Malware

[willwoms]

I have re loaded vista after having problems with my laptop crashing since doing so everything has been fine apart from i am trying to re install roxio creator 2009.It doesnt install all the program it misses out all the video editing software and only installs a viseo player in the video section.I contacted roxio and they told me to run a scan of my pc which shows all its software and hardware etc.On posting it on here i was told it had malware showing and to post it in this forum section to see if you could help.Thanks Paul.I tried to upload it on this thread but it says i already uploaded it to my other thread hope you can view on there if not i will try again.

Software install problems. This is the link to my previous post about my problem with the scan results from my pc.

[willwoms]

Can no one give me any help?

[Ried]

We do not want to see that report you've posted in the other thread. We require a more comprehensive set of logs to determine the presence of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

**Please note this section of the forum is very busy, so be sure to familiarize yourself with the Bumping Rules also found in our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.

[willwoms]

When i run this it keeps stopping and i get a blue screen saying windows is closing down it counts down from 90 then reboots my system i have tried this 3 or times now any help please.

[Ried]

What tool are you referring to, please.

[willwoms]

It keeps crashing when the gmer program is try ing to scan my pc.I have done the first 2 parts with the other tools i had to download but this one starts going then just comes with the blue screen and then it resrats my pc.

[Ried]

Please run gmer.exe again, but use the following configuration: (it is a bit different from the instructions in our pre-posting topic)

Double click GMER.exe and it will begin an initial scan.

• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

• Devices
• Sections
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply and post the contents of the dds.txt directly into the reply box.

[willwoms]

I am trying to re install roxio creator 2009 ultimate back onto my laptop after re installing windows vista.It installs but doesnt install all the features on contacting Roxio they had me run a scan on my pc on posting this on another room on this site i was told i possibly had malware so here are my logs etc.




DDS (Ver_09-10-26.01) - NTFSx86
Run by Paul at 16:52:30.37 on 28/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2042.803 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paul\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lumixs~1.lnk - c:\program files\panasonic\lumixsimpleviewer\PhLeAutoRun.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\cr65hswc.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\users\paul\appdata\roaming\mozilla\firefox\profiles\cr65hswc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-10-15 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-10-15 277504]

=============== Created Last 30 ================

2009-10-28 06:08:30 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-28 06:07:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 06:07:18 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 21:01:43 0 d-----w- c:\programdata\NOS
2009-10-27 20:52:42 181 ----a-w- c:\windows\WININIT.INI
2009-10-27 19:04:58 0 d-----w- C:\$WINDOWS.~BT
2009-10-27 18:37:39 0 d-----w- c:\programdata\Citrix
2009-10-27 18:37:02 0 d-----w- c:\program files\Citrix
2009-10-27 17:54:52 0 d-----w- c:\programdata\Roxio
2009-10-27 17:39:31 0 d-----w- c:\program files\Roxio(438)
2009-10-27 17:37:02 0 d-----w- c:\programdata\Sonic
2009-10-27 17:36:07 0 d-----w- c:\program files\Roxio Creator 2009 Ultimate(439)
2009-10-27 17:23:38 0 d-----w- C:\ATI
2009-10-25 15:04:03 0 d-----w- c:\program files\Unlocker
2009-10-25 14:20:08 0 d-----w- c:\program files\InterActual(193)
2009-10-25 14:17:26 0 d-----w- c:\program files\common files\Roxio Shared(120)
2009-10-24 09:34:05 0 d-----w- c:\users\paul\appdata\roaming\Blitware
2009-10-23 15:12:11 0 d-----w- c:\program files\Windows Installer Clean Up
2009-10-22 20:23:36 0 d-----w- c:\windows\pss
2009-10-22 18:44:50 0 d-----w- c:\program files\MSECACHE
2009-10-21 19:12:09 0 d-----w- c:\users\paul\DSI SOFTWARE
2009-10-21 17:58:42 0 d-----w- c:\users\paul\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-20 16:52:51 0 d-----w- c:\programdata\Real
2009-10-20 16:52:51 0 d-----w- c:\program files\common files\Real
2009-10-19 20:14:11 0 d-----w- c:\users\paul\appdata\roaming\.ABC
2009-10-19 20:14:00 0 d-----w- c:\program files\ABC
2009-10-19 19:54:58 0 d-----w- c:\programdata\Adobe
2009-10-19 19:20:25 0 d-----w- c:\users\paul\appdata\roaming\iolo
2009-10-19 19:20:25 0 d-----w- c:\programdata\iolo
2009-10-19 18:33:54 0 d-----w- c:\windows\system32\EventProviders
2009-10-19 18:33:44 0 d-----w- C:\873a3258f97fcfe0bbca931621b152f6
2009-10-18 18:07:30 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-18 11:21:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-10-17 20:52:02 0 d-----w- c:\programdata\Uninstall
2009-10-17 20:24:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-17 20:24:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-17 20:23:04 0 d-----w- c:\program files\iPod
2009-10-17 20:22:17 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-17 20:22:17 0 d-----w- c:\program files\iTunes
2009-10-17 20:21:33 0 d-----w- c:\program files\Bonjour
2009-10-17 20:14:34 0 d-----w- c:\programdata\Apple
2009-10-17 20:04:38 39 ----a-w- c:\windows\vbaddin.ini
2009-10-17 19:39:54 376 ----a-w- c:\windows\ODBC.INI
2009-10-17 19:39:47 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-17 19:35:48 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-17 19:24:28 0 d-----w- c:\programdata\Apple Computer
2009-10-17 19:20:49 45056 ----a-w- c:\windows\system32\PhDi2.sys
2009-10-17 19:10:36 0 d-----w- c:\programdata\UDL
2009-10-17 19:09:09 131072 ----a-w- c:\windows\system32\Epcmlib.dll
2009-10-17 19:07:38 0 d-----w- c:\program files\EPSON Print CD
2009-10-17 19:04:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-17 19:04:05 0 d-----w- c:\program files\EPSON
2009-10-17 19:04:01 19529 ----a-w- c:\windows\EPSTPLOG.BAK
2009-10-17 19:03:44 25 ----a-w- c:\windows\CDER200Euro.ini
2009-10-17 09:37:23 0 ----a-w- c:\windows\system32\null
2009-10-17 09:32:49 0 d-----w- c:\programdata\SupportSoft
2009-10-17 09:32:21 0 d-----w- c:\program files\Dell Support Center
2009-10-17 09:32:20 0 d-----w- c:\program files\common files\supportsoft
2009-10-17 09:20:10 65536 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2009-10-17 09:20:10 196608 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2009-10-17 09:20:10 1835008 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2009-10-17 09:19:55 0 d-----w- c:\program files\Microsoft ATS
2009-10-16 20:07:10 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-16 18:45:36 0 d-----w- c:\users\paul\Tracing
2009-10-16 18:02:49 0 d-----w- c:\program files\Roxio Creator 2009 Ultimate
2009-10-16 18:01:28 0 d-----w- c:\programdata\eSellerate
2009-10-16 18:01:27 0 d-----w- c:\programdata\SmartSound Software Inc
2009-10-16 18:01:26 0 d-----w- c:\program files\SmartSound Software
2009-10-16 17:04:35 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-10-16 17:04:34 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-16 17:04:33 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-10-16 17:04:33 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2009-10-16 17:04:33 11264 ----a-w- c:\windows\system32\icardres.dll
2009-10-16 17:04:32 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-10-16 17:04:29 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-10-16 17:04:26 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-10-16 16:55:30 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-10-16 16:55:25 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-10-16 16:55:22 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-16 16:54:57 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-10-16 16:54:49 83968 ----a-w- c:\windows\system32\mscories.dll
2009-10-16 16:53:40 0 d-----w- c:\program files\Microsoft
2009-10-16 16:53:06 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-16 16:51:34 0 d-----w- c:\windows\PCHEALTH
2009-10-16 16:48:39 0 d-----w- c:\program files\common files\Windows Live
2009-10-16 16:47:18 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-16 16:47:15 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-10-16 16:46:51 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-10-16 16:45:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-16 16:45:46 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-10-16 16:45:45 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-16 16:44:53 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-16 16:44:52 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-16 16:41:12 10911 ----a-w- c:\windows\system32\Config.MPF
2009-10-16 16:38:04 0 d-----w- c:\programdata\SiteAdvisor
2009-10-16 16:37:25 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-10-16 16:37:22 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-16 16:37:15 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-16 16:37:15 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-16 16:37:14 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-16 16:37:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-16 16:37:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-16 16:37:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-16 16:37:14 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-16 16:37:14 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-16 16:37:14 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-16 16:37:14 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-16 16:36:22 2501921 ----a-w- c:\windows\system32\wlan.tmf
2009-10-16 16:36:21 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-16 16:36:21 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-10-16 16:36:21 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-16 16:36:21 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-16 16:36:17 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-10-16 16:36:11 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-10-16 16:36:11 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-10-16 16:36:10 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-10-16 16:36:10 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-10-16 16:35:56 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-16 16:35:50 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-10-16 16:35:50 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-10-16 16:35:42 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 16:35:42 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-16 16:35:40 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-16 16:35:40 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-16 16:35:40 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-16 16:35:40 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-16 16:35:21 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-10-16 16:33:58 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-16 16:33:57 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-16 16:33:57 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2009-10-16 16:33:22 636928 ----a-w- c:\windows\system32\localspl.dll
2009-10-16 16:33:19 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-10-16 16:33:13 2927104 ----a-w- c:\windows\explorer.exe
2009-10-16 16:33:08 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-16 16:33:08 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-16 16:33:08 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-16 16:32:07 0 d-----w- c:\program files\common files\McAfee
2009-10-16 16:32:05 0 d-----w- c:\program files\McAfee.com
2009-10-16 16:32:02 0 d-----w- c:\program files\McAfee
2009-10-16 16:30:28 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-16 16:11:52 195440 ----a-w- c:\windows\system32\MpSigStub.exe
2009-10-16 16:10:59 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 16:10:40 1645568 ----a-w- c:\windows\system32\connect.dll
2009-10-16 16:10:31 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 16:10:23 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-10-16 16:10:16 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-16 16:10:06 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-10-16 16:09:49 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 16:05:19 0 d-----w- c:\programdata\McAfee
2009-10-16 15:58:39 0 d-----w- c:\windows\CtDrvInstall
2009-10-16 15:58:23 75 --sh--r- c:\windows\CT4CET.bin
2009-10-16 15:57:59 0 d-----w- c:\program files\Creative
2009-10-16 15:57:42 0 d-----w- c:\program files\common files\Reallusion
2009-10-16 15:56:54 57656 ------w- c:\windows\system32\drivers\FilterPC.bmp
2009-10-16 15:56:54 24995 ------w- c:\windows\system32\drivers\FilterPC.jpg
2009-10-16 15:56:36 0 d-----w- c:\program files\Dell Webcam
2009-10-16 15:56:30 0 d-----w- c:\program files\Creative Live! Cam
2009-10-16 15:54:09 0 d-----w- c:\programdata\CyberLink
2009-10-16 15:53:16 89088 ------w- c:\windows\system32\atl71.dll
2009-10-16 15:53:16 499712 ------w- c:\windows\system32\msvcp71.dll
2009-10-16 15:53:16 348160 ------w- c:\windows\system32\msvcr71.dll
2009-10-16 15:53:16 1060864 ------w- c:\windows\system32\MFC71.dll
2009-10-16 15:53:16 1047552 ------w- c:\windows\system32\MFC71u.dll
2009-10-16 15:50:23 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-10-16 05:23:22 0 d-----w- c:\windows\Panther
2009-10-16 05:23:08 8192 --s-a-r- C:\BOOTSECT.BAK
2009-10-16 05:22:48 24 ---ha-r- c:\windows\dell_version
2009-10-16 05:22:48 0 d-----w- c:\windows\system32\OEM
2009-10-16 04:58:56 0 d-----w- C:\Windows.old
2009-10-15 21:50:28 0 d-----w- c:\programdata\ATI
2009-10-15 21:47:51 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-15 21:43:23 0 ------w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-10-15 21:43:10 0 d-----w- c:\program files\DellTPad
2009-10-15 21:42:39 197680 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2009-10-15 21:42:39 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2009-10-15 21:42:39 108606 ----a-w- c:\windows\system32\Vxdif.dll
2009-10-15 21:39:38 0 d-----w- c:\windows\system32\Dell
2009-10-15 21:33:05 0 d-----w- c:\program files\Cisco
2009-10-15 21:26:39 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-15 21:26:39 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2009-10-15 21:26:39 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-10-15 21:26:39 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2009-10-15 21:26:39 225792 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-10-15 21:26:39 196608 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-10-15 21:26:13 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-10-15 21:26:00 26376 ----a-w- c:\windows\system32\drivers\battc.sys
2009-10-15 21:26:00 18952 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-10-15 21:26:00 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2009-10-15 21:25:59 265480 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-10-15 21:25:46 1985536 ----a-w- c:\windows\system32\authui.dll
2009-10-15 21:25:34 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-10-15 21:25:34 338944 ----a-w- c:\windows\system32\SysFxUI.dll
2009-10-15 21:25:34 167424 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-15 21:25:34 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-15 21:25:09 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2009-10-15 21:25:09 29240 ----a-w- c:\windows\system32\drivers\Dumpata.sys
2009-10-15 21:25:09 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-10-15 21:25:09 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-15 21:25:09 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2009-10-15 21:24:17 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-10-15 21:23:35 223288 ----a-w- c:\windows\system32\drivers\netio.sys
2009-10-15 21:23:23 408064 ----a-w- c:\windows\system32\msinfo32.exe
2009-10-15 21:22:54 529464 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-15 21:22:42 246840 ----a-w- c:\windows\system32\clfs.sys
2009-10-15 21:22:14 26112 ----a-w- c:\windows\system32\hidserv.dll
2009-10-15 21:22:14 22016 ----a-w- c:\windows\system32\hid.dll
2009-10-15 21:20:43 0 d-----w- c:\programdata\Dell
2009-10-15 21:14:06 772296 ------w- c:\windows\system32\oem13.inf
2009-10-15 21:12:33 0 d-----w- c:\program files\Broadcom
2009-10-15 21:10:00 31256 ----a-w- c:\windows\system32\OA001Srv.exe
2009-10-15 21:09:59 90112 ----a-w- c:\windows\CtDrvIns.exe
2009-10-15 21:09:59 5777 ----a-w- c:\windows\OA001.uns
2009-10-15 21:09:59 57656 ----a-w- c:\windows\system32\drivers\OA001PC.bmp
2009-10-15 21:09:59 53248 ----a-w- c:\windows\system32\OA001Pin.dll
2009-10-15 21:09:59 32768 ----a-w- c:\windows\OA001Cfg.exe
2009-10-15 21:09:59 31256 ----a-w- c:\windows\system32\OA001Pin.crl
2009-10-15 21:09:59 277504 ----a-w- c:\windows\system32\drivers\OA001Vid.sys
2009-10-15 21:09:59 22951 ----a-w- c:\windows\system32\drivers\OA001PC.jpg
2009-10-15 21:09:59 148056 ----a-w- c:\windows\system32\drivers\OA001Afx.sys
2009-10-15 21:09:59 144672 ----a-w- c:\windows\system32\drivers\OA001Ufd.sys
2009-10-15 2107 492544 ----a-w- c:\windows\system32\ctapo32.dll
2009-10-15 2107 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-10-15 2106 53248 ----a-w- c:\windows\system32\aestaren.dll
2009-10-15 2106 372736 ----a-w- c:\windows\system32\aestecap.dll
2009-10-15 2106 133632 ----a-w- c:\windows\system32\aestacap.dll
2009-10-15 2103 73728 ----a-w- c:\windows\system32\AESTCom.dll
2009-10-15 2103 5550145 ----a-w- c:\windows\system32\idtcpl.cpl
2009-10-15 2103 512000 ----a-w- c:\windows\system32\idtmini1.exe
2009-10-15 2103 2469888 ----a-w- c:\windows\system32\stlang.dll
2009-10-15 21:04:53 580608 ----a-w- c:\windows\system32\stapo.dll
2009-10-15 21:04:53 404480 ----a-w- c:\windows\system32\stapi32.dll
2009-10-15 21:04:53 379904 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-10-15 21:04:53 344576 ----a-w- c:\windows\system32\stcplx.dll
2009-10-15 21:04:53 164352 ----a-w- c:\windows\system32\st325939.dll
2009-10-15 21:04:53 0 d-----w- c:\program files\IDT
2009-10-15 21:02:43 90112 ------w- c:\windows\system32\snymsico.dll
2009-10-15 21:02:43 46592 ------w- c:\windows\system32\drivers\rimmptsk.sys
2009-10-15 21:02:43 43008 ------w- c:\windows\system32\drivers\rimsptsk.sys
2009-10-15 21:02:43 38400 ------w- c:\windows\system32\drivers\rixdptsk.sys
2009-10-15 21:02:43 172032 ------w- c:\windows\system32\rixdicon.dll
2009-10-15 20:58:54 0 d-----w- c:\program files\ATI Technologies
2009-10-15 20:58:50 0 d-----w- c:\program files\ATI
2009-10-15 20:54:20 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-10-15 20:50:17 0 d-----w- c:\windows\system32\vmm32
2009-10-15 20:50:17 0 d-----w- c:\program files\Dell
2009-10-15 20:49:30 0 d-sh--w- c:\windows\Installer

==================== Find3M ====================

2009-10-17 20:16:59 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-17 20:16:59 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-17 20:16:58 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-10-16 18:23:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-16 10:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-08-31 13:55:50 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 13:55:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-05 17:15:59 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-05 17:15:59 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 18:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:54:09.99 ===============




Hope i have done everything as i should look forward to hearing your views thanks.Paul

[Ried]

Hi Paul,

I'm not seeing any malware here. What led someone to believe malware may be the issue here?

What I am seeing, looks like botched installs of Roxio which may be complicating your issue. The number in parenthesis indicates how many of that particular folder are on/ have been on the system.

Quote:

c:\Program Files\Roxio(438)
c:\Program Files\Roxio Creator 2009 Ultimate(439)
c:\Program Files\InterActual(193)
c:\Program Files\Common Files\Roxio Shared(120)

Take a physical look. How many copies of those folders do you actually see?

My suggestion would be to uninstall Roxio, then download the Windows Installer CleanUp Utility
Locate and run msicuu2.exe to install the Windows Installer CleanUp Utility.

• Next, locate and launch the Windows Installer CleanUp Utility on the Start menu.
• From the Windows Installer CleanUp Utility window, see if Roxio is in the list. If so, click the Remove button.
• Click the Exit button to close the utility

[willwoms]

Thanks for that Reid.It was someone on the vista forum of this site that said i might have malware after looking at a log that roxio had me run.I have used the uninstall clean up utility and once i uninstall roxio through add/remove programs it doesnt seem to appear in clean up utilitys list to be cleaned up.

[Ried]

Did you see numerous Roxio folders in the paths I listed in my previous post?

[willwoms]

I can see the folders i have just uninstalled roxio and run the uninstall clean up utility but there is nothing in the clean up menu for roxio which is strange.

[willwoms]

I can see the folders i have just uninstalled roxio and run the uninstall clean up utility but there is nothing in the clean up menu for roxio which is strange.I went to start>search and typed in roxio it came up with loads of files do i delete them all or could they be for other programs too.

[Ried]

I don't know, I'd need to see the path locations.

How many Roxio folders do you see here - c:\Program Files\Roxio

According to the logs, you potentially have 438 of them.

[willwoms]

I have uninstalled roxio creator and i also had all the software on my hardrive as i was told to try and install it from there instead of the dvd.I deleted it all and now when i search roxio it doesnt come up with anything.Can you suggest which would be the best forum section to try and get this instillation issue resolved.Thanks again for your help so far you have been a great help.

[Ried]

The Windows Vista section would be the place. Do not begin a new thread, continue in the one you already have going over there.

One suggestion I have for you - disable McAfee completely, then try installing Roxio again.

Open McAfee Security Centre

• Under Common Tasks click on Home
• Click Computer Files
• Click Configure
• Make sure the following are disabled by ticking the "Off" button.
  

  Virus protection
  Spyware protection
  System Guards Protection
  Script Scanning Protection (you may have to scroll down to see it)

• Next, select never for "When to re-enable real time scanning"
• and click OK.

After you install Roxio, reboot. After the reboot, then you can re-enable McAfee

[willwoms]

How do i take this thread into another forum room.

[Ried]

You cannot take this thread to another room. Simply tell them no malware was found and give them the link to this thread for reference.

Did you follow my suggestion in my previous post? Try that first.

[willwoms]

Yes i turned all the macafee off but it still didnt work.It is driving me mad.