Restart your PC, and after it starts, but before you see the Windows Splash screen Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices) Use your arrow keys and select Safe Mode and then Enter
3. Close all Internet Explorer Windows and Run FakeAlertFix
Double click the fakealertfix.Zip file to unzip it. Open the FakeAlertFix Folder Double Click FakeAlertFix.vbe to run the program Then Select O.K. at the prompt Allow the program to run (Your desktop will disappear, then re-appear. This is normal) When it is finished it wil produce a log C:\FakeAlertFix.txt Copy and paste the results of that log in your reply
4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log. As well as the C:\FakeAlertfix.txt log
Note: you may have to post the results in more than one reply
Some new symptoms have occured. When i try to open a program it asks to choose the program associated with the file, even though it is a program i'm clicking on.
HTL:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:47 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Some new symptoms have occured. When i try to open a program it asks to choose the program associated with the file, even though it is a program i'm clicking on.
Sounds like a file association issue, maybe damaged by the infection. lets do this
Go HERE and Download System Repair Engine by smallfrogs
Select Local download 1 or 2
Save it to your Desktop Rt Click sreng2.zip->>Extract all->>Extract it to your desktop Open the sreng folder Double click SREng->>Click Run At the main Window, in the left Pane,Select Smart Scan At the next window make sure all of the boxes are checked and Select Scan When the scan is complete Select Save reports Save it to your desktop and Close the tool Double Click SREngLog.txt copy and paste that log as a reply to this thread
Do not run any other options with this tool unless instructed to do so.
You may have to post the results in more than one reply
The log that is produced from the system repair engine will most likely be about 10 to 12 posts. Is there a specific portion i should send or should I make that many replys? Please advise.
Here is the beginning of the log up to the file associations (3posts). Everything after the file association is hosts files. Let me know if you need to see those. There are like a million. Thanks for the help!!
2008-01-11,11:27:48
System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan
[McAfee Personal Firewall Service / MpfService][Running/Auto Start] "C:\Program Files\McAfee\MPF\MPFSrv.exe"> [McAfee Privacy Service / MPS9][Stopped/Auto Start]
Here is the log starting with file associations. I think there will be 9 posts
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. ["C:\WINDOWS\trayicons.exe" exec "%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. ["C:\WINDOWS\trayicons.exe" exec "%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
That seemed to work pretty well. The only thing that doesn't work is when i double click on the C: drive in My computer, it still asks me to associate a program with it, but all other programs, icons, shortcuts seem to be working. I looked at the new SRE2 log and this is the part we may be concerned about:
Also, the Mcafee is finding and blocking a buffer overflow at file: C:\Windows\system32\services.exe.
Here is the new SRE2 log from File associations to the end:
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
I want to stay out of any boot files. We are going to attack this another way
1. Open Notepad (Not Wordpad) Select Edit and uncheck Wordwrap Copy and paste the following into Notepad (Making sure there is no space between the top of the window and the first line)
After you copy and paste it your cursor should be at the end of the first line Hit Enterso your cursor is under the last line
Click File->> Save as->>type in fix.reg->> Under " Save as type" Select " All Files"->> save it to your Desktop Close Notepad
The fix.reg file should now appear on your Desktop (If it saved properly it will look like a stack of small blue blocks)
Rt Click and Select merge->>If prompted to Merge this Select Yes (it will appear that nothing has happened but that's o.k.)
2. Rerun SRE2 (or SREPS)
In the left pane Select "System Repair" In the Right pane under the Windows Shell \ IE tab place checks beside the following entries
Show properties for the context menu on My Computer Show properties for the context menu on My Documents Enable changing My Documents path Enable changing My Pictures path Enable changing My Music path Enable changing My Favourites path Enable using DOS programs Show drives in My Computer Show Start--Log off Enable using Folder Options Show Search Button Enable right clicking in Windows Explorer and System Tray
Then Select the Repair button Close SRE and reboot your PC
I did exactly what you said, the computer booted very slowly that time, and it still asks me to associate a program when I double click on the C: Drive and still getting buffer overflow errors with McAfee. Below is the log of a new scan from file associations to end.
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
O.k. I have a feeling there is something else we are not seeing yet. Let's do this
1. Open Notepad (Not Wordpad) Select Edit and uncheck Wordwrap Copy and paste the following into Notepad (Making sure there is no space between the top of the window and the first line)
After you copy and paste it your cursor should be at the end of the first line Hit Enterso your cursor is under the last line
Click File->> Save as->>type in fix.reg->> Under " Save as type" Select " All Files"->> save it to your Desktop Close Notepad
The fix.reg file should now appear on your Desktop (If it saved properly it will look like a stack of small blue blocks)
Rt Click and Select merge->>If prompted to Merge this Select Yes (it will appear that nothing has happened but that's o.k.) See if that resolves your C:\Drive issue
2. Please download Combofix and save to your desktop:
Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
I merged the fix.reg file, and still having the same issue with the c: drive and also the buffer overflow. I right clicked on the combofix link you had in your last post and saved the link to my desktop. When I double clicked the program a window came up with a blue background and repeated the same sentence over and over in multiple new windows. It said "the system cannot find the specified file"
bamajim
10.4K Posts
0
January 10th, 2008 18:00
1. Go HERE and download FakeAlertFix
Save it to your Desktop. But do not run it yet.
2. Reboot into Safe Mode
This can be done by
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
3. Close all Internet Explorer Windows and Run FakeAlertFix
Open the FakeAlertFix Folder
Double Click FakeAlertFix.vbe to run the program
Then Select O.K. at the prompt
Allow the program to run (Your desktop will disappear, then re-appear. This is normal)
When it is finished it wil produce a log C:\FakeAlertFix.txt
Copy and paste the results of that log in your reply
4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log.
As well as the C:\FakeAlertfix.txt log
Note: you may have to post the results in more than one reply
"The world is what you make of it"
KRodriguez
23 Posts
0
January 11th, 2008 00:00
HTL:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:47 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
c:\program files\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FE4ECF4-AEAD-4078-B7BE-E823DE66D903}: NameServer = 66.7.224.17,66.7.224.18
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9611 bytes
========================================
FakeAlertFix
Version 1.5.4
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\trayicons.exe Found!
C:\WINDOWS\trayicons.exe Deleted!
========================================
Values under HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\winav.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe
========================================
FakeAlertFix
Version 1.5.4
By bamajim @ CastleCops.com
========================================
========================================
Values under HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\winav.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe
========================================
FakeAlertFix
Version 1.5.4
By bamajim @ CastleCops.com
========================================
========================================
Values under HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\winav.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe
bamajim
10.4K Posts
0
January 11th, 2008 12:00
Good work so far.
A little cleanup left
Some new symptoms have occured. When i try to open a program it asks to choose the program associated with the file, even though it is a program i'm clicking on.
Sounds like a file association issue, maybe damaged by the infection. lets do this
Go HERE and Download System Repair Engine by smallfrogs
Select Local download 1 or 2
Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
Open the sreng folder
Double click SREng->>Click Run
At the main Window, in the left Pane,Select Smart Scan
At the next window make sure all of the boxes are checked and Select Scan
When the scan is complete Select Save reports
Save it to your desktop and Close the tool
Double Click SREngLog.txt copy and paste that log as a reply to this thread
Do not run any other options with this tool unless instructed to do so.
You may have to post the results in more than one reply
"The world is what you make of it"
KRodriguez
23 Posts
0
January 11th, 2008 18:00
bamajim
10.4K Posts
0
January 12th, 2008 00:00
"The world is what you make of it"
KRodriguez
23 Posts
0
January 12th, 2008 13:00
KRodriguez
23 Posts
0
January 12th, 2008 13:00
[SigmaTel C-Major Audio / STAC97][Running/Manual Start]
[symc810 / symc810][Stopped/Disabled]
\SystemRoot\system32\DRIVERS\symc810.sys>
[symc8xx / symc8xx][Stopped/Disabled]
\SystemRoot\system32\DRIVERS\symc8xx.sys>
[sym_hi / sym_hi][Stopped/Disabled]
\SystemRoot\system32\DRIVERS\sym_hi.sys>
[sym_u3 / sym_u3][Stopped/Disabled]
\SystemRoot\system32\DRIVERS\sym_u3.sys>
[tfsnboio / tfsnboio][Running/Auto Start]
[tfsncofs / tfsncofs][Running/Auto Start]
[tfsndrct / tfsndrct][Running/Auto Start]
[tfsndres / tfsndres][Running/Auto Start]
[tfsnifs / tfsnifs][Running/Auto Start]
[tfsnopio / tfsnopio][Running/Auto Start]
[tfsnpool / tfsnpool][Running/Auto Start]
[tfsnudf / tfsnudf][Running/Auto Start]
[tfsnudfa / tfsnudfa][Running/Auto Start]
[TosIde / TosIde][Stopped/Disabled]
\SystemRoot\system32\DRIVERS\toside.sys>
[ultra / ultra][Stopped/Disabled]
\SystemRoot\system32\DRIVERS\ultra.sys>
[ViaIde / ViaIde][Stopped/Disabled]
\SystemRoot\system32\DRIVERS\viaide.sys>
[Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP / w29n51][Running/Manual Start]
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
A>
[winachsf / winachsf][Running/Manual Start]
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
==================================
Browser Add-ons
[Yahoo! Companion BHO]
{02478D38-C3F9-4efb-9B51-7695ECA05670}
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[]
{089FD14D-132B-48FC-8861-0048AE113215}
[]
{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F}
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890}
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7}
[CPub Object]
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
[]
{2499216C-4BA5-11D5-BD9C-000103C116D5}
[]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
[PacificPoker]
{94EDF7B4-4272-4af3-8F8B-4E2F68E225B7}
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
[Spybot-S&D IE Protection]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683}
[&Yahoo! Companion]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
[McAfee SiteAdvisor]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
[Microsoft Outlook 8.0 Object Library]
{0006F033-0000-0000-C000-000000000046} , N/A>
[Microsoft Office Outlook]
{0006F03A-0000-0000-C000-000000000046} , N/A>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}
[Yahoo! Companion BHO]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[]
{089FD14D-132B-48FC-8861-0048AE113215}
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
[Windows Script Host Network Object]
{093FF999-1EA0-4079-9525-9614C3504B74}
[McAfee SiteAdvisor]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
[]
{2499216C-4BA5-11D5-BD9C-000103C116D5}
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13}
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69}
[&Yahoo! Messenger]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} %SystemRoot%\system32\msxml3.dll, N/A>
[]
{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436}
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F}
[InstallShield Update Service Agent]
{5B7524C8-2446-40E9-9474-94A779DBA224}
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890}
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C}
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2}
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062}
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7}
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389}
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} %SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36}
[CPub Object]
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
[Adobe Acrobat 7.0 Browser Document]
{CA8A9780-280D-11CF-A24D-444553540000}
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127}
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127}
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
[]
{D27987B8-7244-4DE0-AE10-39B826B492F1} A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21}
[InstallShield Update Service Agent]
{E9880553-B8A7-4960-A668-95C68BED571E}
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} %SystemRoot%\system32\msxml3.dll, N/A>
[&Yahoo! Companion]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} %SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} %SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} %SystemRoot%\system32\msxml3.dll, N/A>
[&Google Search]
/c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[&Translate English Word]
/c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[Backward Links]
/c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
/c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[E&xport to Microsoft Excel]
/C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[Similar Pages]
/c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[Translate Page into English]
/c:\program files\google\GoogleToolbar2.dll/cmtrans.html, N/A>
[Yahoo! Dictionary]
//C:\Program Files\Yahoo!\Common/ycdict.htm, N/A>
[Yahoo! Search]
//C:\Program Files\Yahoo!\Common/ycsrch.htm, N/A>
==================================
Running Processes
[PID: 960 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Intel\Wireless\Bin\LgNotify.dll] [Intel Corporation, 9, 0, 1, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4020]
[PID: 1128 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1140 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1372 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1452 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1488 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1580 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] [Intel Corporation, 9, 0, 1, 12]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[PID: 1608 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] [Intel Corporation , 9, 0, 1, 41]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[PID: 1640 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe] [Intel® Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 9, 0, 1, 45]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 9, 0, 1, 54]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 9, 0, 1, 7]
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] [Intel Corporation, 9, 0, 1, 31]
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] [Intel Corporation, 9, 0, 1, 1]
[PID: 1780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1812 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 244 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe] [Lavasoft AB, 7, 0, 2, 5]
[C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll] [Lavasoft AB, 7, 0, 2, 3]
[C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll] [PKWARE, Inc., 8.4.219.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll] [, 7, 0, 1, 3]
[PID: 916 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 1880 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2700.2230 built by: private/xpsp_mce_qfe(wmbla)]
[C:\WINDOWS\system32\sbe.dll] [, ]
[C:\WINDOWS\system32\quartz.dll] [, ]
[C:\WINDOWS\system32\devenum.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 1936 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2700.2180 (private/xpsp_mce.040810-0205)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2004 / SYSTEM][C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe] [McAfee, Inc., 8.3.105.0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll] [McAfee, Inc., 8.3.105.0]
[PID: 2040 / SYSTEM][C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,2,112,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\msc\mcdbmgr.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,2,142,0]
[PID: 400 / Keith Rodriguez][C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe] [Intel Corporation, 9, 0, 1, 45]
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 9, 0, 1, 45]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 9, 0, 1, 54]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 9, 0, 1, 7]
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] [Intel Corporation, 9, 0, 1, 31]
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] [Intel Corporation, 9, 0, 1, 1]
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] [N/A, ]
[c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[PID: 636 / Keith Rodriguez][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PRO
KRodriguez
23 Posts
0
January 12th, 2008 13:00
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. ["C:\WINDOWS\trayicons.exe" exec "%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. ["C:\WINDOWS\trayicons.exe" exec "%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
[C:\]
[autorun]
open=
shell\open=Îòêðûòü
shell\open\Command=C01FE9D0.exe
shell\open\Default=1
==================================
HOSTS File
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 1001-search.info
127.0.0.1 www.1001-search.info
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 139mm.com
127.0.0.1 www.139mm.com
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 181.365soft.info
127.0.0.1 www.181.365soft.info
127.0.0.1 1987324.com
127.0.0.1 www.1987324.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1-extreme.biz
127.0.0.1 www.1-extreme.biz
127.0.0.1 1sexparty.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 2.82211.net
127.0.0.1 www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 2020search.com
127.0.0.1 www.2020search.com
127.0.0.1 20x2p.com
127.0.0.1 24.365soft.info
127.0.0.1 www.24.365soft.info
127.0.0.1 24-7pharmacy.info
127.0.0.1 www.24-7pharmacy.info
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 24teen.com
127.0.0.1 www.24teen.com
127.0.0.1 2every.net
127.0.0.1 www.2every.net
127.0.0.1 2ndpower.com
127.0.0.1 2search.com
127.0.0.1 www.2search.com
127.0.0.1 2search.org
127.0.0.1 www.2search.org
127.0.0.1 2squared.com
127.0.0.1 www.2squared.com
127.0.0.1 3322.org
127.0.0.1 www.3322.org
127.0.0.1 365soft.info
127.0.0.1 36site.com
127.0.0.1 www.36site.com
127.0.0.1 3721.com
127.0.0.1 39-93.com
127.0.0.1 3abetterinternet.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 3bay.it
127.0.0.1 www.3bay.it
127.0.0.1 3ebay.it
127.0.0.1 www.3ebay.it
127.0.0.1 404dns.com
127.0.0.1 www.404dns.com
127.0.0.1 4199.com
127.0.0.1 www.4199.com
127.0.0.1 4corn.net
127.0.0.1 www.4corn.net
127.0.0.1 4ebay.it
127.0.0.1 www.4ebay.it
127.0.0.1 4klm.com
127.0.0.1 4repubblica.it
127.0.0.1 www.4repubblica.it
127.0.0.1 4softget.com
127.0.0.1 www.4softget.com
127.0.0.1 5iscali.it
127.0.0.1 www.5iscali.it
127.0.0.1 5repubblica.it
127.0.0.1 www.5repubblica.it
127.0.0.1 5starvideos.com
127.0.0.1 www.5starvideos.com
127.0.0.1 5tiscali.it
127.0.0.1 www.5tiscali.it
127.0.0.1 5zgmu7o20kt5d8yq.com
127.0.0.1 www.5zgmu7o20kt5d8yq.com
127.0.0.1 6iscali.it
127.0.0.1 www.6iscali.it
127.0.0.1 6sek.com
127.0.0.1 www.6sek.com
127.0.0.1 6tiscali.it
127.0.0.1 www.6tiscali.it
127.0.0.1 7322.com
127.0.0.1 www.7322.com
127.0.0.1 75tz.com
127.0.0.1 777search.com
127.0.0.1 www.777search.com
127.0.0.1 777top.com
127.0.0.1 www.777top.com
127.0.0.1 7939.com
127.0.0.1 www.7939.com
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
127.0.0.1 82211.net
127.0.0.1 8866.org
127.0.0.1 888.com
127.0.0.1 www.888.com
127.0.0.1 8ad.com
127.0.0.1 www.8ad.com
127.0.0.1 9505.com
127.0.0.1 www.9505.com
127.0.0.1 971searchbox.com
127.0.0.1 www.971searchbox.com
127.0.0.1 a.bestmanage.org
127.0.0.1 aaasexypics.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 aavc.com
127.0.0.1 abc-find.info
127.0.0.1 www.abc-find.info
127.0.0.1 abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 abnetsoft.info
127.0.0.1 www.abnetsoft.info
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 absolutee.com
127.0.0.1 www.absolutee.com
127.0.0.1 abyssmedia.com
127.0.0.1 www.abyssmedia.com
127.0.0.1 ac66.cn
127.0.0.1 www.ac66.cn
127.0.0.1 access.Navinetwork.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 accessactivexvideo.com
127.0.0.1 www.accessactivexvideo.com
KRodriguez
23 Posts
0
January 12th, 2008 13:00
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8]
[c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4020]
[C:\Program Files\Yahoo!\common\ymmapi.dll] [Yahoo! Inc., 2003, 7, 12, 1]
[c:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,2,121,0]
[PID: 736 / SYSTEM][c:\program files\common files\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,2,112,0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 1,2,108,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,2,108,0]
[c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[c:\program files\mcafee\msc\mcregobj\7,2,142,0\mcregobj.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\msc\mcmismgr.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll] [McAfee, Inc., 7,2,147,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,2,108,0]
[PID: 772 / Keith Rodriguez][C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe] [Intel, 9, 0, 1, 33]
[C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll] [Meetinghouse Data Communications, 3, 0, 0, 40]
[C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] [N/A, ]
[PID: 988 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe] [McAfee, Inc., 11,2,121,0]
[c:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,2,121,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,2,121,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\program files\mcafee\virusscan\mcodsps.dll] [McAfee, Inc., 11,2,121,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsscan.dll] [McAfee, Inc., 11,2,133,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 11,2,134,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mytilus2.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., VSCORE.13.3.2.116]
[C:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.2.00]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll] [McAfee, Inc., 11,2,127,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll] [McAfee, Inc., 11,2,127,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\ftl.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[PID: 1064 / SYSTEM][C:\PROGRA~1\McAfee\MSC\mcpromgr.exe] [McAfee, Inc., 7,2,142,0]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,2,112,0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll] [McAfee, Inc., 7,2,147,0]
[c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[c:\program files\mcafee\msc\mcprotpv.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,2,108,0]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\mps\mpsmisp.dll] [McAfee, Inc., 9.2.134.0]
[c:\PROGRA~1\mcafee\mps\mpsver.dll] [McAfee, Inc., 9.2.134.0]
[c:\PROGRA~1\COMMON~1\mcafee\mcproxy\proxyver.dll] [McAfee, Inc., 1,2,138,0]
[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirver.dll] [McAfee, Inc., 1,3,109,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 11,2,121,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll] [McAfee, Inc., 11,2,132,0]
[c:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll] [McAfee, Inc., 11,2,206,0]
[c:\program files\mcafee\msc\mcmscver.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mcnmcver.dll] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\mcafee\mqc\qcmisp.dll] [McAfee, Inc., 7,2,115,0]
[c:\PROGRA~1\mcafee\mqc\QcLite.dll] [McAfee, Inc., 7,2,119,0]
[c:\program files\mcafee\msk\mskmisp.dll] [McAfee Inc., 8.2.125.0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.2.118.0]
[c:\program files\mcafee\virusscan\mcvspp.dll] [McAfee, Inc., 11,2,121,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 11,2,134,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll] [McAfee, Inc., 11,2,127,0]
[c:\PROGRA~1\mcafee\msc\mcnmcprv.dll] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,2,108,0]
[c:\program files\mcafee\mpf\mc\mpfp.dll] [McAfee, Inc., 8.2.118.0]
[PID: 1312 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe] [McAfee, Inc., 1,2,138,0]
[c:\PROGRA~1\mcafee\msk\mcadaptr.dll] [McAfee Inc., 8.2.137.0]
[c:\PROGRA~1\mcafee\mps\mpsppm.dll] [McAfee, Inc., 9.2.134.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\msk\mskp3plg.dll] [McAfee Inc., 8.2.125.0]
[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll] [McAfee, Inc., 1,3,109,0]
[c:\PROGRA~1\mcafee\msk\McAPFilt.dll] [McAfee Inc., 8.2.134.0]
[c:\PROGRA~1\mcafee\msk\MSKSet.dll] [McAfee Inc., 8.2.125.0]
[PID: 1836 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe] [McAfee, Inc., 1,3,109,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll] [McAfee, Inc., 8.3.105.0]
[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll] [McAfee, Inc., 1,3,109,0]
[PID: 1884 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., VSCORE.13.3.2.116]
[C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll] [McAfee, Inc., 11,2,127,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll] [McAfee, Inc., 11,2,127,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll] [McAfee, Inc., 11,2,127,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 11,2,134,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll] [McAfee, Inc., 11,2,127,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll] [McAfee, Inc., 11,2,127,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,2,121,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.2.00]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll] [McAfee, Inc., 7,2,147,0]
[PID: 424 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe] [McAfee, Inc., 11,2,131,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,2,121,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll] [McAfee, Inc., 8.3.105.0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 11,2,134,0]
[c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll] [McAfee, Inc., 7,2,147,0]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll] [McAfee, Inc., 11,2,127,0]
[PID: 612 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 588 / SYSTEM][C:\Program Files\McAfee\MPF\MPFSrv.exe] [McAfee, Inc., 8.2.122.0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll] [McAfee, Inc., 8.3.105.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.2.118.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfaltps.dll] [McAfee, Inc., 8.2.118.0]
[PID: 112 / SYSTEM][C:\Program Files\McAfee\MSK\MskSrver.exe] [McAfee Inc., 8.2.125.0]
[c:\PROGRA~1\mcafee\msk\mskengn.dll] [McAfee Inc., 8.2.139.0]
[c:\PROGRA~1\mcafee\msk\mskwm.dll] [McAfee Inc., 8.2.125.0]
[c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSK\MSKSet.dll] [McAfee Inc., 8.2.125.0]
[PID: 1028 / SYSTEM][C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe] [Dell Inc., 1, 0, 0, 1]
[PID: 444 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] [Intel Corporation, 9, 0, 1, 10]
[PID: 2380 / SYSTEM][C:\Program Files\Dell Support Center\bin\sprtsvc.exe] [SupportSoft, Inc., 7.0.585.0]
[C:\Program Files\Dell Support Center\bin\sprtsched.dll] [SupportSoft, Inc., 7.0.585.0]
[C:\Program Files\Dell Support Center\bin\sprtfod.dll] [SupportSoft, Inc., 7.0.585.0]
[C:\Program Files\Dell Support Center\bin\LIBEAY32.dll] [The OpenSSL Project, http://www.openssl.org/, 0.9.8b]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Dell Support Center\bin\sprtsync.dll] [SupportSoft, Inc., 7.0.585.0]
[C:\Program Files\Dell Support Center\bin\sprtupdate.dll] [SupportSoft, Inc., 7.0.585.0]
[c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[PID: 2452 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2676 / Keith Rodriguez][C:\PROGRA~1\mcafee.com\agent\mcagent.exe] [McAfee, Inc., 7,2,142,0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[c:\program files\mcafee\msc\mcsubmgr\7,2,147,0\mcsubmgr.dll] [McAfee, Inc., 7,2,147,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\msc\mcuicfg.dll] [McAfee, Inc., 7,2,142,0]
[PID: 3876 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1424 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3548 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2900 / Keith Rodriguez][C:\PROGRA~1\MOZILL~2\FIREFOX.EXE] [Mozilla Corporation, 1.8.1.11: 2007112718]
[C:\PROGRA~1\MOZILL~2\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\PROGRA~1\MOZILL~2\nspr4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\PROGRA~1\MOZILL~2\xpcom_core.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\PROGRA~1\MOZILL~2\plc4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\PROGRA~1\MOZILL~2\plds4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\PROGRA~1\MOZILL~2\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\PROGRA~1\MOZILL~2\nss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\PROGRA~1\MOZILL~2\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\PROGRA~1\MOZILL~2\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\PROGRA~1\MOZILL~2\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\PROGRA~1\MOZILL~2\components\myspell.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\PROGRA~1\MOZILL~2\components\jar50.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\PROGRA~1\MOZILL~2\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.64]
[C:\PROGRA~1\MOZILL~2\components\spellchk.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll] [, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1264 / Keith Rodriguez][c:\program files\mcafee\msc\mcuimgr.exe] [McAfee, Inc., 7,2,142,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[PID: 3420 / Keith Rodriguez][c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe] [McAfee, Inc., 11,2,121,0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\PROGRA~1\McAfee\MSC\McAltLib.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\virusscan\mcodsps.dll] [McAfee, Inc., 11,2,121,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll] [McAfee, Inc., 11,2,127,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll] [McAfee, Inc., 11,2,127,0]
[c:\program files\mcafee\msc\mcuicfg.dll] [McAfee, Inc., 7,2,142,0]
[c:\program files\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,2,142,0]
[c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[PID: 4028 / Keith Rodriguez][C:\Documents and Settings\Keith Rodriguez\Desktop\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Documents and Settings\Keith Rodriguez\Desktop\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
bamajim
10.4K Posts
0
January 12th, 2008 23:00
O.K. Let's see if we can reset this
1. Rerun SRE2
In the Right pane under the File Association tab
Place checks in the boxes beside the following associations
.scr
Then Select the Repair Button
Then In the right Pane, under the Hosts file tab Select Reset
Then yes to confirm you want to reset the hosts file.
Close SRE2 ->> Reboot your PC ->> Rerun SRE2 and make sure the errors are gone in the file Association section. Then replay with the results.
"The world is what you make of it"
flea2402
35 Posts
0
January 13th, 2008 15:00
Autorun.Inf
[C:\]
[autorun]
open=
shell\open=Îòêðûòü
shell\open\Command=C01FE9D0.exe
shell\open\Default=1
Also, the Mcafee is finding and blocking a buffer overflow at file: C:\Windows\system32\services.exe.
Here is the new SRE2 log from File associations to the end:
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
[C:\]
[autorun]
open=
shell\open=Îòêðûòü
shell\open\Command=C01FE9D0.exe
shell\open\Default=1
==================================
HOSTS File
127.0.0.1 localhost
==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2020, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2244, C:\PROGRAM FILES\DELL\NICCONFIGSVC\NICCONFIGSVC.EXE]
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
[/CODE]
bamajim
10.4K Posts
0
January 14th, 2008 13:00
I want to stay out of any boot files. We are going to attack this another way
1. Open Notepad (Not Wordpad)
Select Edit and uncheck Wordwrap
Copy and paste the following into Notepad
(Making sure there is no space between the top of the window and the first line)
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft ]
DiskCheck=-
After you copy and paste it your cursor should be at the end of the first line
Hit Enter so your cursor is under the last line
Under " Save as type" Select " All Files"->> save it to your Desktop
Close Notepad
The fix.reg file should now appear on your Desktop (If it saved properly it will look like a stack of small blue blocks)
Rt Click and Select merge->>If prompted to Merge this Select Yes (it will appear that nothing has happened but that's o.k.)
2. Rerun SRE2 (or SREPS)
In the Right pane under the Windows Shell \ IE tab
place checks beside the following entries
Show properties for the context menu on My Documents
Enable changing My Documents path
Enable changing My Pictures path
Enable changing My Music path
Enable changing My Favourites path
Enable using DOS programs
Show drives in My Computer
Show Start--Log off
Enable using Folder Options
Show Search Button
Enable right clicking in Windows Explorer and System Tray
Then Select the Repair button
Close SRE and reboot your PC
Reply with the results
"The world is what you make of it"
Message Edited by bamajim on 01-14-2008 09:44 AM
KRodriguez
23 Posts
0
January 14th, 2008 22:00
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
[C:\]
[autorun]
open=
shell\open=Îòêðûòü
shell\open\Command=C01FE9D0.exe
shell\open\Default=1
==================================
HOSTS File
127.0.0.1 localhost
==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1668, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2316, C:\PROGRAM FILES\DELL\NICCONFIGSVC\NICCONFIGSVC.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2684, C:\PROGRA~1\JASCSO~1\PAINTS~2\PSPA.EXE]
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
[/CODE]
bamajim
10.4K Posts
0
January 15th, 2008 13:00
O.k. I have a feeling there is something else we are not seeing yet. Let's do this
1. Open Notepad (Not Wordpad)
Select Edit and uncheck Wordwrap
Copy and paste the following into Notepad
(Making sure there is no space between the top of the window and the first line)
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Microsoft\DiskCheck]
[HKEY_CURRENT_USER\Software\Microsoft]
"DiskCheck"=-
After you copy and paste it your cursor should be at the end of the first line
Hit Enter so your cursor is under the last line
Under " Save as type" Select " All Files"->> save it to your Desktop
Close Notepad
The fix.reg file should now appear on your Desktop (If it saved properly it will look like a stack of small blue blocks)
Rt Click and Select merge->>If prompted to Merge this Select Yes (it will appear that nothing has happened but that's o.k.)
See if that resolves your C:\Drive issue
2. Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
"The world is what you make of it"
KRodriguez
23 Posts
0
January 15th, 2008 14:00