup (0055341201084562);C:\Windows\TEMP\005534~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S2 xaheedra;Mouse HID Helper;C:\WINDOWS\System32\svchost.exe [2006-11-02 09:45]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup REG_MULTI_SZ WUDFSvc

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 22:08:07 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 12:29:02 C:\Windows\Tasks\At1.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-01-15 02:11:20 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-05-01 00:00:10 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 16:41:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

? [4008]
? [41688]
? [42244]
? [43160]
? [43276]
? [44064]
? [44104]
? [44148]
? [44164]
? [44204]
? [44340]
? [44480]
? [44812]
? [44920]
? [44932]
? [44952]
? [45004]
? [45032]
? [41536]
? [43116]
? [43188]
? [42524]
? [43036]
? [43272]
? [43256]
? [43752]
? [44232]
? [44744]
? [46532]
? [46916]
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-25 16:42:03
.
2008-01-24 21:36:21 --- E O F ---
  • 0

#4
Rorschach112
Posted 25 January 2008 - 12:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\certcliq.dll"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\system32\certcliq.dll

  • Click Open.
  • Click Post.
Thank you!




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\certcliq.dll
C:\WINDOWS\system32\cem.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {1B1C290C-AC98-4185-9F76-60BC82879F7D} - C:\WINDOWS\system32\certcliq.dll
O2 - BHO: (no name) - {82B84105-CAD7-43B8-9523-EFCCBD27E3E2} - C:\WINDOWS\system32\certcliq.dll
O4 - HKLM\..\Run: [cem] C:\WINDOWS\system32\cem.exe
O4 - HKCU\..\Run: [cem] C:\Windows\System32\cem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\System32\svchost.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
  • 0

#5
shirleycrabtree
Posted 25 January 2008 - 12:41 PM

shirleycrabtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Edit.

Edited by shirleycrabtree, 25 January 2008 - 12:45 PM.

  • 0

#6
shirleycrabtree
Posted 25 January 2008 - 01:01 PM

shirleycrabtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Okay I think all that is done. Here is the result of the VirusTotal scan.


File has already been analysed:
MD5: 10da15933d582d2fedcf705efe394b09
Date: 01.24.2008 13:31:49 (CET) [+1D]
Results: 0/31
Permalink: analisis/a9d1c6db54d8515055125a4e07babbed
  • 0

#7
Rorschach112
Posted 25 January 2008 - 02:19 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix report as well
  • 0

#8
shirleycrabtree
Posted 25 January 2008 - 02:52 PM

shirleycrabtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ComboFix 08-01-23.1C - Gary Stewart 2008-01-25 16:36:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.837 [GMT 0:00]
Running from: C:\Users\Gary Stewart\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-25 16:35 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-21 19:57 . 2008-01-22 20:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 19:56 . 2008-01-21 19:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 17:30 . 2008-01-21 17:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-15 23:59 . 2008-01-15 23:59 <DIR> d-------- C:\Program Files\iPod
2008-01-15 23:59 . 2008-01-15 23:59 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-15 23:59 . 2008-01-15 23:59 1,409 --a------ C:\Windows\QTFont.for
2008-01-15 23:58 . 2008-01-15 23:59 <DIR> d-------- C:\Program Files\iTunes
2008-01-15 23:56 . 2008-01-15 23:57 <DIR> d-------- C:\Program Files\QuickTime
2008-01-14 18:52 . 2008-01-14 18:52 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-14 18:52 . 2008-01-14 18:56 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-13 21:24 . 2008-01-13 21:24 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-13 21:24 . 2008-01-13 21:24 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-13 21:24 . 2008-01-13 21:24 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-13 21:24 . 2008-01-13 21:24 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-01-13 21:24 . 2008-01-13 21:24 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-01-13 21:24 . 2008-01-13 21:24 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-01-13 21:24 . 2008-01-13 21:24 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-01-13 21:24 . 2008-01-13 21:24 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-01-13 21:23 . 2008-01-13 21:23 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-01-13 21:23 . 2008-01-13 21:23 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-01-13 21:23 . 2008-01-13 21:23 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-01-13 21:23 . 2008-01-13 21:23 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-01-13 21:23 . 2008-01-13 21:23 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-01-13 21:23 . 2008-01-13 21:23 223,232 --a------ C:\Windows\System32\SLC.dll
2008-01-13 21:23 . 2008-01-13 21:23 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-01-13 21:23 . 2008-01-13 21:23 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-01-13 21:23 . 2008-01-13 21:23 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-01-13 21:23 . 2008-01-13 21:23 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-01-13 21:21 . 2007-09-17 08:07 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2008-01-13 21:21 . 2007-09-17 08:07 753,664 --a------ C:\Windows\System32\nvcplui.exe
2008-01-13 21:21 . 2007-09-17 08:07 413,696 --a------ C:\Windows\System32\nvcpl.cpl
2008-01-13 21:21 . 2007-09-17 08:07 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2008-01-11 03:57 . 2008-01-10 23:32 <DIR> d-------- C:\Windows\Panther
2008-01-11 03:56 . 2006-07-06 11:59 246,784 --------- C:\Windows\System32\drivers\iaStor.sys
2008-01-11 03:56 . 2003-09-05 06:58 70,624 --a------ C:\Windows\System32\drivers\alcaudsl.sys
2008-01-11 03:56 . 2003-09-05 06:58 53,600 --a------ C:\Windows\System32\drivers\alcan5wn.sys
2008-01-11 03:56 . 2003-09-05 06:58 5,607 --a------ C:\Windows\System32\stci.dll
2008-01-11 03:56 . 2003-09-05 06:58 5,280 --a------ C:\Windows\System32\drivers\alcawh.sys
2008-01-11 03:56 . 2003-09-05 06:58 3,968 --a------ C:\Windows\System32\drivers\alcacr.sys
2008-01-11 03:56 . 2008-01-11 03:56 862 --a------ C:\Windows\System32\termcap
2008-01-11 03:48 . 2008-01-11 03:48 <DIR> d--h----- C:\$WINDOWS.~Q
2008-01-11 01:25 . 2008-01-11 01:32 <DIR> d-------- C:\Program Files\Windows Live
2008-01-11 01:25 . 2008-01-11 01:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-10 23:36 . 2008-01-10 23:36 512 --a------ C:\Upgrade_MBR_Fixer_Saved.MBR
2008-01-10 23:17 . 2008-01-10 23:17 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-01-10 23:17 . 2008-01-10 23:17 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-01-10 23:17 . 2008-01-10 23:17 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-01-10 23:16 . 2008-01-10 23:16 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 23:16 . 2008-01-10 23:16 414,208 --a------ C:\Windows\System32\msscp.dll
2008-01-10 23:16 . 2008-01-10 23:16 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-01-10 23:16 . 2008-01-10 23:16 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-10 23:16 . 2008-01-10 23:16 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 23:16 . 2008-01-10 23:16 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 23:16 . 2008-01-10 23:16 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-01-10 23:16 . 2008-01-10 23:16 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 23:16 . 2008-01-10 23:16 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 23:15 . 2008-01-10 23:15 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-01-10 23:15 . 2008-01-10 23:15 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-01-10 23:15 . 2008-01-10 23:15 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-01-10 23:15 . 2008-01-10 23:15 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-01-10 23:15 . 2008-01-10 23:15 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-01-10 23:15 . 2008-01-10 23:15 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-01-10 23:15 . 2008-01-10 23:15 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-01-10 23:15 . 2008-01-10 23:15 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-01-10 23:15 . 2008-01-10 23:15 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-01-10 23:13 . 2008-01-10 23:13 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-01-10 23:13 . 2008-01-10 23:13 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2008-01-10 23:13 . 2008-01-10 23:13 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-01-10 23:12 . 2008-01-10 23:12 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-01-10 23:12 . 2008-01-10 23:12 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-10 23:12 . 2008-01-10 23:12 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-01-10 23:12 . 2008-01-10 23:12 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-10 23:12 . 2008-01-10 23:12 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-01-10 23:12 . 2008-01-10 23:12 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-10 23:12 . 2008-01-10 23:12 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-10 23:12 . 2008-01-10 23:12 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-01-10 23:12 . 2008-01-10 23:12 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-10 23:10 . 2008-01-10 23:10 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-10 23:10 . 2008-01-10 23:10 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-10 23:10 . 2008-01-10 23:10 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-01-10 23:10 . 2008-01-10 23:10 633,856 --a------ C:\Windows\System32\user32.dll
2008-01-10 23:10 . 2008-01-10 23:10 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-01-10 23:10 . 2008-01-10 23:10 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-01-10 23:10 . 2008-01-10 23:10 5,120 --a------ C:\Windows\System32\wmi.dll
2008-01-10 23:10 . 2008-01-10 23:10 2,048 --a------ C:\Windows\System32\tzres.dll
2008-01-10 23:04 . 2007-01-12 16:51 303,104 --a------ C:\Windows\sttray.exe
2008-01-10 23:04 . 2007-01-12 16:52 90,112 --a------ C:\Windows\System32\stacsv.exe
2008-01-10 23:03 . 2007-01-12 16:52 647,680 --a------ C:\Windows\System32\drivers\stwrt.sys
2008-01-10 23:03 . 2007-01-12 16:51 141,824 --a------ C:\Windows\System32\staco.dll
2008-01-10 23:02 . 2007-01-12 16:52 535,552 --a------ C:\Windows\System32\stapo.dll
2008-01-10 23:02 . 2007-01-12 16:51 238,592 --a------ C:\Windows\System32\stapi32.dll
2008-01-10 23:01 . 2008-01-10 23:01 <DIR> d-------- C:\Program Files\SigmaTel
2008-01-10 23:01 . 2006-11-22 20:16 416,256 --a------ C:\Windows\System32\ctapo32.dll
2008-01-10 23:01 . 2006-11-22 20:16 45,568 --a------ C:\Windows\System32\ctppld.dll
2008-01-10 22:56 . 2008-01-10 22:56 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-01-10 22:56 . 2008-01-10 22:56 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-01-10 22:56 . 2008-01-10 22:56 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-01-10 22:56 . 2008-01-10 22:56 43,352 --a------ C:\Windows\System32\wups2.dll
2008-01-10 22:55 . 2008-01-10 22:55 549,720 --a------ C:\Windows\System32\wuapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 10:36 --------- d-----w C:\Program Files\McAfee
2008-01-14 22:04 --------- d-----w C:\Program Files\Roxio
2008-01-14 22:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-13 21:33 174 --sha-w C:\Program Files\desktop.ini
2008-01-13 21:30 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 21:30 --------- d-----w C:\Program Files\Windows Defender
2008-01-13 21:30 --------- d-----w C:\Program Files\Windows Calendar
2008-01-13 21:25 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-13 21:25 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-13 21:25 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-13 21:25 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-13 21:25 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-13 21:25 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-13 21:25 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-13 21:25 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-13 21:25 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-13 21:25 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-13 21:25 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-13 21:25 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-13 21:25 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-13 21:25 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-13 21:25 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-13 21:25 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-13 21:25 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-13 21:25 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-13 21:25 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-13 21:25 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-13 21:25 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-13 21:25 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-13 21:25 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-13 21:25 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-13 21:25 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-13 21:25 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-13 21:25 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-13 21:25 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-13 21:25 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-13 21:25 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-13 21:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-13 21:24 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-13 21:24 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-13 21:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-13 21:22 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-13 21:22 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-13 21:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-13 21:22 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-13 21:22 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-13 21:22 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-13 21:22 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-13 21:22 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-13 21:22 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-01-13 21:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-13 21:22 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-13 21:22 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-13 21:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-13 21:22 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-13 21:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-13 21:22 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-13 21:22 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-13 21:22 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-13 21:22 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-13 21:22 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-11 00:10 --------- d-----w C:\Program Files\Google
2008-01-10 23:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 23:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-10 23:39 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-10 23:29 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 23:11 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-10 23:11 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-10 23:11 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-10 23:11 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-10 23:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-10 23:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-10 23:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-10 23:11 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-10 23:11 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-10 20:39 --------- d-----w C:\Program Files\Windows Plus
2008-01-10 20:39 --------- d-----w C:\Program Files\Wanadoo
2008-01-10 20:39 --------- d-----w C:\Program Files\Viewpoint
2008-01-10 20:39 --------- d-----w C:\Program Files\Tiscali
2008-01-10 20:39 --------- d-----w C:\Program Files\THQ
2008-01-10 20:39 --------- d-----w C:\Program Files\Thomson
2008-01-10 20:39 --------- d-----w C:\Program Files\Symantec
2008-01-10 20:39 --------- d-----w C:\Program Files\SpeedTouch
2008-01-10 20:39 --------- d-----w C:\Program Files\Skype
2008-01-10 20:39 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-10 20:39 --------- d-----w C:\Program Files\RGB
2008-01-10 20:39 --------- d-----w C:\Program Files\Real
2008-01-10 20:39 --------- d-----w C:\Program Files\Point Buy
2008-01-10 20:39 --------- d-----w C:\Program Files\Orange
2008-01-10 20:39 --------- d-----w C:\Program Files\Norton Ghost
2008-01-10 20:39 --------- d-----w C:\Program Files\Nikon
2008-01-10 20:39 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-10 20:39 --------- d-----w C:\Program Files\Microsoft Works
2008-01-10 20:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-10 20:39 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-10 20:39 --------- d-----w C:\Program Files\McAfee.com
2008-01-10 20:39 --------- d-----w C:\Program Files\MAKEMSI Package Documentation
2008-01-10 20:37 --------- d-----w C:\Program Files\LucasArts
2008-01-10 20:37 --------- d-----w C:\Program Files\Learn2.com
2008-01-10 20:37 --------- d-----w C:\Program Files\Java
2007-02-15 22:47 88 --sha-r C:\Windows\System32\294B5CB768.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B1C290C-AC98-4185-9F76-60BC82879F7D}]
2004-08-10 05:00 83968 --a------ C:\WINDOWS\system32\certcliq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82B84105-CAD7-43B8-9523-EFCCBD27E3E2}]
2004-08-10 05:00 83968 --a------ C:\WINDOWS\system32\certcliq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 23:12 1232896]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-24 11:15 50760]
"cem"="C:\Windows\System32\cem.exe" [2008-01-10 00:34 16384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 09:45 8704]
"STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-09-09 16:09 118784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:41 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-13 21:24 1006264]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240]
"cem"="C:\WINDOWS\system32\cem.exe" [2008-01-10 00:34 16384]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"HostManager"="C:\Program Files\Common Files\AOL\1163708591\ee\AOLSoftware.exe" [2006-05-24 11:15 50760]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 16:59 124520]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 04:37 36904]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-18 23:56 185896]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-12 16:51 303104 C:\Windows\sttray.exe]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-11-09 14:43:14 156784]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2007-06-05 18:12:15 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

S2 0055341201084562mcinstcleanup;McAfee Application Installer Cleanup (0055341201084562);C:\Windows\TEMP\005534~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S2 xaheedra;Mouse HID Helper;C:\WINDOWS\System32\svchost.exe [2006-11-02 09:45]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup REG_MULTI_SZ WUDFSvc

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 22:08:07 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 12:29:02 C:\Windows\Tasks\At1.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-01-15 02:11:20 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-05-01 00:00:10 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 16:41:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

? [4008]
? [41688]
? [42244]
? [43160]
? [43276]
? [44064]
? [44104]
? [44148]
? [44164]
? [44204]
? [44340]
? [44480]
? [44812]
? [44920]
? [44932]
? [44952]
? [45004]
? [45032]
? [41536]
? [43116]
? [43188]
? [42524]
? [43036]
? [43272]
? [43256]
? [43752]
? [44232]
? [44744]
? [46532]
? [46916]
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-25 16:42:03
.
2008-01-24 21:36:21 --- E O F ---
  • 0

#9
Rorschach112
Posted 25 January 2008 - 02:58 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\certcliq.dll
C:\Windows\System32\cem.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {1B1C290C-AC98-4185-9F76-60BC82879F7D} - C:\WINDOWS\system32\certcliq.dll
O2 - BHO: (no name) - {82B84105-CAD7-43B8-9523-EFCCBD27E3E2} - C:\WINDOWS\system32\certcliq.dll
O4 - HKLM\..\Run: [cem] C:\WINDOWS\system32\cem.exe
O4 - HKCU\..\Run: [cem] C:\Windows\System32\cem.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot and post a new HijackThis log
  • 0

#10
shirleycrabtree
Posted 25 January 2008 - 03:38 PM

shirleycrabtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I couldn't find any of those four to check. The last time round I checked the second two. Anyway here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:17, on 25/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\AOL\1163708591\ee\aolsoftware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061109
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163708591\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EC02047-24F9-46E5-9FC2-B962E427AAB2}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0055341201084562) (0055341201084562mcinstcleanup) - Unknown owner - C:\Windows\TEMP\005534~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\Windows\system32\brsvc01a.exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 11768 bytes


And here's the second combofix log in case you need that. I'm going out now so won't respond for a while but I really appreciate your help. Thank you.

ComboFix 08-01-23.1C - Gary Stewart 2008-01-25 21:26:49.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1286 [GMT 0:00]
Running from: C:\Users\Gary Stewart\Desktop\ComboFix.exe
Command switches used :: C:\Users\Gary Stewart\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\windows\system32\cem.exe
C:\WINDOWS\system32\certcliq.dll
.

((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-25 18:29 . 2008-01-25 18:29 <DIR> d-------- C:\New Folder
2008-01-25 16:35 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-21 19:57 . 2008-01-22 20:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 19:56 . 2008-01-21 19:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 17:30 . 2008-01-21 17:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-15 23:59 . 2008-01-15 23:59 <DIR> d-------- C:\Program Files\iPod
2008-01-15 23:59 . 2008-01-15 23:59 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-15 23:59 . 2008-01-15 23:59 1,409 --a------ C:\Windows\QTFont.for
2008-01-15 23:58 . 2008-01-15 23:59 <DIR> d-------- C:\Program Files\iTunes
2008-01-15 23:56 . 2008-01-15 23:57 <DIR> d-------- C:\Program Files\QuickTime
2008-01-14 18:52 . 2008-01-14 18:52 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-14 18:52 . 2008-01-14 18:56 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-13 21:24 . 2008-01-13 21:24 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-13 21:24 . 2008-01-13 21:24 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-13 21:24 . 2008-01-13 21:24 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-13 21:24 . 2008-01-13 21:24 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-01-13 21:24 . 2008-01-13 21:24 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-01-13 21:24 . 2008-01-13 21:24 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-01-13 21:24 . 2008-01-13 21:24 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-01-13 21:24 . 2008-01-13 21:24 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-01-13 21:23 . 2008-01-13 21:23 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-01-13 21:23 . 2008-01-13 21:23 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-01-13 21:23 . 2008-01-13 21:23 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-01-13 21:23 . 2008-01-13 21:23 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-01-13 21:23 . 2008-01-13 21:23 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-01-13 21:23 . 2008-01-13 21:23 223,232 --a------ C:\Windows\System32\SLC.dll
2008-01-13 21:23 . 2008-01-13 21:23 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-01-13 21:23 . 2008-01-13 21:23 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-01-13 21:23 . 2008-01-13 21:23 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-01-13 21:23 . 2008-01-13 21:23 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-01-13 21:21 . 2007-09-17 08:07 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2008-01-13 21:21 . 2007-09-17 08:07 753,664 --a------ C:\Windows\System32\nvcplui.exe
2008-01-13 21:21 . 2007-09-17 08:07 413,696 --a------ C:\Windows\System32\nvcpl.cpl
2008-01-13 21:21 . 2007-09-17 08:07 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2008-01-11 03:57 . 2008-01-10 23:32 <DIR> d-------- C:\Windows\Panther
2008-01-11 03:56 . 2006-07-06 11:59 246,784 --------- C:\Windows\System32\drivers\iaStor.sys
2008-01-11 03:56 . 2003-09-05 06:58 70,624 --a------ C:\Windows\System32\drivers\alcaudsl.sys
2008-01-11 03:56 . 2003-09-05 06:58 53,600 --a------ C:\Windows\System32\drivers\alcan5wn.sys
2008-01-11 03:56 . 2003-09-05 06:58 5,607 --a------ C:\Windows\System32\stci.dll
2008-01-11 03:56 . 2003-09-05 06:58 5,280 --a------ C:\Windows\System32\drivers\alcawh.sys
2008-01-11 03:56 . 2003-09-05 06:58 3,968 --a------ C:\Windows\System32\drivers\alcacr.sys
2008-01-11 03:56 . 2008-01-11 03:56 862 --a------ C:\Windows\System32\termcap
2008-01-11 03:48 . 2008-01-11 03:48 <DIR> d--h----- C:\$WINDOWS.~Q
2008-01-11 01:25 . 2008-01-11 01:32 <DIR> d-------- C:\Program Files\Windows Live
2008-01-11 01:25 . 2008-01-11 01:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-10 23:36 . 2008-01-10 23:36 512 --a------ C:\Upgrade_MBR_Fixer_Saved.MBR
2008-01-10 23:17 . 2008-01-10 23:17 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-01-10 23:17 . 2008-01-10 23:17 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-01-10 23:17 . 2008-01-10 23:17 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-01-10 23:16 . 2008-01-10 23:16 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 23:16 . 2008-01-10 23:16 414,208 --a------ C:\Windows\System32\msscp.dll
2008-01-10 23:16 . 2008-01-10 23:16 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-01-10 23:16 . 2008-01-10 23:16 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-10 23:16 . 2008-01-10 23:16 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 23:16 . 2008-01-10 23:16 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 23:16 . 2008-01-10 23:16 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-01-10 23:16 . 2008-01-10 23:16 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 23:16 . 2008-01-10 23:16 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 23:15 . 2008-01-10 23:15 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-01-10 23:15 . 2008-01-10 23:15 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-01-10 23:15 . 2008-01-10 23:15 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-01-10 23:15 . 2008-01-10 23:15 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-01-10 23:15 . 2008-01-10 23:15 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-01-10 23:15 . 2008-01-10 23:15 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-01-10 23:15 . 2008-01-10 23:15 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-01-10 23:15 . 2008-01-10 23:15 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-01-10 23:15 . 2008-01-10 23:15 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-01-10 23:13 . 2008-01-10 23:13 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-01-10 23:13 . 2008-01-10 23:13 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2008-01-10 23:13 . 2008-01-10 23:13 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-01-10 23:12 . 2008-01-10 23:12 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-01-10 23:12 . 2008-01-10 23:12 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-10 23:12 . 2008-01-10 23:12 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-01-10 23:12 . 2008-01-10 23:12 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-10 23:12 . 2008-01-10 23:12 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-01-10 23:12 . 2008-01-10 23:12 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-10 23:12 . 2008-01-10 23:12 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-10 23:12 . 2008-01-10 23:12 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-01-10 23:12 . 2008-01-10 23:12 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-10 23:10 . 2008-01-10 23:10 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-10 23:10 . 2008-01-10 23:10 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-10 23:10 . 2008-01-10 23:10 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-01-10 23:10 . 2008-01-10 23:10 633,856 --a------ C:\Windows\System32\user32.dll
2008-01-10 23:10 . 2008-01-10 23:10 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-01-10 23:10 . 2008-01-10 23:10 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-01-10 23:10 . 2008-01-10 23:10 5,120 --a------ C:\Windows\System32\wmi.dll
2008-01-10 23:10 . 2008-01-10 23:10 2,048 --a------ C:\Windows\System32\tzres.dll
2008-01-10 23:04 . 2007-01-12 16:51 303,104 --a------ C:\Windows\sttray.exe
2008-01-10 23:04 . 2007-01-12 16:52 90,112 --a------ C:\Windows\System32\stacsv.exe
2008-01-10 23:03 . 2007-01-12 16:52 647,680 --a------ C:\Windows\System32\drivers\stwrt.sys
2008-01-10 23:03 . 2007-01-12 16:51 141,824 --a------ C:\Windows\System32\staco.dll
2008-01-10 23:02 . 2007-01-12 16:52 535,552 --a------ C:\Windows\System32\stapo.dll
2008-01-10 23:02 . 2007-01-12 16:51 238,592 --a------ C:\Windows\System32\stapi32.dll
2008-01-10 23:01 . 2008-01-10 23:01 <DIR> d-------- C:\Program Files\SigmaTel
2008-01-10 23:01 . 2006-11-22 20:16 416,256 --a------ C:\Windows\System32\ctapo32.dll
2008-01-10 23:01 . 2006-11-22 20:16 45,568 --a------ C:\Windows\System32\ctppld.dll
2008-01-10 22:56 . 2008-01-10 22:56 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-01-10 22:56 . 2008-01-10 22:56 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-01-10 22:56 . 2008-01-10 22:56 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-01-10 22:56 . 2008-01-10 22:56 43,352 --a------ C:\Windows\System32\wups2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 10:36 --------- d-----w C:\Program Files\McAfee
2008-01-14 22:04 --------- d-----w C:\Program Files\Roxio
2008-01-14 22:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-13 21:33 174 --sha-w C:\Program Files\desktop.ini
2008-01-13 21:30 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 21:30 --------- d-----w C:\Program Files\Windows Defender
2008-01-13 21:30 --------- d-----w C:\Program Files\Windows Calendar
2008-01-13 21:25 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-13 21:25 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-13 21:25 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-13 21:25 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-13 21:25 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-13 21:25 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-13 21:25 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-13 21:25 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-13 21:25 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-13 21:25 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-13 21:25 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-13 21:25 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-13 21:25 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-13 21:25 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-13 21:25 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-13 21:25 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-13 21:25 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-13 21:25 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-13 21:25 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-13 21:25 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-13 21:25 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-13 21:25 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-13 21:25 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-13 21:25 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-13 21:25 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-13 21:25 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-13 21:25 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-13 21:25 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-13 21:25 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-13 21:25 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-13 21:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-13 21:24 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-13 21:24 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-13 21:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-13 21:22 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-13 21:22 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-13 21:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-13 21:22 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-13 21:22 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-13 21:22 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-13 21:22 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-13 21:22 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-13 21:22 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-01-13 21:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-13 21:22 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-13 21:22 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-13 21:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-13 21:22 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-13 21:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-13 21:22 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-13 21:22 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-13 21:22 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-13 21:22 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-13 21:22 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-11 00:10 --------- d-----w C:\Program Files\Google
2008-01-10 23:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 23:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-10 23:39 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-10 23:29 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 23:11 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-10 23:11 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-10 23:11 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-10 23:11 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-10 23:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-10 23:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-10 23:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-10 23:11 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-10 23:11 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-10 20:39 --------- d-----w C:\Program Files\Windows Plus
2008-01-10 20:39 --------- d-----w C:\Program Files\Wanadoo
2008-01-10 20:39 --------- d-----w C:\Program Files\Viewpoint
2008-01-10 20:39 --------- d-----w C:\Program Files\Tiscali
2008-01-10 20:39 --------- d-----w C:\Program Files\THQ
2008-01-10 20:39 --------- d-----w C:\Program Files\Thomson
2008-01-10 20:39 --------- d-----w C:\Program Files\Symantec
2008-01-10 20:39 --------- d-----w C:\Program Files\SpeedTouch
2008-01-10 20:39 --------- d-----w C:\Program Files\Skype
2008-01-10 20:39 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-10 20:39 --------- d-----w C:\Program Files\RGB
2008-01-10 20:39 --------- d-----w C:\Program Files\Real
2008-01-10 20:39 --------- d-----w C:\Program Files\Point Buy
2008-01-10 20:39 --------- d-----w C:\Program Files\Orange
2008-01-10 20:39 --------- d-----w C:\Program Files\Norton Ghost
2008-01-10 20:39 --------- d-----w C:\Program Files\Nikon
2008-01-10 20:39 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-10 20:39 --------- d-----w C:\Program Files\Microsoft Works
2008-01-10 20:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-10 20:39 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-10 20:39 --------- d-----w C:\Program Files\McAfee.com
2008-01-10 20:39 --------- d-----w C:\Program Files\MAKEMSI Package Documentation
2008-01-10 20:37 --------- d-----w C:\Program Files\LucasArts
2008-01-10 20:37 --------- d-----w C:\Program Files\Learn2.com
2008-01-10 20:37 --------- d-----w C:\Program Files\Java
2007-02-15 22:47 88 --sha-r C:\Windows\System32\294B5CB768.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-25_16.41.22.83 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-22 18:15:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-25 20:51:29 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-25 16:36:03 147,456 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 21:26:40 147,456 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 16:36:03 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT
+ 2008-01-25 21:26:40 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT
- 2008-01-25 16:36:04 2,633,728 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 21:26:40 2,646,016 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 16:36:05 2,322,432 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 21:26:40 2,351,104 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 02:30:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-25 21:06:33 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-22 18:17:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-25 20:52:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-01-25 02:30:07 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-25 20:56:14 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-22 18:17:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-25 20:52:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-01-25 16:35:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-25 20:49:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-25 16:35:11 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-25 20:49:43 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-25 16:35:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-25 20:49:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-22 18:20:25 112,988 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-25 20:58:15 112,988 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-22 18:20:25 639,174 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-25 20:58:15 639,174 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-22 18:19:18 3,796 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2778902474-1672239889-419508607-1005_UserData.bin
+ 2008-01-25 20:53:24 3,804 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2778902474-1672239889-419508607-1005_UserData.bin
- 2008-01-22 18:19:17 52,054 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-25 20:53:24 52,918 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-22 18:19:15 38,612 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-25 20:53:23 38,732 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 23:12 1232896]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-24 11:15 50760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 09:45 8704]
"STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-09-09 16:09 118784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:41 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-13 21:24 1006264]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"HostManager"="C:\Program Files\Common Files\AOL\1163708591\ee\AOLSoftware.exe" [2006-05-24 11:15 50760]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 16:59 124520]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 04:37 36904]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-18 23:56 185896]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-12 16:51 303104 C:\Windows\sttray.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-11-09 14:43:14 156784]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2007-06-05 18:12:15 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

S2 0055341201084562mcinstcleanup;McAfee Application Installer Cleanup (0055341201084562);C:\Windows\TEMP\005534~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S2 xaheedra;Mouse HID Helper;C:\WINDOWS\System32\svchost.exe [2006-11-02 09:45]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup REG_MULTI_SZ WUDFSvc

.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 22:08:07 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 12:29:02 C:\Windows\Tasks\At1.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-01-15 02:11:20 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-05-01 00:00:10 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 21:30:42
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-25 21:31:41
ComboFix-quarantined-files.txt 2008-01-25 21:31:38
ComboFix2.txt 2008-01-25 18:49:56
ComboFix3.txt 2008-01-25 16:42:04
.
2008-01-24 21:36:21 --- E O F ---
  • 0

Advertisements

#11
Rorschach112
Posted 25 January 2008 - 03:41 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
We are nearly done

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


This scan shouldn't take longer than 6 hours, if it does cancel it and tell me

Also tell me how your PC is running

Edited by Rorschach112, 25 January 2008 - 03:42 PM.

  • 0

#12
shirleycrabtree
Posted 27 January 2008 - 10:12 AM

shirleycrabtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I just got back to my PC and the scan's been running for 22 hours and counting. Says it's scanned over 2million files but it's discovered no threats at the moment.

As far as how the computer is working I would say it is running slow and over the last few days I've started having trouble connecting to certain websites. I have to disconnect and log back on, then they work fine.
  • 0

#13
Rorschach112
Posted 27 January 2008 - 10:38 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Cancel the scan if its been going that long

Post a new HijackThis log there
  • 0

#14
shirleycrabtree
Posted 27 January 2008 - 06:03 PM

shirleycrabtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:39, on 28/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\AOL\1163708591\ee\aolsoftware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061109
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163708591\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{906964AB-1695-45DD-80C9-9BF3E4A0FC24}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EC02047-24F9-46E5-9FC2-B962E427AAB2}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0113681201427517) (0113681201427517mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\011368~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\Windows\system32\brsvc01a.exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 11836 bytes
  • 0

#15
Rorschach112
Posted 27 January 2008 - 06:05 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
How is your PC running ? Any problems ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP