• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Dahnkster

Dloadr.alf, sasser trojan, higliedr, 9129837.exe

11 posts in this topic

Greetings, I am pretty much a noob, but haven't had to log on in over a year. I am much more savv, thanks mostly from what I learned from Hijack this a year ago. I got a Sasser worm in the form of a 9129837.exe file that came with a ''shareware version" of DiVX (unloaded from Emule). It kept giving me a "1073741819" system shutoff I was able to to overcome. I rechecked all my XP service packs and allseems well. McAfee quarintined 2 trojans and scanspyware program quarantined a "Dloadr.alf" file. Nothing showed up on Spybot ,but Yahoo spyware says I still have a Higlieder in the registry.

Below you will find my Hijack-this log and my recent ScnSpyware log. Thanks for help.

 

PS I have almost 39 processes running at start up, and some of the "help"forums I read suggested it is time for me to submit a hijack this log.

 

PSS I also had to disavble my MCafee emailproxy.exe file as it uses 99% of my CPU if it is enabled.

 

Logfile of HijackThis v1.99.1

Scan saved at 8:53:55 PM, on 6/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\SiteAdvisor\6066\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.bellsouth.net/fastaccess/launch.asp

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.youtube.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127935424046

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3913.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

 

Here is my ScanSpywarelog:

 

Pest: Dloadr.ALF

 

Type: Registry Value

 

Operation: Deleted

 

Value: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ttool

 

_____________________________________________

 

Pest: Advertising.com

 

Type: Cookie

 

Operation: Deleted

 

Value: c:\documents and settings\william m dahnke\cookies\william m dahnke@advertising[2].txt

 

_____________________________________________

 

Pest: Advertising.com

 

Type: Cookie

 

Operation: Deleted

 

Value: c:\documents and settings\william m dahnke\cookies\william m dahnke@advertising[2].txt

 

_____________________________________________

 

Pest: WebTrends

 

Type: Cookie

 

Operation: Deleted

 

Value: c:\documents and settings\william m dahnke\cookies\william m dahnke@m.webtrends[2].txt

 

_____________________________________________

 

Pest: Pport

 

Type: Cookie

 

Operation: Deleted

 

Value: c:\documents and settings\william m dahnke\cookies\william m dahnke@support.microsoft[2].txt

 

_____________________________________________

 

 

And finally here is my current startup list:

 

 

StartupList report, 6/29/2007, 9:05:01 PM

StartupList version 2.01.0

Started from: C:\Program Files\Hijack This\StartupList.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Logged on as 'William M Dahnke' to 'DG26TC61'

* Using default options (see end of log for possible options)

==================================================

 

Running processes (39):

 

[C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (38)]

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.dll

C:\PROGRA~1\COMMON~1\AOL\ACS\xpat.dll

C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll

C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll

C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\msctfime.ime

C:\WINDOWS\system32\MSVCR71.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\NETAPI32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\psapi.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rtutils.dll

C:\WINDOWS\system32\serwvdrv.dll

C:\WINDOWS\system32\SETUPAPI.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\TAPI32.dll

C:\WINDOWS\system32\umdmxfrm.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\userenv.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WINMM.dll

C:\WINDOWS\system32\WINSTA.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\wtsapi32.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (32)]

c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll

c:\program files\common files\mcafee\core\mccoreps.dll

c:\program files\common files\mcafee\hackerwatch\hwapips.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\netapi32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\PSAPI.DLL

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\Secur32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\userenv.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[c:\PROGRA~1\mcafee.com\agent\mcagent.exe (49)]

C:\PROGRA~1\McAfee\MSC\Mccobres.dll

C:\PROGRA~1\McAfee\MSC\McLocRes.dll

C:\PROGRA~1\McAfee\MSC\McRes.dll

c:\program files\common files\mcafee\core\mccoreps.dll

c:\program files\mcafee.com\agent\mcagntps.dll

c:\program files\mcafee\msc\mccfgpv.dll

c:\program files\mcafee\msc\mcmispps.dll

c:\program files\mcafee\msc\mcregobj\7,2,142,0\mcregobj.dll

c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll

c:\program files\mcafee\msc\mcuicfg.dll

C:\Program Files\McAfee\MSC\oem\105\Mccobres.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msctfime.ime

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\msxml3.dll

c:\WINDOWS\system32\msxml4.dll

C:\WINDOWS\system32\netapi32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\NTMARTA.DLL

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\psapi.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\SAMLIB.dll

C:\WINDOWS\system32\secur32.dll

C:\WINDOWS\system32\SETUPAPI.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\userenv.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WININET.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\WLDAP32.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (47)]

C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll

C:\PROGRA~1\McAfee\MSC\Mccobres.dll

C:\PROGRA~1\McAfee\MSC\McLocRes.dll

C:\PROGRA~1\McAfee\MSC\McRes.dll

c:\program files\common files\mcafee\core\mccoreps.dll

c:\program files\mcafee\msc\mcdbmgr.dll

c:\program files\mcafee\msc\mcmispps.dll

c:\program files\mcafee\msc\mcshllps.dll

C:\Program Files\McAfee\MSC\oem\105\Mccobres.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\iphlpapi.dll

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msv1_0.dll

C:\WINDOWS\system32\msvcrt.dll

c:\WINDOWS\system32\msxml4.dll

C:\WINDOWS\system32\NETAPI32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\psapi.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\secur32.dll

C:\WINDOWS\system32\SETUPAPI.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\userenv.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WINSTA.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\wtsapi32.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (84)]

c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll

c:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll

c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL

C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirver.dll

c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll

C:\PROGRA~1\McAfee\MSC\Mccobres.dll

C:\PROGRA~1\McAfee\MSC\McLocRes.dll

C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll

C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll

c:\PROGRA~1\mcafee\msc\mcnmcprv.dll

C:\PROGRA~1\McAfee\MSC\McNmcRes.dll

c:\PROGRA~1\mcafee\msc\mcnmcsps.dll

c:\PROGRA~1\mcafee\msc\mcnmcver.dll

C:\PROGRA~1\McAfee\MSC\McProHlp.dll

C:\PROGRA~1\McAfee\MSC\McRes.dll

c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll

c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll

c:\program files\common files\mcafee\core\mccoreps.dll

c:\program files\mcafee.com\agent\mcagntps.dll

C:\Program Files\McAfee\MPF\L10N.DLL

c:\program files\mcafee\mpf\mc\mpfp.dll

c:\program files\mcafee\mqc\QcLite.dll

c:\program files\mcafee\mqc\qcmisp.dll

c:\program files\mcafee\msc\mcmispps.dll

c:\program files\mcafee\msc\mcmscver.dll

c:\program files\mcafee\msc\mcprotpv.dll

c:\program files\mcafee\msc\mcregobj\7,2,142,0\mcregobj.dll

c:\program files\mcafee\msc\mcshllps.dll

c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll

C:\Program Files\McAfee\MSC\oem\105\Mccobres.dll

c:\program files\mcafee\virusscan\mcvspp.dll

c:\program files\mcafee\virusscan\mvscfg.dll

c:\program files\mcafee\virusscan\naiannps.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\COMDLG32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\LZ32.dll

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msi.dll

C:\WINDOWS\system32\MSIMG32.dll

C:\WINDOWS\system32\msvcrt.dll

c:\WINDOWS\system32\msxml4.dll

C:\WINDOWS\system32\NETAPI32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\NTMARTA.DLL

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\PSAPI.DLL

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\SAMLIB.dll

C:\WINDOWS\system32\secur32.dll

C:\WINDOWS\system32\serwvdrv.dll

C:\WINDOWS\system32\SETUPAPI.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHFOLDER.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\SXS.DLL

C:\WINDOWS\system32\umdmxfrm.dll

C:\WINDOWS\system32\urlmon.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\userenv.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WININET.dll

C:\WINDOWS\system32\WINMM.dll

C:\WINDOWS\system32\WINSTA.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\WLDAP32.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\WTSAPI32.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (52)]

C:\PROGRA~1\McAfee\VIRUSS~1\ftl.dll

C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll

c:\PROGRA~1\mcafee\VIRUSS~1\mvsscan.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll

c:\PROGRA~1\mcafee\VIRUSS~1\mytilus2.dll

C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll

c:\program files\common files\mcafee\core\mccoreps.dll

c:\program files\mcafee\virusscan\mcodsax.dll

C:\Program Files\McAfee\VirusScan\mcscan32.dll

c:\program files\mcafee\virusscan\mcvsps.dll

c:\program files\mcafee\virusscan\mcvsqt.dll

c:\program files\mcafee\virusscan\mvscfg.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\iphlpapi.dll

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msi.dll

C:\WINDOWS\system32\msv1_0.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\NETAPI32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\PSAPI.DLL

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\secur32.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHFOLDER.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\SXS.DLL

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\userenv.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WINSTA.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\wtsapi32.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (64)]

c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll

C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll

C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll

C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll

C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll

C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll

C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll

c:\program files\common files\mcafee\core\mccoreps.dll

c:\program files\mcafee\msc\mcmispps.dll

c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll

C:\Program Files\McAfee\VirusScan\mcscan32.dll

c:\program files\mcafee\virusscan\mcvsps.dll

c:\program files\mcafee\virusscan\mcvsqt.dll

c:\program files\mcafee\virusscan\mvscfg.dll

c:\program files\mcafee\virusscan\naiannps.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\LZ32.dll

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msi.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\netapi32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\NTMARTA.DLL

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\psapi.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\SAMLIB.dll

C:\WINDOWS\system32\secur32.dll

C:\WINDOWS\system32\SETUPAPI.dll

C:\WINDOWS\system32\sfc_os.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHFOLDER.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\SXS.DLL

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\userenv.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WINSTA.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\WLDAP32.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\wtsapi32.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (55)]

c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll

C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll

c:\program files\common files\mcafee\core\mccoreps.dll

c:\program files\common files\mcafee\hackerwatch\hwapips.dll

c:\program files\mcafee\msc\mcmispps.dll

c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll

c:\program files\mcafee\virusscan\mcvsps.dll

c:\program files\mcafee\virusscan\mvscfg.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\comdlg32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\DNSAPI.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\MPR.dll

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\mstask.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\msxml3.dll

C:\WINDOWS\system32\NETAPI32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\NTDSAPI.dll

C:\WINDOWS\system32\NTMARTA.DLL

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\PSAPI.DLL

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\SAMLIB.dll

C:\WINDOWS\system32\secur32.dll

C:\WINDOWS\system32\SETUPAPI.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\SXS.DLL

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\USERENV.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WINSTA.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\WLDAP32.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\wtsapi32.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (24)]

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\apphelp.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\msctfime.ime

C:\WINDOWS\system32\msi.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\SXS.DLL

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

 

[C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (40)]

c:\program files\common files\mcafee\core\mccoreps.dll

c:\program files\common files\mcafee\hackerwatch\hwapips.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\DNSAPI.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\hnetcfg.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\mswsock.dll

C:\WINDOWS\system32\netapi32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\psapi.dll

C:\WINDOWS\system32\rasadhlp.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\secur32.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\userenv.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WINHTTP.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\ws2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\System32\wshtcpip.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[c:\program files\common files\mcafee\mna\mcnasvc.exe (92)]

c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL

c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll

C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll

C:\PROGRA~1\McAfee\MSC\Mccobres.dll

C:\PROGRA~1\McAfee\MSC\McLocRes.dll

C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll

C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll

C:\PROGRA~1\McAfee\MSC\McNmcRes.dll

c:\PROGRA~1\mcafee\msc\mcnmcsps.dll

c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll

C:\PROGRA~1\McAfee\MSC\McRes.dll

c:\program files\common files\mcafee\core\mccoreps.dll

c:\program files\mcafee\msc\mcmismgr.dll

c:\program files\mcafee\msc\mcmispps.dll

c:\program files\mcafee\msc\mcregobj\7,2,142,0\mcregobj.dll

c:\program files\mcafee\msc\mcshllps.dll

c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll

C:\Program Files\McAfee\MSC\oem\105\Mccobres.dll

C:\WINDOWS\system32\ACTIVEDS.dll

C:\WINDOWS\system32\adsldpc.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\ATL.DLL

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\credui.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\cscdll.dll

C:\WINDOWS\System32\davclnt.dll

C:\WINDOWS\system32\DNSAPI.dll

C:\WINDOWS\System32\drprov.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\hnetcfg.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\iphlpapi.dll

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\MPR.dll

C:\WINDOWS\system32\MPRAPI.dll

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msi.dll

C:\WINDOWS\system32\msv1_0.dll

C:\WINDOWS\system32\MSVCP60.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\mswsock.dll

c:\WINDOWS\system32\msxml4.dll

C:\WINDOWS\system32\netapi32.dll

C:\WINDOWS\System32\NETRAP.dll

C:\WINDOWS\system32\NETSHELL.dll

C:\WINDOWS\System32\NETUI0.dll

C:\WINDOWS\System32\NETUI1.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\NTDSAPI.dll

C:\WINDOWS\System32\ntlanman.dll

C:\WINDOWS\system32\NTMARTA.DLL

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\psapi.dll

C:\WINDOWS\system32\rasadhlp.dll

C:\WINDOWS\system32\rasapi32.dll

C:\WINDOWS\system32\rasman.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\rtutils.dll

C:\WINDOWS\system32\SAMLIB.dll

C:\WINDOWS\system32\secur32.dll

C:\WINDOWS\system32\serwvdrv.dll

C:\WINDOWS\system32\SETUPAPI.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\TAPI32.dll

C:\WINDOWS\system32\umdmxfrm.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\userenv.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\wbem\fastprox.dll

C:\WINDOWS\system32\wbem\wbemcomn.dll

C:\WINDOWS\system32\wbem\wbemprox.dll

C:\WINDOWS\system32\wbem\wbemsvc.dll

C:\WINDOWS\system32\WININET.dll

C:\WINDOWS\system32\WINMM.dll

C:\WINDOWS\System32\winrnr.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\WLDAP32.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\System32\wshtcpip.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\Program Files\DellSupport\DSAgnt.exe (77)]

C:\PROGRA~1\DELLSU~1\gdql_d.dll

c:\progra~1\dellsu~1\gtaction\handlers\brkrsvch.dll

c:\progra~1\dellsu~1\gtaction\handlers\grouph.dll

c:\progra~1\dellsu~1\gtaction\handlers\pnph.dll

c:\progra~1\dellsu~1\gtaction\handlers\qdiagh.dll

c:\progra~1\dellsu~1\gtaction\handlers\trgloadh.dll

c:\progra~1\dellsu~1\gtaction\handlers\trgregh.dll

C:\PROGRA~1\DELLSU~1\GTACTION\TRIGGERS\DSPROCT.DLL

C:\PROGRA~1\DELLSU~1\GTACTION\TRIGGERS\DSWNHNT.DLL

C:\PROGRA~1\DELLSU~1\GTACTION\TRIGGERS\TIMERT.DLL

C:\Program Files\DellSupport\ActMgr.dll

C:\Program Files\DellSupport\CfgData.DLL

C:\Program Files\DellSupport\GTAgnt.dll

C:\Program Files\DellSupport\TrgMgr.DLL

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\apphelp.dll

C:\WINDOWS\system32\AVICAP32.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\comdlg32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\DNSAPI.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\hnetcfg.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\iphlpapi.dll

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\mlang.dll

C:\WINDOWS\system32\MPR.dll

C:\WINDOWS\system32\MSACM32.dll

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msctfime.ime

C:\WINDOWS\system32\msv1_0.dll

C:\WINDOWS\system32\MSVCP60.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\MSVFW32.dll

C:\WINDOWS\System32\mswsock.dll

C:\WINDOWS\system32\msxml3.dll

C:\WINDOWS\system32\NETAPI32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\NTMARTA.DLL

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEACC.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\PSAPI.DLL

C:\WINDOWS\system32\rasadhlp.dll

C:\WINDOWS\system32\rasapi32.dll

C:\WINDOWS\system32\rasman.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\rtutils.dll

C:\WINDOWS\system32\SAMLIB.dll

C:\WINDOWS\system32\Secur32.dll

C:\WINDOWS\system32\sensapi.dll

C:\WINDOWS\system32\serwvdrv.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\SXS.DLL

C:\WINDOWS\system32\TAPI32.dll

C:\WINDOWS\system32\umdmxfrm.dll

C:\WINDOWS\system32\urlmon.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\USERENV.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WININET.dll

C:\WINDOWS\system32\WINMM.dll

C:\WINDOWS\System32\winrnr.dll

C:\WINDOWS\system32\WINSPOOL.DRV

C:\WINDOWS\system32\WLDAP32.dll

C:\WINDOWS\system32\ws2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\System32\wshtcpip.dll

C:\WINDOWS\system32\wsock32.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (55)]

C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll

C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_en.dll

C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

C:\WINDOWS\system32\ACTIVEDS.dll

C:\WINDOWS\system32\adsldpc.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\apphelp.dll

C:\WINDOWS\system32\ATL.DLL

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\CRYPT32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMAGEHLP.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\iphlpapi.dll

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\MPRAPI.dll

C:\WINDOWS\system32\MSASN1.dll

C:\WINDOWS\system32\msctfime.ime

C:\WINDOWS\system32\msi.dll

C:\WINDOWS\system32\msv1_0.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\NETAPI32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\PSAPI.DLL

C:\WINDOWS\system32\RASAPI32.dll

C:\WINDOWS\system32\rasman.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\rsaenh.dll

C:\WINDOWS\system32\rtutils.dll

C:\WINDOWS\system32\SAMLIB.dll

C:\WINDOWS\system32\secur32.dll

C:\WINDOWS\system32\serwvdrv.dll

C:\WINDOWS\system32\SETUPAPI.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\SXS.DLL

C:\WINDOWS\system32\TAPI32.dll

C:\WINDOWS\system32\umdmxfrm.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\USERENV.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\WININET.dll

C:\WINDOWS\system32\WINMM.dll

C:\WINDOWS\system32\WINTRUST.dll

C:\WINDOWS\system32\WLDAP32.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\Program Files\Hijack This\HijackThis.exe (27)]

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\apphelp.dll

C:\WINDOWS\system32\asycfilt.dll

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\msctfime.ime

C:\WINDOWS\system32\MSVBVM60.DLL

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\netapi32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\PSAPI.DLL

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\Secur32.dll

C:\WINDOWS\system32\SETUPAPI.dll

C:\WINDOWS\system32\shell32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\SXS.DLL

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.DLL

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\Program Files\Hijack This\StartupList.exe (44)]

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\apphelp.dll

C:\WINDOWS\system32\asycfilt.dll

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\COMCTL32.dll

C:\WINDOWS\system32\comdlg32.dll

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\DNSAPI.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\mscomctl.ocx

C:\WINDOWS\system32\msctfime.ime

C:\WINDOWS\system32\msi.dll

C:\WINDOWS\system32\MSVBVM60.DLL

C:\WINDOWS\system32\MSVCP60.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\NETAPI32.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\NTDSAPI.dll

C:\WINDOWS\system32\ole32.dll

C:\WINDOWS\system32\OLEAUT32.dll

C:\WINDOWS\system32\PSAPI.DLL

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\Secur32.dll

C:\WINDOWS\system32\SHELL32.dll

C:\WINDOWS\system32\SHLWAPI.dll

C:\WINDOWS\system32\SXS.DLL

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\USP10.dll

C:\WINDOWS\system32\uxtheme.dll

C:\WINDOWS\system32\VERSION.dll

C:\WINDOWS\system32\wbem\fastprox.dll

C:\WINDOWS\system32\wbem\wbemcomn.dll

C:\WINDOWS\system32\wbem\wbemdisp.dll

C:\WINDOWS\system32\wbem\wbemprox.dll

C:\WINDOWS\system32\wbem\wbemsvc.dll

C:\WINDOWS\system32\wbem\wmiutils.dll

C:\WINDOWS\system32\WLDAP32.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\xpsp2res.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (10)]

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\GDI32.dll

C:\WINDOWS\system32\IMM32.DLL

C:\WINDOWS\system32\kernel32.dll

C:\WINDOWS\system32\LPK.DLL

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\ntdll.dll

C:\WINDOWS\system32\RPCRT4.dll

C:\WINDOWS\system32\USER32.dll

C:\WINDOWS\system32\USP10.dll

 

[C:\Program Files\McAfee\

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Nothing suspicious was found on your log.

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer to reset the registry.

 

Download this file - combofix.exe

 

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

 

"%userprofile%\desktop\combofix.exe"

 

Boot into safe mode by tapping the F8 key just before Windows starts to load.

 

go to start --> run and copy/paste in the following:

 

"%userprofile%\desktop\combofix.exe"

 

When finished, it shall produce a log for you. Save it and post that log in your next reply.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

In your next post, please include

  • new hijackthis log
  • combofix log

Share this post


Link to post
Share on other sites

Did as instructed. Did have a couple problems. First I had no keyboard capabilities at first. I had to reload the drivers for my keyboard with original Dell utilities disc. Problem solved.

 

I cannot restart in SAFE MODE. I have 30.89 GB of Hard drive left out of 144 GB (approx 21% remaining) Ran some boot up diagnostics on my hard drive and could not find any errors. I defragged and cleaned out all temp files and cookies. Still unable to start Windows in SAFE mode. I tap F8 and it prompts me to run in Safe mode and asks me which operating system (I select Windows xp) a series of MS-DOS Commands roll past and then get a screen "apologizing" that windows will not start. I am only able to restart in normal mode. ???

 

Ideleted entries as suggested , but am now perplexed why I can no longer start in SAFE Mode. (Which I had been able to do as recently as a week ago.

 

HJT report:

 

Logfile of HijackThis v1.99.1

Scan saved at 1:29:08 PM, on 7/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\SiteAdvisor\6066\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.bellsouth.net/fastaccess/launch.asp

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.youtube.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127935424046

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3913.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

 

ComboFix Report:

 

Start Time= Fri 07/06/2007 13:27:10.09

Running from: C:\Documents and Settings\William M Dahnke\Desktop

 

QuickScan did not find any signs of infected files

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-07-05 10:32:20 69632 ( A.... ) "C:\WINDOWS\SYSTEM32\realbap1.dll"

2007-07-05 10:32:20 45568 ( A.... ) "C:\WINDOWS\SYSTEM32\realbsf1.dll"

2007-06-30 21:33:06 ( .D... ) "C:\Documents and Settings\William M Dahnke\Application Data\Musicmatch"

2007-06-30 19:26:24 ( .D... ) "C:\Program Files\Copy of MUSICMATCH"

2007-06-29 19:31:20 ( .D... ) "C:\Program Files\Common Files\Scanner"

2007-06-29 17:27:18 ( .D... ) "C:\Documents and Settings\William M Dahnke\Application Data\DivX"

2007-06-29 17:25:06 ( .D... ) "C:\Program Files\DivX"

2007-06-25 02:33:34 855999 ( A.... ) "C:\Program Files\3ivx_MPEG-4_50_trial_win.zip"

2007-06-24 11:27:54 ( .D... ) "C:\Program Files\musiCutter"

2007-06-24 04:47:22 ( .D... ) "C:\Program Files\AudioConvert"

2007-05-31 01:45:08 524288 ( A.... ) "C:\WINDOWS\SYSTEM32\DivXsm.exe"

2007-05-31 01:44:56 823296 ( A.... ) "C:\WINDOWS\SYSTEM32\divx_xx0c.dll"

2007-05-31 01:44:56 823296 ( A.... ) "C:\WINDOWS\SYSTEM32\divx_xx07.dll"

2007-05-31 01:44:56 802816 ( A.... ) "C:\WINDOWS\SYSTEM32\divx_xx11.dll"

2007-05-31 01:44:56 740442 ( A.... ) "C:\WINDOWS\SYSTEM32\DivX.dll"

2007-05-16 10:12:02 683520 ( A.... ) "C:\WINDOWS\SYSTEM32\inetcomm.dll"

2007-04-25 09:21:16 144896 ( A.... ) "C:\WINDOWS\SYSTEM32\schannel.dll"

2007-04-24 01:07:56 51600 ( A.... ) "C:\WINDOWS\SYSTEM32\RadLightMPCUninstall.exe"

2007-04-22 19:15:30 3596288 ( A.... ) "C:\WINDOWS\SYSTEM32\qt-dx331.dll"

2007-04-22 19:15:26 118520 ( ..... ) "C:\WINDOWS\SYSTEM32\pxinsi64.exe"

2007-04-22 19:15:26 116472 ( ..... ) "C:\WINDOWS\SYSTEM32\pxcpyi64.exe"

2007-04-22 19:15:20 1044480 ( A.... ) "C:\WINDOWS\SYSTEM32\libdivx.dll"

2007-04-22 19:15:20 200704 ( A.... ) "C:\WINDOWS\SYSTEM32\ssldivx.dll"

2007-04-22 19:02:36 196608 ( A.... ) "C:\WINDOWS\SYSTEM32\dtu100.dll"

2007-04-22 19:02:36 73728 ( A.... ) "C:\WINDOWS\SYSTEM32\dpl100.dll"

2007-04-22 19:02:34 53248 ( A.... ) "C:\WINDOWS\SYSTEM32\dpuGUI10.dll"

2007-04-22 19:02:32 593920 ( A.... ) "C:\WINDOWS\SYSTEM32\dpuGUI11.dll"

2007-04-22 19:02:32 344064 ( A.... ) "C:\WINDOWS\SYSTEM32\dpus11.dll"

2007-04-22 19:02:32 294912 ( A.... ) "C:\WINDOWS\SYSTEM32\dpu11.dll"

2007-04-22 19:02:32 294912 ( A.... ) "C:\WINDOWS\SYSTEM32\dpu10.dll"

2007-04-22 19:02:32 57344 ( A.... ) "C:\WINDOWS\SYSTEM32\dpv11.dll"

2007-04-22 19:01:48 124472 ( A.... ) "C:\WINDOWS\SYSTEM32\DivXCodecUpdateChecker.exe"

2007-04-22 19:01:48 12288 ( A.... ) "C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll"

2007-04-18 11:12:24 2854400 ( A.... ) "C:\WINDOWS\SYSTEM32\msi.dll"

2007-04-16 22:47:36 33624 ( A.... ) "C:\WINDOWS\SYSTEM32\wups.dll"

2007-04-16 22:45:54 1710936 ( A.... ) "C:\WINDOWS\SYSTEM32\wuaueng.dll"

2007-04-16 22:45:48 549720 ( A.... ) "C:\WINDOWS\SYSTEM32\wuapi.dll"

2007-04-16 22:45:42 325976 ( A.... ) "C:\WINDOWS\SYSTEM32\wucltui.dll"

2007-04-16 22:45:36 203096 ( A.... ) "C:\WINDOWS\SYSTEM32\wuweb.dll"

2007-04-16 22:45:28 92504 ( A.... ) "C:\WINDOWS\SYSTEM32\cdm.dll"

2007-04-16 22:45:20 53080 ( A.... ) "C:\WINDOWS\SYSTEM32\wuauclt.exe"

2007-04-16 22:45:20 43352 ( A.... ) "C:\WINDOWS\SYSTEM32\wups2.dll"

2007-04-16 22:44:20 271224 ( A.... ) "C:\WINDOWS\SYSTEM32\mucltui.dll"

2007-04-16 22:44:18 208248 ( A.... ) "C:\WINDOWS\SYSTEM32\muweb.dll"

2007-04-16 10:52:54 984576 ( A.... ) "C:\WINDOWS\SYSTEM32\kernel32.dll"

2006-12-06 00:34:30 465919 ( A.... ) "C:\Program Files\flac113b.exe"

2006-12-05 17:10:26 1969400 ( A.... ) "C:\Program Files\DellConnect.exe"

2006-12-04 18:11:28 2380042 ( A.... ) "C:\Program Files\bao0995u.exe"

2006-12-04 18:08:30 4000588 ( A.... ) "C:\Program Files\bao0995.exe"

2006-11-24 12:15:02 8799656 ( A.... ) "C:\Program Files\Azureus_2.5.0.0_Win32.setup.exe"

2006-11-19 19:16:04 559856 ( A.... ) "C:\Program Files\WindowsXP-KB906569-v2-x86-ENU.exe"

2006-10-21 11:20:50 6809451 ( A.... ) "C:\Program Files\HandBrake-0.7.1-OSX.zip"

2006-09-21 16:31:24 3534076 ( A.... ) "C:\Program Files\eMule0.47c-Installer.exe"

2006-09-21 16:19:00 882489 ( A.... ) "C:\Program Files\pg2-050918-nt.exe"

2006-08-06 22:22:50 7980280 ( A.... ) "C:\Program Files\ezi_hnm.exe"

2006-08-06 20:01:14 2311992 ( A.... ) "C:\Program Files\reglite.exe"

2006-08-05 19:12:20 45568 ( A.... ) "C:\Program Files\ATF-Cleaner.exe"

2006-08-05 16:18:48 212849 ( A.... ) "C:\Program Files\hijackthis.zip"

2006-08-05 16:15:58 161714 ( A.... ) "C:\Program Files\startuplist.zip"

2006-08-05 15:03:10 1988486 ( A.... ) "C:\Program Files\ss_install.exe"

2006-08-05 14:30:20 3852888 ( A.... ) "C:\Program Files\spyhunterS.exe"

2006-08-05 10:37:28 2566736 ( A.... ) "C:\Program Files\spywareblastersetup351.exe"

2006-05-30 18:54:32 1474745 ( A.... ) "C:\Program Files\Install-2.0.exe"

2006-05-30 18:48:52 1476859 ( A.... ) "C:\Program Files\Install-2.2.exe"

2006-03-22 12:19:28 11817800 ( A.... ) "C:\Program Files\GoogleEarth.exe"

2006-03-05 09:59:14 6839296 ( A.... ) "C:\Program Files\DingInstall.exe"

2006-02-02 02:01:12 3395904 ( A.... ) "C:\Program Files\BSPROINSTALL.EXE"

2005-12-05 19:42:10 3221104 ( A.... ) "C:\Program Files\msgrplus.exe"

2005-09-20 23:41:30 947213 ( A.... ) "C:\Program Files\Gd30.zip"

2005-08-04 23:42:52 4985856 ( A.... ) "C:\Program Files\DellPSPA521Patch_English.exe"

2005-05-27 12:21:50 2191360 ( A.... ) "C:\Program Files\CD21.EXE"

2005-03-09 15:49:04 843824 ( A.... ) "C:\Program Files\SetupDVDDecrypter_3.5.2.0.exe"

2005-03-03 20:20:20 771758 ( A.... ) "C:\Program Files\SetupDVDDecrypter.exe"

2005-03-03 20:19:34 393128 ( A.... ) "C:\Program Files\SmartRipper2.41.zip"

2005-01-06 05:50:50 5798576 ( A.... ) "C:\Program Files\SkypeSetup.exe"

2004-12-28 23:19:36 3905464 ( A.... ) "C:\Program Files\xlViewer.exe"

2004-12-23 22:18:04 21778872 ( A.... ) "C:\Program Files\iTunesSetup.exe"

 

 

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

 

 

2007-06-24 04:47 28,672 C:\WINDOWS\system32\SmartMenuXP.dll

2007-06-24 04:47 20,480 C:\WINDOWS\system32\VBUTILLight.dll

2007-06-24 04:38 172,032 C:\WINDOWS\system32\MP2enc.dll

2007-05-31 01:45 524,288 C:\WINDOWS\system32\DivXsm.exe

2007-05-31 01:44 823,296 C:\WINDOWS\system32\divx_xx0c.dll

2007-05-31 01:44 823,296 C:\WINDOWS\system32\divx_xx07.dll

2007-05-31 01:44 802,816 C:\WINDOWS\system32\divx_xx11.dll

2007-05-31 01:44 740,442 C:\WINDOWS\system32\DivX.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"MSKDetectorExe"="\"C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe\" /uninstall"

@=""

"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"

"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"DelayShred"="\"c:\\program files\\mcafee\\mshr\\ShrCL.EXE\" /P7 /q C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\HPEM3D7V\\PURCHA~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\0DSPUZCD\\MM_1_~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\2BQR61QF\\MAIN_1~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\0DSPUZCD\\ALBUMV~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\OGAE3540\\MM_1_~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\O7WNIVC3\\DIALOG~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\UP8NCVAJ\\COOKIE~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\OXHBFIMH\\GRIDFA~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\2F0VFGLS\\LINKPA~1.SH!"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000003

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,5c,01,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ec,\

03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:01,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

00,00,01,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=hex:91,00,00,00

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=hex:91,00,00,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"

"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Distillr\\acrotray.exe "

"item"="Acrobat Assistant"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Acrobat Speed Launcher.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-0000-7760-000000000002}\\SC_Acrobat.exe "

"item"="Adobe Acrobat Speed Launcher"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"

"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"

"item"="America Online 9.0 Tray Icon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Dell Network Assistant.lnk"

"backup"="C:\\WINDOWS\\pss\\Dell Network Assistant.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\Installer\\{0240BDFB-2995-4A3F-8C96-18D41282B716}\\Icon0240BDFB3.exe -systray"

"item"="Dell Network Assistant"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digital Line Detect.lnk"

"backup"="C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe "

"item"="Digital Line Detect"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DING!.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\DING!.lnk"

"backup"="C:\\WINDOWS\\pss\\DING!.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\SOUTHW~1\\Ding\\Ding.exe "

"item"="DING!"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax DllCmd 4.0.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\eFax DllCmd 4.0.lnk"

"backup"="C:\\WINDOWS\\pss\\eFax DllCmd 4.0.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\EFAXME~1.0\\J2GDLL~1.EXE /R"

"item"="eFax DllCmd 4.0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu 4.0.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\eFax Tray Menu 4.0.lnk"

"backup"="C:\\WINDOWS\\pss\\eFax Tray Menu 4.0.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\EFAXME~1.0\\J2GTray.exe "

"item"="eFax Tray Menu 4.0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Photo Loader supervisory.lnk"

"backup"="C:\\WINDOWS\\pss\\Photo Loader supervisory.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\CASIO\\PHOTOL~1\\Plauto.exe "

"item"="Photo Loader supervisory"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ewido"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acrotray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AOLSP Scheduler"

"hkey"="HKLM"

"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AOLDial"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="atiptaxx"

"hkey"="HKLM"

"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CTSysVol"

"hkey"="HKLM"

"command"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DSAgnt"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="tfswctrl"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="dlbxmon"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Dell Photo AIO Printer 962\\dlbxmon.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DVDLauncher"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ehtray"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\ehome\\ehtray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AOLSoftware"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\AOL\\1171046360\\ee\\AOLSoftware.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iaanotif"

"hkey"="HKLM"

"command"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ISUSPM"

"hkey"="HKLM"

"command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="issch"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mcagent"

"hkey"="HKLM"

"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="McUpdate"

"hkey"="HKLM"

"command"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mimboot"

"hkey"="HKLM"

"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mm_tray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Rundll32 P17"

"hkey"="HKLM"

"command"="Rundll32 P17.dll,P17Helper"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="P2P Networking"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe /AUTOSTART"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RecoverFromReboot"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\Temp\\RecoverFromReboot.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleToolbarNotifier"

"hkey"="HKCU"

"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hcenter"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Support.com\\BellSouth\\hcenter.exe\" /starthidden /tgcmdwrapper"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="realsched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="sgtray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="UpdReg"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\UpdReg.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="dumprep 0 -u"

"hkey"="HKLM"

"command"="%systemroot%\\system32\\dumprep 0 -u"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mcvsshld"

"hkey"="HKLM"

"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mcmnhdlr"

"hkey"="HKLM"

"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"command"="C:\\Program Files\\Winamp\\winampa.exe"

"inimapping"="0"

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

DisableRegistryTools REG_DWORD 0 (0x0)

 

HKEY_LOCAL_MACHINE\

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\A6CA8A9292D93672.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\DFRG.job

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DG26TC61-Mary Lynn Dahnke).job

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DG26TC61-William M Dahnke).job

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

 

Completion time: Fri 07/06/2007 13:27:44.62

ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

 

ComboFix.2006-08-06.230337.txt

ComboFix.2007-07-06.111336.txt

ComboFix.2007-07-06.132709.txt

Share this post


Link to post
Share on other sites

ok , finally able to rebbot in safe mode. I increased memory to about 50% by backing up the ridiculously large amount of mp3 files I was storing in My Documents. I am only running about 38-39 processes now and all seems well. Here is HJT log and comboFix log from SAFE Mode:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:13:55 AM, on 7/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\SiteAdvisor\6066\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.bellsouth.net/fastaccess/launch.asp

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.youtube.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127935424046

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3913.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

and ComboFix:

 

Start Time= Sat 07/07/2007 0:11:39.59

Running from: C:\Documents and Settings\William M Dahnke\desktop

 

QuickScan did not find any signs of infected files

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-07-06 23:19:34 69632 ( A.... ) "C:\WINDOWS\SYSTEM32\realbap1.dll"

2007-07-06 23:19:34 45568 ( A.... ) "C:\WINDOWS\SYSTEM32\realbsf1.dll"

2007-06-30 21:33:06 ( .D... ) "C:\Documents and Settings\William M Dahnke\Application Data\Musicmatch"

2007-06-30 19:26:24 ( .D... ) "C:\Program Files\Copy of MUSICMATCH"

2007-06-29 19:31:20 ( .D... ) "C:\Program Files\Common Files\Scanner"

2007-06-29 17:27:18 ( .D... ) "C:\Documents and Settings\William M Dahnke\Application Data\DivX"

2007-06-29 17:25:06 ( .D... ) "C:\Program Files\DivX"

2007-06-25 02:33:34 855999 ( A.... ) "C:\Program Files\3ivx_MPEG-4_50_trial_win.zip"

2007-06-24 11:27:54 ( .D... ) "C:\Program Files\musiCutter"

2007-06-24 04:47:22 ( .D... ) "C:\Program Files\AudioConvert"

2007-05-31 01:45:08 524288 ( A.... ) "C:\WINDOWS\SYSTEM32\DivXsm.exe"

2007-05-31 01:44:56 823296 ( A.... ) "C:\WINDOWS\SYSTEM32\divx_xx0c.dll"

2007-05-31 01:44:56 823296 ( A.... ) "C:\WINDOWS\SYSTEM32\divx_xx07.dll"

2007-05-31 01:44:56 802816 ( A.... ) "C:\WINDOWS\SYSTEM32\divx_xx11.dll"

2007-05-31 01:44:56 740442 ( A.... ) "C:\WINDOWS\SYSTEM32\DivX.dll"

2007-05-16 10:12:02 683520 ( A.... ) "C:\WINDOWS\SYSTEM32\inetcomm.dll"

2007-04-25 09:21:16 144896 ( A.... ) "C:\WINDOWS\SYSTEM32\schannel.dll"

2007-04-24 01:07:56 51600 ( A.... ) "C:\WINDOWS\SYSTEM32\RadLightMPCUninstall.exe"

2007-04-22 19:15:30 3596288 ( A.... ) "C:\WINDOWS\SYSTEM32\qt-dx331.dll"

2007-04-22 19:15:26 118520 ( ..... ) "C:\WINDOWS\SYSTEM32\pxinsi64.exe"

2007-04-22 19:15:26 116472 ( ..... ) "C:\WINDOWS\SYSTEM32\pxcpyi64.exe"

2007-04-22 19:15:20 1044480 ( A.... ) "C:\WINDOWS\SYSTEM32\libdivx.dll"

2007-04-22 19:15:20 200704 ( A.... ) "C:\WINDOWS\SYSTEM32\ssldivx.dll"

2007-04-22 19:02:36 196608 ( A.... ) "C:\WINDOWS\SYSTEM32\dtu100.dll"

2007-04-22 19:02:36 73728 ( A.... ) "C:\WINDOWS\SYSTEM32\dpl100.dll"

2007-04-22 19:02:34 53248 ( A.... ) "C:\WINDOWS\SYSTEM32\dpuGUI10.dll"

2007-04-22 19:02:32 593920 ( A.... ) "C:\WINDOWS\SYSTEM32\dpuGUI11.dll"

2007-04-22 19:02:32 344064 ( A.... ) "C:\WINDOWS\SYSTEM32\dpus11.dll"

2007-04-22 19:02:32 294912 ( A.... ) "C:\WINDOWS\SYSTEM32\dpu11.dll"

2007-04-22 19:02:32 294912 ( A.... ) "C:\WINDOWS\SYSTEM32\dpu10.dll"

2007-04-22 19:02:32 57344 ( A.... ) "C:\WINDOWS\SYSTEM32\dpv11.dll"

2007-04-22 19:01:48 124472 ( A.... ) "C:\WINDOWS\SYSTEM32\DivXCodecUpdateChecker.exe"

2007-04-22 19:01:48 12288 ( A.... ) "C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll"

2007-04-18 11:12:24 2854400 ( A.... ) "C:\WINDOWS\SYSTEM32\msi.dll"

2007-04-16 22:47:36 33624 ( A.... ) "C:\WINDOWS\SYSTEM32\wups.dll"

2007-04-16 22:45:54 1710936 ( A.... ) "C:\WINDOWS\SYSTEM32\wuaueng.dll"

2007-04-16 22:45:48 549720 ( A.... ) "C:\WINDOWS\SYSTEM32\wuapi.dll"

2007-04-16 22:45:42 325976 ( A.... ) "C:\WINDOWS\SYSTEM32\wucltui.dll"

2007-04-16 22:45:36 203096 ( A.... ) "C:\WINDOWS\SYSTEM32\wuweb.dll"

2007-04-16 22:45:28 92504 ( A.... ) "C:\WINDOWS\SYSTEM32\cdm.dll"

2007-04-16 22:45:20 53080 ( A.... ) "C:\WINDOWS\SYSTEM32\wuauclt.exe"

2007-04-16 22:45:20 43352 ( A.... ) "C:\WINDOWS\SYSTEM32\wups2.dll"

2007-04-16 22:44:20 271224 ( A.... ) "C:\WINDOWS\SYSTEM32\mucltui.dll"

2007-04-16 22:44:18 208248 ( A.... ) "C:\WINDOWS\SYSTEM32\muweb.dll"

2007-04-16 10:52:54 984576 ( A.... ) "C:\WINDOWS\SYSTEM32\kernel32.dll"

2006-12-06 00:34:30 465919 ( A.... ) "C:\Program Files\flac113b.exe"

2006-12-05 17:10:26 1969400 ( A.... ) "C:\Program Files\DellConnect.exe"

2006-12-04 18:11:28 2380042 ( A.... ) "C:\Program Files\bao0995u.exe"

2006-12-04 18:08:30 4000588 ( A.... ) "C:\Program Files\bao0995.exe"

2006-11-24 12:15:02 8799656 ( A.... ) "C:\Program Files\Azureus_2.5.0.0_Win32.setup.exe"

2006-11-19 19:16:04 559856 ( A.... ) "C:\Program Files\WindowsXP-KB906569-v2-x86-ENU.exe"

2006-10-21 11:20:50 6809451 ( A.... ) "C:\Program Files\HandBrake-0.7.1-OSX.zip"

2006-09-21 16:31:24 3534076 ( A.... ) "C:\Program Files\eMule0.47c-Installer.exe"

2006-09-21 16:19:00 882489 ( A.... ) "C:\Program Files\pg2-050918-nt.exe"

2006-08-06 22:22:50 7980280 ( A.... ) "C:\Program Files\ezi_hnm.exe"

2006-08-06 20:01:14 2311992 ( A.... ) "C:\Program Files\reglite.exe"

2006-08-05 19:12:20 45568 ( A.... ) "C:\Program Files\ATF-Cleaner.exe"

2006-08-05 16:18:48 212849 ( A.... ) "C:\Program Files\hijackthis.zip"

2006-08-05 16:15:58 161714 ( A.... ) "C:\Program Files\startuplist.zip"

2006-08-05 15:03:10 1988486 ( A.... ) "C:\Program Files\ss_install.exe"

2006-08-05 14:30:20 3852888 ( A.... ) "C:\Program Files\spyhunterS.exe"

2006-08-05 10:37:28 2566736 ( A.... ) "C:\Program Files\spywareblastersetup351.exe"

2006-05-30 18:54:32 1474745 ( A.... ) "C:\Program Files\Install-2.0.exe"

2006-05-30 18:48:52 1476859 ( A.... ) "C:\Program Files\Install-2.2.exe"

2006-03-22 12:19:28 11817800 ( A.... ) "C:\Program Files\GoogleEarth.exe"

2006-03-05 09:59:14 6839296 ( A.... ) "C:\Program Files\DingInstall.exe"

2006-02-02 02:01:12 3395904 ( A.... ) "C:\Program Files\BSPROINSTALL.EXE"

2005-12-05 19:42:10 3221104 ( A.... ) "C:\Program Files\msgrplus.exe"

2005-09-20 23:41:30 947213 ( A.... ) "C:\Program Files\Gd30.zip"

2005-08-04 23:42:52 4985856 ( A.... ) "C:\Program Files\DellPSPA521Patch_English.exe"

2005-05-27 12:21:50 2191360 ( A.... ) "C:\Program Files\CD21.EXE"

2005-03-09 15:49:04 843824 ( A.... ) "C:\Program Files\SetupDVDDecrypter_3.5.2.0.exe"

2005-03-03 20:20:20 771758 ( A.... ) "C:\Program Files\SetupDVDDecrypter.exe"

2005-03-03 20:19:34 393128 ( A.... ) "C:\Program Files\SmartRipper2.41.zip"

2005-01-06 05:50:50 5798576 ( A.... ) "C:\Program Files\SkypeSetup.exe"

2004-12-28 23:19:36 3905464 ( A.... ) "C:\Program Files\xlViewer.exe"

2004-12-23 22:18:04 21778872 ( A.... ) "C:\Program Files\iTunesSetup.exe"

 

 

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

 

 

2007-06-24 04:47 28,672 C:\WINDOWS\system32\SmartMenuXP.dll

2007-06-24 04:47 20,480 C:\WINDOWS\system32\VBUTILLight.dll

2007-06-24 04:38 172,032 C:\WINDOWS\system32\MP2enc.dll

2007-05-31 01:45 524,288 C:\WINDOWS\system32\DivXsm.exe

2007-05-31 01:44 823,296 C:\WINDOWS\system32\divx_xx0c.dll

2007-05-31 01:44 823,296 C:\WINDOWS\system32\divx_xx07.dll

2007-05-31 01:44 802,816 C:\WINDOWS\system32\divx_xx11.dll

2007-05-31 01:44 740,442 C:\WINDOWS\system32\DivX.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"MSKDetectorExe"="\"C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe\" /uninstall"

@=""

"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"

"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"

"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"DelayShred"="\"c:\\program files\\mcafee\\mshr\\ShrCL.EXE\" /P7 /q C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\HPEM3D7V\\PURCHA~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\0DSPUZCD\\MM_1_~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\2BQR61QF\\MAIN_1~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\0DSPUZCD\\ALBUMV~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\OGAE3540\\MM_1_~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\O7WNIVC3\\DIALOG~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\UP8NCVAJ\\COOKIE~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\OXHBFIMH\\GRIDFA~1.SH! C:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\TEMPOR~1\\Content.IE5\\2F0VFGLS\\LINKPA~1.SH!"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000002

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,5c,01,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ec,\

03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:01,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

00,00,01,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=hex:91,00,00,00

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=hex:91,00,00,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"

"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Distillr\\acrotray.exe "

"item"="Acrobat Assistant"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Acrobat Speed Launcher.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-0000-7760-000000000002}\\SC_Acrobat.exe "

"item"="Adobe Acrobat Speed Launcher"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"

"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"

"item"="America Online 9.0 Tray Icon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Dell Network Assistant.lnk"

"backup"="C:\\WINDOWS\\pss\\Dell Network Assistant.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\Installer\\{0240BDFB-2995-4A3F-8C96-18D41282B716}\\Icon0240BDFB3.exe -systray"

"item"="Dell Network Assistant"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digital Line Detect.lnk"

"backup"="C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe "

"item"="Digital Line Detect"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DING!.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\DING!.lnk"

"backup"="C:\\WINDOWS\\pss\\DING!.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\SOUTHW~1\\Ding\\Ding.exe "

"item"="DING!"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax DllCmd 4.0.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\eFax DllCmd 4.0.lnk"

"backup"="C:\\WINDOWS\\pss\\eFax DllCmd 4.0.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\EFAXME~1.0\\J2GDLL~1.EXE /R"

"item"="eFax DllCmd 4.0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu 4.0.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\eFax Tray Menu 4.0.lnk"

"backup"="C:\\WINDOWS\\pss\\eFax Tray Menu 4.0.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\EFAXME~1.0\\J2GTray.exe "

"item"="eFax Tray Menu 4.0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Photo Loader supervisory.lnk"

"backup"="C:\\WINDOWS\\pss\\Photo Loader supervisory.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\CASIO\\PHOTOL~1\\Plauto.exe "

"item"="Photo Loader supervisory"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ewido"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acrotray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AOLSP Scheduler"

"hkey"="HKLM"

"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AOLDial"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="atiptaxx"

"hkey"="HKLM"

"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CTSysVol"

"hkey"="HKLM"

"command"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DSAgnt"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="tfswctrl"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="dlbxmon"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Dell Photo AIO Printer 962\\dlbxmon.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DVDLauncher"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ehtray"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\ehome\\ehtray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AOLSoftware"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\AOL\\1171046360\\ee\\AOLSoftware.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iaanotif"

"hkey"="HKLM"

"command"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ISUSPM"

"hkey"="HKLM"

"command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="issch"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mcagent"

"hkey"="HKLM"

"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="McUpdate"

"hkey"="HKLM"

"command"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mimboot"

"hkey"="HKLM"

"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mm_tray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Rundll32 P17"

"hkey"="HKLM"

"command"="Rundll32 P17.dll,P17Helper"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="P2P Networking"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe /AUTOSTART"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RecoverFromReboot"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\Temp\\RecoverFromReboot.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleToolbarNotifier"

"hkey"="HKCU"

"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hcenter"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Support.com\\BellSouth\\hcenter.exe\" /starthidden /tgcmdwrapper"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="realsched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="sgtray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="UpdReg"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\UpdReg.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="dumprep 0 -u"

"hkey"="HKLM"

"command"="%systemroot%\\system32\\dumprep 0 -u"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mcvsshld"

"hkey"="HKLM"

"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mcmnhdlr"

"hkey"="HKLM"

"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"command"="C:\\Program Files\\Winamp\\winampa.exe"

"inimapping"="0"

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

DisableRegistryTools REG_DWORD 0 (0x0)

 

HKEY_LOCAL_MACHINE\

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\A6CA8A9292D93672.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\DFRG.job

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DG26TC61-Mary Lynn Dahnke).job

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DG26TC61-William M Dahnke).job

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

 

Completion time: Sat 07/07/2007 0:12:12.40

ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

 

ComboFix.2006-08-06.230337.txt

ComboFix.2007-07-06.111336.txt

ComboFix.2007-07-06.132709.txt

ComboFix.2007-07-07.001139.txt

 

Whatcha think?

Share this post


Link to post
Share on other sites

Nice Work your log is clean.

 

Please read this Prevention page with lots of info and tips how to prevent this in the future.

http://users.telenet.be/bluepatchy/miekiem...prevention.html

 

But you still have some work to do.

 

The combofix as reported that your Java is out dated and vulnerable to infection, please update.

 

Updating Java

  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

=*=

 

Remove what is left from a LOP infection.

 

Download: Microsoft Task Scheduler Command Line Utility from http://mvps.org/winhelp2002/jt.zip

 

Unzip and copy jt.exe to your C:\Windows folder.

 

Open Notepad, copy and paste the text below and "Save As" KillJobs.bat

In the "Save as type" select: All Files

 

@echo off

jt /sd A6CA8A9292D93672.job

Copy KillJobs.bat to your C:\Windows folder.

Double-click on "KillJobs.bat"

(when prompted, allow the file to run)

If you need help on "How to Make a .Bat File"

See: http://www.nellie2.co.uk/file.htm

 

=*=

 

Let me know what problem persists.

Share this post


Link to post
Share on other sites

Bump

Share this post


Link to post
Share on other sites
:scratchhead: ok did as instructed Double-clicked on batch file and the DOS screen appeared for a second or two. .All 3 items (notepad file with Quote, jt.exe, and killJobs.bat on C:\windows folder). But I was never "prompted to allow file to run". I read the instructions on http://www.nellie2.co.uk/file.htm. I'm sure I followd insructions correctly, because batch file was created. I left all 3 files in C:\Windows . Just curious why I never got the prompt to run file???

Share this post


Link to post
Share on other sites

This will tell me if the instructions were executed.

 

Download Deljob.exe and save it on your desktop.

Doubleclick Deljob.exe.

 

A log, (logit.txt) should open afterwards. This log will be present on your desktop

Post the contents of the logfile in your next reply

Share this post


Link to post
Share on other sites

Okey dokey done & done. Thanks for all you help, I sill make a PAYPAL donation today, is it tacky for me to ask what is average donation. Thanks again. I feel better now. Also what desktop player do you use or recommend?? I have loved MusicMatch but Yahoo is taking them over and the new Yahoo Juke Box is the worst program EVER! No tagging, no artwork capabilities,No supertagging, poor file migration and refusing licences on downloaded music I already paid for. Suggestions?

 

Again, thanks! Michael Dahnke :cool:

 

 

 

 

 

 

 

--------------------------------------------------------

No LOP jobs found

--------------------------------------------------------

Files remaining after cleaning

 

AppleSoftwareUpdate.job

DFRG.job

McAfee.com Scan for Viruses - My Computer (DG26TC61-Mary Lynn Dahnke).job

McAfee.com Scan for Viruses - My Computer (DG26TC61-William M Dahnke).job

McDefragTask.job

McQcTask.job

--------------------------------------------------------

App data folders

 

Volume in drive C has no label.

Volume Serial Number is A80A-F955

 

Directory of C:\Documents and Settings\William M Dahnke\Application Data

 

06/30/2007 09:33 PM <DIR> .

06/30/2007 09:33 PM <DIR> ..

02/02/2007 12:35 AM <DIR> Adobe

02/02/2007 01:53 AM <DIR> AdobeUM

03/25/2005 01:19 AM <DIR> Ahead

09/20/2005 08:05 PM <DIR> AOL

05/26/2007 06:36 AM <DIR> APPLEC~1 Apple Computer

12/12/2006 02:22 AM <DIR> Azureus

04/23/2007 04:37 PM <DIR> Corel

05/31/2006 03:37 AM <DIR> CR120TWN

05/31/2006 03:37 AM <DIR> CR330TWN

09/27/2005 03:48 PM <DIR> Creative

11/10/2005 10:24 PM <DIR> CYBERL~1 CyberLink

06/29/2007 05:27 PM <DIR> DivX

12/05/2005 08:31 PM <DIR> EFAXME~1 eFax Messenger

09/06/2006 01:08 PM <DIR> Google

04/09/2007 05:41 PM <DIR> Gtek

12/23/2004 07:39 AM <DIR> Help

12/17/2004 02:03 PM <DIR> IDENTI~1 Identities

03/26/2007 12:03 AM <DIR> INSTAL~1 InstallShield

01/10/2005 11:51 AM <DIR> LEADER~1 Leadertech

02/17/2005 09:47 AM <DIR> MACROM~1 Macromedia

03/05/2007 10:20 AM <DIR> McAfee

12/23/2004 07:37 AM <DIR> McAfee.com

03/17/2007 03:04 AM <DIR> MICROS~1 Microsoft

06/30/2007 09:33 PM <DIR> MUSICM~1 Musicmatch

09/21/2005 02:08 AM <DIR> Real

02/21/2007 11:30 PM <DIR> SITEAD~1 SiteAdvisor

11/24/2006 10:49 PM <DIR> Skype

01/10/2005 11:51 AM <DIR> Sonic

01/26/2007 04:41 AM <DIR> STYLES~1 Style Soap

12/17/2004 03:06 PM <DIR> Sun

03/16/2007 10:55 PM <DIR> VIEWPO~1 Viewpoint

11/13/2006 08:26 PM <DIR> XnView

10/31/2005 08:20 AM <DIR> yahoo!

0 File(s) 0 bytes

35 Dir(s) 30,393,716,736 bytes free

Volume in drive C has no label.

Volume Serial Number is A80A-F955

 

Directory of C:\Documents and Settings\All Users\Application Data

 

06/30/2007 07:23 PM <DIR> .

06/30/2007 07:23 PM <DIR> ..

02/22/2007 08:52 AM <DIR> Adobe

10/05/2005 04:55 PM <DIR> ADOBES~1 Adobe Systems

02/09/2007 01:39 PM <DIR> AOL

02/02/2007 12:19 AM <DIR> APPLEC~1 Apple Computer

12/22/2004 11:50 PM <DIR> BVRPSO~1 BVRP Software

05/24/2005 09:00 AM <DIR> Dell

12/17/2004 02:01 PM <DIR> DIGSTR~1 DIGStream

07/08/2007 06:25 AM <DIR> DVDSHR~1 DVD Shrink

09/05/2006 07:04 AM <DIR> Google

09/20/2005 09:51 PM <DIR> GTek

12/17/2004 03:14 PM <DIR> INSTAL~1 InstallShield

06/06/2007 08:57 PM <DIR> McAfee

02/21/2007 09:25 PM <DIR> McAfee.com

03/17/2007 02:37 AM <DIR> MICROS~1 Microsoft

12/22/2004 11:59 PM <DIR> Motive

01/26/2007 04:41 AM <DIR> PopCap

07/07/2005 05:24 PM <DIR> QUICKT~1 QuickTime

12/17/2004 02:01 PM <DIR> SBSI

02/21/2007 10:35 PM <DIR> SITEAD~1 SiteAdvisor

03/05/2006 10:34 AM <DIR> SOUTHW~1 Southwest Airlines

03/23/2007 02:00 AM <DIR> SPYBOT~1 Spybot - Search & Destroy

12/23/2004 12:39 AM <DIR> Support.com

09/18/2006 05:51 PM <DIR> Trymedia

02/14/2007 11:41 AM <DIR> VIEWPO~1 Viewpoint

09/21/2005 03:33 AM <DIR> WINDOW~1 Windows Genuine Advantage

01/26/2007 04:41 AM <DIR> WMADOG~1 wmadogjunkmeow

06/30/2007 07:23 PM <DIR> YAHOO

10/31/2005 08:20 AM <DIR> yahoo!

02/08/2007 11:53 AM <DIR> YAHOO!~1 Yahoo! Companion

0 File(s) 0 bytes

31 Dir(s) 30,393,712,640 bytes free

--------------------------------------------------------

Share this post


Link to post
Share on other sites
Thanks for all you help, I sill make a PAYPAL donation today, is it tacky for me to ask what is average donation. Thanks again. I feel better now. Also what desktop player do you use or recommend??

 

I would not know, I'm a volunteer here and the money goest for the maintenance of the site.

 

Never had a desktop player, I just have Windows media player and use it only to view what my friends are sending me.

 

You are clean of the LOP infection. Nice work.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0