Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hgge.dll Winfixer Popup And Vundo


  • This topic is locked This topic is locked
15 replies to this topic

#1 stewbert

stewbert

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 19 July 2007 - 12:49 PM

Hi, i'm having problems with new browser windows opening (normaly to winfixer website but also to poker sites and others... also everytime i reboot my pc my cookie seeting drops to allow all cookies.
i have scanned with mcaffee virus scan plus and adaware 2007, adaware removes some things but they reappear on reboot, mcafee recently detected vundo but i think i got rid of this. if i disable the hggde.dll addon in IE7 this seems tostop the popups, but again it starts again on reboot.

heres my startup list and hijack this log:
StartupList report, 19/07/2007, 11:22:44
StartupList version: 1.52.2
Started from : C:\Program Files\hijackthis\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16473)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\opcenum.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\nimmhpun.exe
C:\Program Files\hijackthis\HiJackThis.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Acrobat Speed Launcher.lnk = ?
DTH.lnk = C:\Program Files\Desktop Traffic Headlines\DTH.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
000StTHK = 000StTHK.exe
Tpwrtray = TPWRTRAY.EXE
TMESRV.EXE = C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
TMERzCtl.EXE = C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
TMEEJME.EXE = C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
TMESBS.EXE = C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
TosHKCW.exe = C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
TFNF5 = TFNF5.exe
nwiz = nwiz.exe /installquiet /nodetect /keeploaded
Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
(Default) =
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
EPSON Stylus C44 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SpywareBot = C:\Program Files\SpywareBot\SpywareBot.exe -boot
avp = C:\WINDOWS\TEMP\win1661.tmp.exe
D-Link AirPlus G = C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
ANIWZCS2Service = C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
icq.com = rundll32.exe "C:\WINDOWS\system32\ksvfueky.dll",forkonce

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NVIEW = rundll32.exe nview.dll,nViewLoadHook
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
eyeBeam SIP Client = "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

McQcTask.job
McDefragTask.job
AppleSoftwareUpdate.job
SpywareBot Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://download.microsoft.com/download/e/7.../OGAControl.cab

[AccountTracking Profile Manager Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\accounttracking.dll
CODEBASE = https://moneymanager.egg.com/Pinsafe/accounttracking.cab

[Facebook Photo Uploader Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx
CODEBASE = http://upload.facebook.com/controls/Facebo...otoUploader.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/...b?1175540403017

[System Requirements Lab Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll
CODEBASE = http://www.systemrequirementslab.com/sysreqlab2.cab
OSD = C:\WINDOWS\Downloaded Program Files\SysReqLab2.osd

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdat...b?1175540786402

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

[Performance Viewer Activex Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RACtrl.dll
CODEBASE = https://secure.logmein.com/activex/ractrl.cab?lmi=100

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\system32\gugurarx.dll


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 8,856 bytes
Report generated in 0.120 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only








***************************************************************************************8
Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:29, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\opcenum.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\kgkecwoa.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win1661.tmp.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\gugurarx.dll",forkonce
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DTH.lnk = C:\Program Files\Desktop Traffic Headlines\DTH.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175540403017
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175540786402
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - c:\program files\cognex\in-sight\in-sight opc server 3.4.1\opcinsightservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NiRioSvc - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\opcenum.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 12223 bytes

Edited by stewbert, 19 July 2007 - 12:52 PM.


BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:10 PM

Posted 19 July 2007 - 12:57 PM

Hello stewbert :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please follow the steps below exactly in the order they are written:

Step #1

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Step #2

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next post please include the following reports:
  • SDFix report
  • VundoFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.

Regards,
SNOWHITE
Posted Image

#3 stewbert

stewbert
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 20 July 2007 - 10:14 AM

Hi, thanks for the prompt help. Here are the files as requested:

SD FIX:

SDFix: Version 1.92

Run by Administrator on 20/07/2007 at 08:30

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\sdfix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\Temp\win167B.tmp.exe - Deleted
C:\WINDOWS\Temp\win1668.tmp.exe - Deleted
C:\WINDOWS\Temp\win1600.tmp.exe - Deleted
C:\WINDOWS\Temp\win167B.tmp.exe - Deleted
C:\WINDOWS\Temp\win1668.tmp.exe - Deleted
C:\WINDOWS\Temp\win1600.tmp.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win1A8.tmp.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\National Instruments\\Vision Assistant 7.1\\Vision Assistant.exe"="C:\\Program Files\\National Instruments\\Vision Assistant 7.1\\Vision Assistant.exe:*:Enabled:National Instruments Vision Assistant 7.1"
"C:\\Program Files\\National Instruments\\Vision Builder AI 2.6\\Vision Builder.exe"="C:\\Program Files\\National Instruments\\Vision Builder AI 2.6\\Vision Builder.exe:*:Enabled:National Instruments Vision Builder AI 2.6"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win1A2.tmp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win1A2.tmp.exe:*:Enabled:win1A2.tmp"
"C:\\WINDOWS\\TEMP\\win1675.tmp.exe"="C:\\WINDOWS\\TEMP\\win1675.tmp.exe:*:Enabled:win1675.tmp"
"C:\\WINDOWS\\TEMP\\win15FA.tmp.exe"="C:\\WINDOWS\\TEMP\\win15FA.tmp.exe:*:Enabled:win15FA.tmp"
"C:\\WINDOWS\\TEMP\\win165C.tmp.exe"="C:\\WINDOWS\\TEMP\\win165C.tmp.exe:*:Enabled:win165C.tmp"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\sdfix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Administrator\NetHood\ftp.ni.com\Desktop.ini
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\National Instruments\MeasurementStudioVS2003\DotNET\LicenseEngine.exe
C:\Program Files\National Instruments\MeasurementStudioVS2005\DotNET\LicenseEngine.2005.exe
C:\WINDOWS\system32\edggh.tmp
C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp
C:\Documents and Settings\All Users\Application Data\National Instruments\Shared Memory\MXSEventSharedMemory.tmp
C:\Documents and Settings\All Users\Application Data\National Instruments\Shared Memory\NI-SMSL LPCSockets Shared Memory.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL0019.tmp
C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL2391.tmp
C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL0064.tmp

Finished



VundoFix report:


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 08:41:49 20/07/2007

Listing files found while scanning....

C:\windows\system32\abaotpjd.dll
C:\windows\system32\abksthkw.exe
C:\windows\system32\bfftwwft.exe
C:\windows\system32\bfsluoni.dll
C:\windows\system32\bgimqxfb.exe
C:\windows\system32\bnbpahxf.dll
C:\windows\system32\bnpwklyx.dll
C:\windows\system32\ccsybflf.dll
C:\windows\system32\cyyoussy.dll
C:\windows\system32\ddiioooy.exe
C:\windows\system32\djptoaba.ini
C:\WINDOWS\system32\djvoppyd.ini
C:\WINDOWS\system32\dyppovjd.dll
C:\windows\system32\ednmytsb.dll
C:\windows\system32\ehitffos.ini
C:\windows\system32\emmywwsq.dll
C:\windows\system32\fpfhcovn.dll
C:\windows\system32\hbbvoxca.exe
C:\windows\system32\hddiywho.dll
C:\WINDOWS\system32\hggde.dll
C:\windows\system32\kgkecwoa.exe
C:\windows\system32\kkprebpt.dll
C:\windows\system32\klrgqsau.exe
C:\windows\system32\kmhbheuy.dll
C:\windows\system32\ksvfueky.dll
C:\windows\system32\llpxqgra.exe
C:\windows\system32\lvmhiefg.exe
C:\windows\system32\mcdjhfvr.dll
C:\windows\system32\mditfjsf.exe
C:\WINDOWS\system32\mfjpqghd.dll
C:\windows\system32\mgvngeqj.exe
C:\windows\system32\mqfckeom.dll
C:\windows\system32\mvkhofdt.exe
C:\windows\system32\nchdsvtg.dll
C:\windows\system32\nimmhpun.exe
C:\windows\system32\obfvhsji.dll
C:\windows\system32\odybnagb.exe
C:\windows\system32\pkapowrs.exe
C:\windows\system32\rraubbcj.exe
C:\windows\system32\sofftihe.dll
C:\windows\system32\stkbpulr.exe
C:\windows\system32\tftxthss.dll
C:\windows\system32\tpberpkk.ini
C:\windows\system32\tyyjmmsw.exe
C:\windows\system32\uawwnvqn.dll
C:\windows\system32\vesqxjmu.exe
C:\windows\system32\wqpgxxsi.dll
C:\windows\system32\wwtjjyxe.exe
C:\windows\system32\ykeufvsk.ini

Beginning removal...

Attempting to delete C:\windows\system32\abaotpjd.dll
C:\windows\system32\abaotpjd.dll Has been deleted!

Attempting to delete C:\windows\system32\abksthkw.exe
C:\windows\system32\abksthkw.exe Has been deleted!

Attempting to delete C:\windows\system32\bfftwwft.exe
C:\windows\system32\bfftwwft.exe Has been deleted!

Attempting to delete C:\windows\system32\bfsluoni.dll
C:\windows\system32\bfsluoni.dll Has been deleted!

Attempting to delete C:\windows\system32\bgimqxfb.exe
C:\windows\system32\bgimqxfb.exe Has been deleted!

Attempting to delete C:\windows\system32\bnbpahxf.dll
C:\windows\system32\bnbpahxf.dll Has been deleted!

Attempting to delete C:\windows\system32\bnpwklyx.dll
C:\windows\system32\bnpwklyx.dll Has been deleted!

Attempting to delete C:\windows\system32\ccsybflf.dll
C:\windows\system32\ccsybflf.dll Has been deleted!

Attempting to delete C:\windows\system32\cyyoussy.dll
C:\windows\system32\cyyoussy.dll Has been deleted!

Attempting to delete C:\windows\system32\ddiioooy.exe
C:\windows\system32\ddiioooy.exe Has been deleted!

Attempting to delete C:\windows\system32\djptoaba.ini
C:\windows\system32\djptoaba.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\djvoppyd.ini
C:\WINDOWS\system32\djvoppyd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dyppovjd.dll
C:\WINDOWS\system32\dyppovjd.dll Has been deleted!

Attempting to delete C:\windows\system32\ednmytsb.dll
C:\windows\system32\ednmytsb.dll Has been deleted!

Attempting to delete C:\windows\system32\ehitffos.ini
C:\windows\system32\ehitffos.ini Has been deleted!

Attempting to delete C:\windows\system32\emmywwsq.dll
C:\windows\system32\emmywwsq.dll Has been deleted!

Attempting to delete C:\windows\system32\fpfhcovn.dll
C:\windows\system32\fpfhcovn.dll Has been deleted!

Attempting to delete C:\windows\system32\hbbvoxca.exe
C:\windows\system32\hbbvoxca.exe Has been deleted!

Attempting to delete C:\windows\system32\hddiywho.dll
C:\windows\system32\hddiywho.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggde.dll
C:\WINDOWS\system32\hggde.dll Has been deleted!

Attempting to delete C:\windows\system32\kgkecwoa.exe
C:\windows\system32\kgkecwoa.exe Has been deleted!

Attempting to delete C:\windows\system32\kkprebpt.dll
C:\windows\system32\kkprebpt.dll Has been deleted!

Attempting to delete C:\windows\system32\klrgqsau.exe
C:\windows\system32\klrgqsau.exe Has been deleted!

Attempting to delete C:\windows\system32\kmhbheuy.dll
C:\windows\system32\kmhbheuy.dll Has been deleted!

Attempting to delete C:\windows\system32\ksvfueky.dll
C:\windows\system32\ksvfueky.dll Has been deleted!

Attempting to delete C:\windows\system32\llpxqgra.exe
C:\windows\system32\llpxqgra.exe Has been deleted!

Attempting to delete C:\windows\system32\lvmhiefg.exe
C:\windows\system32\lvmhiefg.exe Has been deleted!

Attempting to delete C:\windows\system32\mcdjhfvr.dll
C:\windows\system32\mcdjhfvr.dll Has been deleted!

Attempting to delete C:\windows\system32\mditfjsf.exe
C:\windows\system32\mditfjsf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mfjpqghd.dll
C:\WINDOWS\system32\mfjpqghd.dll Has been deleted!

Attempting to delete C:\windows\system32\mgvngeqj.exe
C:\windows\system32\mgvngeqj.exe Has been deleted!

Attempting to delete C:\windows\system32\mqfckeom.dll
C:\windows\system32\mqfckeom.dll Has been deleted!

Attempting to delete C:\windows\system32\mvkhofdt.exe
C:\windows\system32\mvkhofdt.exe Has been deleted!

Attempting to delete C:\windows\system32\nchdsvtg.dll
C:\windows\system32\nchdsvtg.dll Has been deleted!

Attempting to delete C:\windows\system32\nimmhpun.exe
C:\windows\system32\nimmhpun.exe Has been deleted!

Attempting to delete C:\windows\system32\obfvhsji.dll
C:\windows\system32\obfvhsji.dll Has been deleted!

Attempting to delete C:\windows\system32\odybnagb.exe
C:\windows\system32\odybnagb.exe Has been deleted!

Attempting to delete C:\windows\system32\pkapowrs.exe
C:\windows\system32\pkapowrs.exe Has been deleted!

Attempting to delete C:\windows\system32\rraubbcj.exe
C:\windows\system32\rraubbcj.exe Has been deleted!

Attempting to delete C:\windows\system32\sofftihe.dll
C:\windows\system32\sofftihe.dll Has been deleted!

Attempting to delete C:\windows\system32\stkbpulr.exe
C:\windows\system32\stkbpulr.exe Has been deleted!

Attempting to delete C:\windows\system32\tftxthss.dll
C:\windows\system32\tftxthss.dll Has been deleted!

Attempting to delete C:\windows\system32\tpberpkk.ini
C:\windows\system32\tpberpkk.ini Has been deleted!

Attempting to delete C:\windows\system32\tyyjmmsw.exe
C:\windows\system32\tyyjmmsw.exe Has been deleted!

Attempting to delete C:\windows\system32\uawwnvqn.dll
C:\windows\system32\uawwnvqn.dll Has been deleted!

Attempting to delete C:\windows\system32\vesqxjmu.exe
C:\windows\system32\vesqxjmu.exe Could not be deleted.

Attempting to delete C:\windows\system32\wqpgxxsi.dll
C:\windows\system32\wqpgxxsi.dll Has been deleted!

Attempting to delete C:\windows\system32\wwtjjyxe.exe
C:\windows\system32\wwtjjyxe.exe Has been deleted!

Attempting to delete C:\windows\system32\ykeufvsk.ini
C:\windows\system32\ykeufvsk.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\vesqxjmu.exe
C:\windows\system32\vesqxjmu.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 08:50:52 20/07/2007

Listing files found while scanning....

No infected files were found.



DSS Scan
Main.txt:

Deckard's System Scanner v20070711.54
Run by Administrator on 2007-07-20 at 08:53:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:38, on 20/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\opcenum.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Administrator.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C4F88AC-398D-4E51-BD6D-8ECC5FB68670} - C:\WINDOWS\system32\hggde.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win1661.tmp.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DTH.lnk = C:\Program Files\Desktop Traffic Headlines\DTH.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175540403017
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175540786402
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winpvb32 - winpvb32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - c:\program files\cognex\in-sight\in-sight opc server 3.4.1\opcinsightservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NiRioSvc - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\opcenum.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 12404 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 NIPALK - c:\windows\system32\drivers\nipalk.sys <Not Verified; National Instruments Corporation; NI-PAL>
R0 tosrfec (Bluetooth ACPI from Toshiba) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
R0 TVALD (Toshiba ACPI-Based Value Added Logical Device Driver) - c:\windows\system32\drivers\tvald.sys <Not Verified; Toshiba Corporation; Toshiba ACPI-Compliant Value Added Logical Device>
R0 TVALG (Toshiba Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalg.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Value Added Logical and General Purpose Device Driver>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R1 TMEI3E - c:\windows\system32\drivers\tmei3e.sys <Not Verified; Toshiba Corporation; Toshiba Mobile Extension>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 cvintdrv - c:\windows\system32\drivers\cvintdrv.sys
R2 imaq1394k - c:\windows\system32\drivers\imaq1394k.dll <Not Verified; National Instruments Corporation; NIIMAQ1394>
R2 nidimk - c:\windows\system32\drivers\nidimk.dll <Not Verified; National Instruments Corporation; NIDIM>
R2 nipxirmk - c:\windows\system32\drivers\nipxirmk.dll <Not Verified; National Instruments Corporation; NIPXIRM>
R3 niorbk - c:\windows\system32\drivers\niorbk.dll <Not Verified; National Instruments Corporation; NIORB>
R3 tsdhd (TOSHIBA SD Card Host Controller Driver) - c:\windows\system32\drivers\tsdhd.sys <Not Verified; TOSHIBA Corporation; SD Card Driver Set>

S3 NiViPxiK - c:\windows\system32\drivers\nivipxik.sys <Not Verified; National Instruments; NI-VISA for Windows>
S3 toslane (Toshiba BT-LANE) - c:\windows\system32\drivers\tosrflan.sys <Not Verified; TOSHIBA Corporation.; Bluetooth LAN Emulation Driver from TOSHIBA>
S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 Tosrfbd (Bluetooth RFBUS from Toshiba) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(Windows2000)>
S3 Tosrfcom (Bluetooth RFCOMM from Toshiba) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA Corporation; Bluetooth USB Miniport Driver(Windows2000)>
S3 uisp (Freescale USB JW32 driver) - c:\windows\system32\drivers\usbicp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 nipxirmu - system32\nipalsm.exe <Not Verified; National Instruments Corporation; NIPALSM>
R2 NiRioSvc - system32\nipalsm.exe <Not Verified; National Instruments Corporation; NIPALSM>
R2 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>
R2 Tmesbs (Tmesbs32) - "c:\program files\toshiba\tme3\tmesbs32.exe" /service <Not Verified; TOSHIBA Corporation; TOSHIBA Mobile Extension Slim Select Bay Service>
R2 Tmesrv (Tmesrv3) - "c:\program files\toshiba\tme3\tmesrv31.exe" /service <Not Verified; TOSHIBA; TOSHIBA MobileExtension Service>

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
S3 Cognex.InSight.OpcServer (Cognex OPC Server) - c:\program files\cognex\in-sight\in-sight opc server 3.4.1\opcinsightservice.exe <Not Verified; Cognex Corporation; Cognex In-Sight OPC Server>
S3 NILM License manager - "c:\program files\national instruments\shared\license manager\bin\lmgrd.exe" <Not Verified; Macrovision Corporation; >


-- Scheduled Tasks -------------------------------------------------------------

2007-07-19 03:00:02 504 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2007-07-16 11:31:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-04-03 17:12:34 366 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-04-03 17:12:32 368 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-06-20 and 2007-07-20 -----------------------------

2007-07-20 08:41:49 0 d-------- C:\VundoFix Backups
2007-07-20 08:39:53 66112 --a------ C:\WINDOWS\system32\dohgtmno.exe
2007-07-20 08:29:10 0 d-------- C:\WINDOWS\ERUNT
2007-07-20 04:34:00 66112 --a------ C:\WINDOWS\system32\fwmomkpo.exe
2007-07-19 11:13:14 66112 --a------ C:\WINDOWS\system32\eswvdqjo.exe
2007-07-19 11:11:43 66112 --a------ C:\WINDOWS\system32\tnqtxowx.exe
2007-07-19 10:04:41 66112 --a------ C:\WINDOWS\system32\qmvjphnb.exe
2007-07-19 09:56:39 66112 --a------ C:\WINDOWS\system32\rxmltndg.exe
2007-07-19 04:04:19 66112 --a------ C:\WINDOWS\system32\ydkdhhhe.exe
2007-07-19 01:57:22 49152 --a------ C:\WINDOWS\system32\JJAKEn.dll <Not Verified; ; JJAKEn Dynamic Link Library>
2007-07-19 01:57:21 163840 --a------ C:\WINDOWS\system32\WlanApp.dll <Not Verified; Alpha Networks Inc.; WlanApp Dynamic Link Library>
2007-07-19 01:57:21 237568 --a------ C:\WINDOWS\system32\wlanapi.dll <Not Verified; Alpha Networks Inc.; WLANAPI Dynamic Link Library>
2007-07-19 01:57:20 1327189 --a------ C:\WINDOWS\system32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit>
2007-07-19 01:57:20 49152 --a------ C:\WINDOWS\system32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator>
2007-07-19 01:57:19 630784 --a------ C:\WINDOWS\system32\ANIWZCS2.dll <Not Verified; Alpha Networks Inc.; ANIWZCS Dynamic Link Library>
2007-07-19 01:57:19 57407 --a------ C:\WINDOWS\system32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library>
2007-07-19 01:57:19 204800 --a------ C:\WINDOWS\system32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library>
2007-07-19 01:56:24 36864 --a------ C:\WINDOWS\system32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library>
2007-07-19 01:56:24 50176 --a------ C:\WINDOWS\system32\ANIO64.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2007-07-19 01:56:24 24288 --a------ C:\WINDOWS\system32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2007-07-19 01:56:23 11904 --a------ C:\WINDOWS\system32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver>
2007-07-19 01:56:23 0 d-------- C:\Program Files\ANI
2007-07-19 01:54:46 0 d-------- C:\Program Files\D-Link
2007-07-18 19:49:57 66112 --a------ C:\WINDOWS\system32\jarkuvss.exe
2007-07-18 08:53:03 66112 --a------ C:\WINDOWS\system32\qjmronll.exe
2007-07-18 08:40:06 66112 --a------ C:\WINDOWS\system32\xbmqpuxn.exe
2007-07-18 07:51:05 0 d-------- C:\National Instruments Downloads
2007-07-17 18:52:10 66112 --a------ C:\WINDOWS\system32\mrftlrxq.exe
2007-07-17 18:49:50 66112 --a------ C:\WINDOWS\system32\wnpjjixy.exe
2007-07-17 16:52:28 66112 --a------ C:\WINDOWS\system32\cyvxagat.exe
2007-07-17 16:49:32 66112 --a------ C:\WINDOWS\system32\fhlulkte.exe
2007-07-17 08:33:14 66112 --a------ C:\WINDOWS\system32\ocaeqjky.exe
2007-07-17 08:32:05 66112 --a------ C:\WINDOWS\system32\gkvkkldj.exe
2007-07-16 21:32:45 66112 --a------ C:\WINDOWS\system32\ugklbdbq.exe
2007-07-16 21:04:25 66112 --a------ C:\WINDOWS\system32\yuhfajgf.exe
2007-07-16 19:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-16 18:49:56 66112 --a------ C:\WINDOWS\system32\jrfsofmg.exe
2007-07-16 18:48:09 66112 --a------ C:\WINDOWS\system32\yjntcisq.exe
2007-07-16 08:29:36 66112 --a------ C:\WINDOWS\system32\mcwnwhif.exe
2007-07-15 10:45:24 66112 --a------ C:\WINDOWS\system32\obgxvlti.exe
2007-07-13 09:52:05 66112 --a------ C:\WINDOWS\system32\akvpyqsn.exe
2007-07-12 15:44:51 0 d-------- C:\WINDOWS\pss
2007-07-12 12:42:35 1216411 ---hs---- C:\WINDOWS\system32\edggh.ini2
2007-07-12 12:35:33 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2007-07-12 12:35:31 15840 --a------ C:\WINDOWS\system32\machnm1.exe
2007-07-12 12:35:31 122880 --a------ C:\WINDOWS\system32\kepopcdaauto.dll <Not Verified; KEPware; kepopcdauto Module>
2007-07-12 12:35:31 462848 --a------ C:\WINDOWS\system32\HHActiveX.dll <Not Verified; eHelp Corporation.; RoboHelp HTML 11>
2007-07-12 12:35:24 0 d-------- C:\Program Files\KEPServerEx
2007-07-12 09:51:59 66112 --a------ C:\WINDOWS\system32\irhlwopt.exe
2007-07-12 09:51:52 1219745 ---hs---- C:\WINDOWS\system32\edggh.bak2
2007-07-11 10:32:52 1219746 ---hs---- C:\WINDOWS\system32\edggh.bak1
2007-07-06 17:10:23 0 d-------- C:\Program Files\RSLogix 5000 Module Profiles
2007-07-06 17:09:56 0 d-------- C:\Program Files\Rockwell Software
2007-07-06 17:09:26 0 d-------- C:\Program Files\Common Files\Rockwell
2007-06-25 16:59:54 0 d-------- C:\Program Files\Common Files\Avery
2007-06-25 16:59:51 0 d-------- C:\Program Files\Avery Wizard 3.1
2007-06-24 22:17:04 31232 --a------ C:\WINDOWS\system32\Lfpct10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 25600 --a------ C:\WINDOWS\system32\Lfmac10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 27136 --a------ C:\WINDOWS\system32\Lfimg10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 240640 --a------ C:\WINDOWS\system32\Lfdic10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 27136 --a------ C:\WINDOWS\system32\Lfcal10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 20480 --a------ C:\WINDOWS\system\Lfwpg70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 18944 --a------ C:\WINDOWS\system\Lfwfx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 20992 --a------ C:\WINDOWS\system\Lftga70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 19456 --a------ C:\WINDOWS\system\Lfras70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 22016 --a------ C:\WINDOWS\system\Lfpsd70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:04 111104 --a------ C:\WINDOWS\system\Lfpng70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 93184 --a------ C:\WINDOWS\system\LFTIF70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 24576 --a------ C:\WINDOWS\system\Lfpcx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 24064 --a------ C:\WINDOWS\system\LFPCT70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 19456 --a------ C:\WINDOWS\system\LFPCD70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 19456 --a------ C:\WINDOWS\system\Lfmsp70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 18944 --a------ C:\WINDOWS\system\LFMAC70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 25088 --a------ C:\WINDOWS\system\LFLMB70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 28672 --a------ C:\WINDOWS\system\LFLMA70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 95232 --a------ C:\WINDOWS\system\LFKODAK.DLL
2007-06-24 22:17:03 20480 --a------ C:\WINDOWS\system\LFIMG70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 26112 --a------ C:\WINDOWS\system\LFICA70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 32768 --a------ C:\WINDOWS\system\Lfgif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 35328 --a------ C:\WINDOWS\system\LFFPX70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 306688 --a------ C:\WINDOWS\system\LFFPX7.DLL <Not Verified; ; Reference Implementation>
2007-06-24 22:17:03 24064 --a------ C:\WINDOWS\system\Lfeps70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 19968 --a------ C:\WINDOWS\system\LFCAL70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 24576 --a------ C:\WINDOWS\system\LFBMP70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:03 17920 --a------ C:\WINDOWS\system\LFAVI70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 117760 --a------ C:\WINDOWS\system32\Ltimg10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 228864 --a------ C:\WINDOWS\system32\Ltdis10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 28160 --a------ C:\WINDOWS\system32\Lfwmf10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 33280 --a------ C:\WINDOWS\system32\Lfpcx10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 31232 --a------ C:\WINDOWS\system32\Lflmb10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 35840 --a------ C:\WINDOWS\system32\Lflma10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 350208 --a------ C:\WINDOWS\system\LTKRN70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 55296 --a------ C:\WINDOWS\system\LTFIL70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 55808 --a------ C:\WINDOWS\system\LFFAX70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:02 224768 --a------ C:\WINDOWS\system\LFCMP70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:01 81946 --a------ C:\WINDOWS\system32\Vb5ko.dll <Not Verified; Microsoft Corporation; Visual Basic Environment>
2007-06-24 22:17:01 600576 --a------ C:\WINDOWS\system32\Ltwrp10n.dll <Not Verified; LEAD Technologies, Inc.; LEAD Technologies, Inc. ltwrp10n>
2007-06-24 22:17:01 297472 --a------ C:\WINDOWS\system32\Ltkrn10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:01 103424 --a------ C:\WINDOWS\system32\Ltfil10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:01 122368 --a------ C:\WINDOWS\system32\Lftif10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:01 77824 --a------ C:\WINDOWS\system32\Lffax10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:01 266752 --a------ C:\WINDOWS\system32\Lfcmp10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:17:01 34304 --a------ C:\WINDOWS\system32\Lfbmp10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 22:16:41 212480 --a------ C:\WINDOWS\system\Pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-06-24 22:16:40 996872 --a------ C:\WINDOWS\system32\Cp3240mt.dll <Not Verified; Borland International; Borland C++ Builder 3.0>
2007-06-24 22:16:40 81920 --a------ C:\WINDOWS\system\Capi2032.dll
2007-06-21 17:42:16 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-06-21 16:50:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2007-06-12 11:23:48 0 d-------- C:\Program Files\DIFX
2007-06-06 16:36:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\SyncMyCal
2007-06-06 15:41:50 249 --a------ C:\Program Files\INSTALL.LOG
2007-06-06 15:31:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-06-06 15:25:30 0 d-------- C:\Program Files\Corel
2007-05-22 18:29:44 0 d-------- C:\Program Files\SystemRequirementsLab
2007-05-10 17:15:38 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{5C4F88AC-398D-4E51-BD6D-8ECC5FB68670} C:\WINDOWS\system32\hggde.dll [x]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"000StTHK"="000StTHK.exe"
"Tpwrtray"="TPWRTRAY.EXE"
"TMESRV.EXE"="C:\\Program Files\\TOSHIBA\\TME3\\TMESRV31.EXE /Logon"
"TMERzCtl.EXE"="C:\\Program Files\\TOSHIBA\\TME3\\TMERzCtl.EXE /Service"
"TMEEJME.EXE"="C:\\Program Files\\TOSHIBA\\TME3\\TMEEJME.EXE"
"TMESBS.EXE"="C:\\Program Files\\TOSHIBA\\TME3\\TMESBS32.EXE /Client"
"TosHKCW.exe"="C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe"
"TFNF5"="TFNF5.exe"
"nwiz"="nwiz.exe /installquiet /nodetect /keeploaded"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus C44 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C44 Series\" /O6 \"USB001\" /M \"Stylus C44\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"avp"="C:\\WINDOWS\\TEMP\\win1661.tmp.exe"
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"eyeBeam SIP Client"="\"C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpvb32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NIPALK


-- End of Deckard's System Scanner: finished at 2007-07-20 at 08:56:33 ---------

Extra.txt:

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 - M CPU 2.00GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 766.8 MiB / 422.39 MiB
Pagefile Memory (total/avail): 1875.14 MiB / 1551.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.36 MiB

C: is Fixed (FAT32) - 25.38 GiB total, 7.02 GiB free.
D: is Fixed (NTFS) - 49.13 GiB total, 10.32 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\National Instruments\\Vision Assistant 7.1\\Vision Assistant.exe"="C:\\Program Files\\National Instruments\\Vision Assistant 7.1\\Vision Assistant.exe:*:Enabled:National Instruments Vision Assistant 7.1"
"C:\\Program Files\\National Instruments\\Vision Builder AI 2.6\\Vision Builder.exe"="C:\\Program Files\\National Instruments\\Vision Builder AI 2.6\\Vision Builder.exe:*:Enabled:National Instruments Vision Builder AI 2.6"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win1A2.tmp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win1A2.tmp.exe:*:Enabled:win1A2.tmp"
"C:\\WINDOWS\\TEMP\\win1675.tmp.exe"="C:\\WINDOWS\\TEMP\\win1675.tmp.exe:*:Enabled:win1675.tmp"
"C:\\WINDOWS\\TEMP\\win15FA.tmp.exe"="C:\\WINDOWS\\TEMP\\win15FA.tmp.exe:*:Enabled:win15FA.tmp"
"C:\\WINDOWS\\TEMP\\win165C.tmp.exe"="C:\\WINDOWS\\TEMP\\win165C.tmp.exe:*:Enabled:win165C.tmp"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STEWBERT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
KMP_DUPLICATE_LIB_OK=TRUE
LOGONSERVER=\\STEWBERT
MKL_SERIAL=YES
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\VXIPNP\WinNT\Bin;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=STEWBERT
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
VSTO_LOGALERTS=1
VXIPNPPATH=C:\VXIPNP\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Avery Wizard 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EB7A2041-6A16-4BAC-8079-43B985673C2C}
Bluetooth Easy Connect --> MsiExec.exe /X{897F708D-ADAF-4C7E-B5BA-C36D8BE15B46}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{40EF8CEA-ACC4-4C03-824C-55AF8B8EAAE6}
CheckMate --> MsiExec.exe /X{EB0DE72D-7084-4365-819F-5617E50AEEDC}
Cognex 1756 Comm Module Profiles --> MsiExec.exe /X{638E1F0F-FD40-439A-9303-B7ACDD33883B}
Cognex In-Sight OPC Server 3.4.1 (2393) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F0FFE0AA-87B9-47E5-A342-3CDAB8887B58}
Cognex In-Sight Software 3.3.1 (1830) SR --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{8F4EC072-29E2-4EC3-B9CC-42EBDD063D2E}
Cognex In-Sight Software 3.4.1 (2393) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{20827993-97C7-4FCB-9031-0B67575C93A5}
Cognex In-Sight Software Development Kit 3.4.0 (2240) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{139D5613-9C14-4BF0-870D-5B16AA4524FD}
Cognex InSight Advisior 1.3 December 2006 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\InSightAdvisior\ST6UNST.LOG"
Cognex intellect 1.4.0 --> C:\PROGRA~1\COGNEX\DVT\INTELL~2\UNWISE.EXE C:\PROGRA~1\COGNEX\DVT\INTELL~2\INSTALL.LOG
Command & Conquer Red Alert 2 --> C:\Westwood\RA2\Uninstll.EXE
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
DVT/In-Sight Lens Calculator --> MsiExec.exe /I{94F73758-E543-4A99-B1D7-CAED75DBEDB5}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NWEWWHG6\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Install Network Printer Wizard --> MsiExec.exe /X{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
KEPServerEX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98C52021-37A8-45DE-B80A-52DE27E99593}\setup.exe" -l0x9 -removeonly
Korean Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5670-0000-800000000003}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Primary Interop Assemblies --> MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
National Instruments Software --> "C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
Network Device Switch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C7D85B0-8569-11D4-91EA-00003914300F}\Setup.exe"
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvts.inf
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RSLogix 5000 Module Profile Core --> MsiExec.exe /X{9C422AC8-466B-4150-882C-C5F5E3318A73}
RSLogix 5000 Module Profile Setup Utility --> MsiExec.exe /X{FB9917FF-DEEF-4CB0-B4D3-DF4BA02E1961}
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SyncMyCal --> MsiExec.exe /I{3D238BDC-3297-4309-9708-5859BB9C1A13}
SyncMyCal --> MsiExec.exe /I{424A732A-C1BC-4E7F-B252-20F4A2B93527}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TOSHIBA Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
Toshiba Hotkey Utility for Display Devices --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Manuals --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25DB99F1-4681-4391-931F-6F144E8B5F18}\Setup.exe" -l0x9
TOSHIBA Mobile Extension3 for Windows XP V3.21.00.XP --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll"
TOSHIBA Power Saver --> TPWRDEL.EXE
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Utilities --> tutildel.exe
Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\usbicp_148F9D51ADD758FCD4B68B61FF903F813AA2083E\usbicp.inf
Windows Driver Package - Razer (HidUsb) HIDClass (01/10/2007 1.00) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\habu_5D6DE0C1DF6AE8CBAA8B911F2AB801AF6374E80A\habu.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless Hotkey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\Setup.exe"
X-Lite 3.0 --> "C:\Program Files\CounterPath\X-Lite\unins000.exe"
X-Lite 3.0 --> "C:\Program Files\CounterPath\X-Lite\unins001.exe"
YAMAHA AC-XG WDM --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D3-9850-00C04F7AC096}\setup.exe" maintenance


-- End of Deckard's System Scanner: finished at 2007-07-20 at 08:56:33 ---------

New HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59:01, on 20/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\opcenum.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C4F88AC-398D-4E51-BD6D-8ECC5FB68670} - C:\WINDOWS\system32\hggde.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win1661.tmp.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DTH.lnk = C:\Program Files\Desktop Traffic Headlines\DTH.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175540403017
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175540786402
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winpvb32 - winpvb32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - c:\program files\cognex\in-sight\in-sight opc server 3.4.1\opcinsightservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NiRioSvc - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\opcenum.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 12422 bytes

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:10 PM

Posted 20 July 2007 - 03:29 PM

Hello stewbert,

Please follow the steps below exactly in the order they are written:

Step #1

Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • In the Browse empty box, copy&paste this file path:
    • C:\WINDOWS\system32\dohgtmno.exe
  • Repeat the same for these files too:C:\WINDOWS\system32\irhlwopt.exe
    C:\WINDOWS\system32\edggh.ini2
    C:\WINDOWS\system32\edggh.bak2
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
    Thank you!
Step #2

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {5C4F88AC-398D-4E51-BD6D-8ECC5FB68670} - C:\WINDOWS\system32\hggde.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win1661.tmp.exe
O20 - Winlogon Notify: winpvb32 - winpvb32.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Step #3
  • * Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Step #4

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\dohgtmno.exe
    C:\WINDOWS\system32\fwmomkpo.exe
    C:\WINDOWS\system32\eswvdqjo.exe
    C:\WINDOWS\system32\tnqtxowx.exe
    C:\WINDOWS\system32\qmvjphnb.exe
    C:\WINDOWS\system32\rxmltndg.exe
    C:\WINDOWS\system32\ydkdhhhe.exe
    C:\WINDOWS\system32\jarkuvss.exe
    C:\WINDOWS\system32\qjmronll.exe
    C:\WINDOWS\system32\xbmqpuxn.exe
    C:\WINDOWS\system32\mrftlrxq.exe
    C:\WINDOWS\system32\wnpjjixy.exe
    C:\WINDOWS\system32\cyvxagat.exe
    C:\WINDOWS\system32\fhlulkte.exe
    C:\WINDOWS\system32\ocaeqjky.exe
    C:\WINDOWS\system32\gkvkkldj.exe
    C:\WINDOWS\system32\ugklbdbq.exe
    C:\WINDOWS\system32\yuhfajgf.exe
    C:\WINDOWS\system32\jrfsofmg.exe
    C:\WINDOWS\system32\yjntcisq.exe
    C:\WINDOWS\system32\mcwnwhif.exe
    C:\WINDOWS\system32\obgxvlti.exe
    C:\WINDOWS\system32\akvpyqsn.exe
    C:\WINDOWS\system32\irhlwopt.exe
    C:\WINDOWS\system32\edggh.ini2
    C:\WINDOWS\system32\edggh.bak2
    C:\WINDOWS\system32\edggh.bak1


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step #5

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next post please include the following reports:
  • OTMoveIt report
  • ComboFix report
  • New HijackThis log
Let me know how the things went.

Regards,
SNOWHITE
Posted Image

#5 stewbert

stewbert
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 23 July 2007 - 02:49 AM

OT moveit Results:

C:\WINDOWS\system32\dohgtmno.exe moved successfully.
C:\WINDOWS\system32\fwmomkpo.exe moved successfully.
C:\WINDOWS\system32\eswvdqjo.exe moved successfully.
C:\WINDOWS\system32\tnqtxowx.exe moved successfully.
C:\WINDOWS\system32\qmvjphnb.exe moved successfully.
C:\WINDOWS\system32\rxmltndg.exe moved successfully.
C:\WINDOWS\system32\ydkdhhhe.exe moved successfully.
C:\WINDOWS\system32\jarkuvss.exe moved successfully.
C:\WINDOWS\system32\qjmronll.exe moved successfully.
C:\WINDOWS\system32\xbmqpuxn.exe moved successfully.
C:\WINDOWS\system32\mrftlrxq.exe moved successfully.
C:\WINDOWS\system32\wnpjjixy.exe moved successfully.
C:\WINDOWS\system32\cyvxagat.exe moved successfully.
C:\WINDOWS\system32\fhlulkte.exe moved successfully.
C:\WINDOWS\system32\ocaeqjky.exe moved successfully.
C:\WINDOWS\system32\gkvkkldj.exe moved successfully.
C:\WINDOWS\system32\ugklbdbq.exe moved successfully.
C:\WINDOWS\system32\yuhfajgf.exe moved successfully.
C:\WINDOWS\system32\jrfsofmg.exe moved successfully.
C:\WINDOWS\system32\yjntcisq.exe moved successfully.
C:\WINDOWS\system32\mcwnwhif.exe moved successfully.
C:\WINDOWS\system32\obgxvlti.exe moved successfully.
C:\WINDOWS\system32\akvpyqsn.exe moved successfully.
C:\WINDOWS\system32\irhlwopt.exe moved successfully.
C:\WINDOWS\system32\edggh.ini2 moved successfully.
C:\WINDOWS\system32\edggh.bak2 moved successfully.
C:\WINDOWS\system32\edggh.bak1 moved successfully.

Created on 07/23/2007 08:46:42

"Administrator" - 2007-07-23 8:51:05 - ComboFix 07-07-23.6 - Service Pack 2 FAT32


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-23 08:49 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-20 08:53 <DIR> d-------- C:\Deckard
2007-07-20 08:41 <DIR> d-------- C:\VundoFix Backups
2007-07-20 08:29 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-19 01:57 630,784 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2007-07-19 01:57 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2007-07-19 01:57 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2007-07-19 01:57 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2007-07-19 01:57 237,568 --a------ C:\WINDOWS\system32\wlanapi.dll
2007-07-19 01:57 204,800 --a------ C:\WINDOWS\system32\aIPH.dll
2007-07-19 01:57 163,840 --a------ C:\WINDOWS\system32\WlanApp.dll
2007-07-19 01:57 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2007-07-19 01:56 50,176 --a------ C:\WINDOWS\system32\ANIO64.sys
2007-07-19 01:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2007-07-19 01:56 24,288 --a------ C:\WINDOWS\system32\ANIO.sys
2007-07-19 01:56 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2007-07-19 01:56 <DIR> d-------- C:\Program Files\ANI
2007-07-19 01:54 <DIR> d-------- C:\Program Files\D-Link
2007-07-18 07:51 <DIR> d-------- C:\National Instruments Downloads
2007-07-16 19:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-12 15:44 <DIR> d-------- C:\WINDOWS\pss
2007-07-12 12:35 6,656 --a------ C:\WINDOWS\system32\OpcRcw.Comn.dll
2007-07-12 12:35 462,848 --a------ C:\WINDOWS\system32\HHActiveX.dll
2007-07-12 12:35 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-07-12 12:35 19,456 --a------ C:\WINDOWS\system32\OpcRcw.Da.dll
2007-07-12 12:35 15,840 --a------ C:\WINDOWS\system32\machnm1.exe
2007-07-12 12:35 122,880 --a------ C:\WINDOWS\system32\kepopcdaauto.dll
2007-07-12 12:35 <DIR> d-------- C:\Program Files\KEPServerEx
2007-07-06 17:10 <DIR> d-------- C:\Program Files\RSLogix 5000 Module Profiles
2007-07-06 17:09 <DIR> d-------- C:\Program Files\Rockwell Software
2007-07-06 17:09 <DIR> d-------- C:\Program Files\Common Files\Rockwell
2007-06-25 22:57 2,940,312 --a------ C:\WINDOWS\system32\Cognex.InSight.Internal.3.4.1.dll
2007-06-25 16:59 <DIR> d-------- C:\Program Files\Common Files\Avery
2007-06-25 16:59 <DIR> d-------- C:\Program Files\Avery Wizard 3.1
2007-06-24 22:17 95,232 --a------ C:\WINDOWS\system\LFKODAK.DLL
2007-06-24 22:17 93,184 --a------ C:\WINDOWS\system\LFTIF70N.DLL
2007-06-24 22:17 81,946 --a------ C:\WINDOWS\system32\Vb5ko.dll
2007-06-24 22:17 77,824 --a------ C:\WINDOWS\system32\Lffax10n.dll
2007-06-24 22:17 600,576 --a------ C:\WINDOWS\system32\Ltwrp10n.dll
2007-06-24 22:17 55,808 --a------ C:\WINDOWS\system\LFFAX70N.DLL
2007-06-24 22:17 55,296 --a------ C:\WINDOWS\system\LTFIL70N.DLL
2007-06-24 22:17 350,208 --a------ C:\WINDOWS\system\LTKRN70N.DLL
2007-06-24 22:17 35,840 --a------ C:\WINDOWS\system32\Lflma10n.dll
2007-06-24 22:17 35,328 --a------ C:\WINDOWS\system\LFFPX70N.DLL
2007-06-24 22:17 34,304 --a------ C:\WINDOWS\system32\Lfbmp10n.dll
2007-06-24 22:17 33,280 --a------ C:\WINDOWS\system32\Lfpcx10n.dll
2007-06-24 22:17 32,768 --a------ C:\WINDOWS\system\Lfgif70n.dll
2007-06-24 22:17 31,232 --a------ C:\WINDOWS\system32\Lfpct10n.dll
2007-06-24 22:17 31,232 --a------ C:\WINDOWS\system32\Lflmb10n.dll
2007-06-24 22:17 306,688 --a------ C:\WINDOWS\system\LFFPX7.DLL
2007-06-24 22:17 297,472 --a------ C:\WINDOWS\system32\Ltkrn10n.dll
2007-06-24 22:17 28,672 --a------ C:\WINDOWS\system\LFLMA70N.DLL
2007-06-24 22:17 28,160 --a------ C:\WINDOWS\system32\Lfwmf10n.dll
2007-06-24 22:17 27,136 --a------ C:\WINDOWS\system32\Lfimg10n.dll
2007-06-24 22:17 27,136 --a------ C:\WINDOWS\system32\Lfcal10n.dll
2007-06-24 22:17 266,752 --a------ C:\WINDOWS\system32\Lfcmp10n.dll
2007-06-24 22:17 26,112 --a------ C:\WINDOWS\system\LFICA70N.DLL
2007-06-24 22:17 25,600 --a------ C:\WINDOWS\system32\Lfmac10n.dll
2007-06-24 22:17 25,088 --a------ C:\WINDOWS\system\LFLMB70N.DLL
2007-06-24 22:17 240,640 --a------ C:\WINDOWS\system32\Lfdic10n.dll
2007-06-24 22:17 24,576 --a------ C:\WINDOWS\system\Lfpcx70n.dll
2007-06-24 22:17 24,576 --a------ C:\WINDOWS\system\LFBMP70N.DLL
2007-06-24 22:17 24,064 --a------ C:\WINDOWS\system\LFPCT70N.DLL
2007-06-24 22:17 24,064 --a------ C:\WINDOWS\system\Lfeps70n.dll
2007-06-24 22:17 228,864 --a------ C:\WINDOWS\system32\Ltdis10n.dll
2007-06-24 22:17 224,768 --a------ C:\WINDOWS\system\LFCMP70N.DLL
2007-06-24 22:17 22,016 --a------ C:\WINDOWS\system\Lfpsd70n.dll
2007-06-24 22:17 20,992 --a------ C:\WINDOWS\system\Lftga70n.dll
2007-06-24 22:17 20,480 --a------ C:\WINDOWS\system\Lfwpg70n.dll
2007-06-24 22:17 20,480 --a------ C:\WINDOWS\system\LFIMG70N.DLL
2007-06-24 22:17 19,968 --a------ C:\WINDOWS\system\LFCAL70N.DLL
2007-06-24 22:17 19,456 --a------ C:\WINDOWS\system\Lfras70n.dll
2007-06-24 22:17 19,456 --a------ C:\WINDOWS\system\LFPCD70N.DLL
2007-06-24 22:17 19,456 --a------ C:\WINDOWS\system\Lfmsp70n.dll
2007-06-24 22:17 18,944 --a------ C:\WINDOWS\system\Lfwfx70n.dll
2007-06-24 22:17 18,944 --a------ C:\WINDOWS\system\LFMAC70N.DLL
2007-06-24 22:17 17,920 --a------ C:\WINDOWS\system\LFAVI70N.DLL
2007-06-24 22:17 122,368 --a------ C:\WINDOWS\system32\Lftif10n.dll
2007-06-24 22:17 117,760 --a------ C:\WINDOWS\system32\Ltimg10n.dll
2007-06-24 22:17 111,104 --a------ C:\WINDOWS\system\Lfpng70n.dll
2007-06-24 22:17 103,424 --a------ C:\WINDOWS\system32\Ltfil10n.dll
2007-06-24 22:16 996,872 --a------ C:\WINDOWS\system32\Cp3240mt.dll
2007-06-24 22:16 81,920 --a------ C:\WINDOWS\system\Capi2032.dll
2007-06-24 22:16 29,952 --a------ C:\WINDOWS\system32\Borlndmm.dll
2007-06-24 22:16 212,480 --a------ C:\WINDOWS\system\Pcdlib32.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-12 10:23:48 -------- d-----w C:\Program Files\DIFX
2007-06-06 15:36:00 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\SyncMyCal
2007-06-06 14:41:50 249 ----a-w C:\Program Files\INSTALL.LOG
2007-06-06 14:31:36 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
2007-06-06 14:25:30 -------- d-----w C:\Program Files\Corel
2007-06-04 14:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 14:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 14:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 16:15:40 249,856 ------w C:\WINDOWS\Setup1.exe
2007-05-10 16:15:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-17 16:02]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 C:\WINDOWS\system32\000StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-01-31 10:00 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2002-03-01 09:34]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2002-02-04 16:54]
"TMEEJME.EXE"="C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE" [2002-03-01 09:25]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.exe" [2002-03-01 09:33]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-22 18:20]
"TFNF5"="TFNF5.exe" [2001-08-03 17:08 C:\WINDOWS\system32\TFNF5.exe]
"nwiz"="nwiz.exe" [2003-10-17 16:02 C:\WINDOWS\system32\nwiz.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"EPSON Stylus C44 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-12-10 03:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" []
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-23 13:52]
"eyeBeam SIP Client"="C:\Program Files\CounterPath\X-Lite\x-lite.exe" [2007-06-05 08:52]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-04-05 09:07:21]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.sys
R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
R0 TVALD;Toshiba ACPI-Based Value Added Logical Device Driver;C:\WINDOWS\system32\DRIVERS\TVALD.SYS
R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS
R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS
R2 ANIO;ANIO Service;\??\C:\WINDOWS\system32\ANIO.SYS
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys
R2 imaq1394k;imaq1394k;C:\WINDOWS\system32\drivers\imaq1394k.dll
R2 mxssvr;NI Configuration Manager;"C:\Program Files\National Instruments\MAX\nimxs.exe"
R2 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimk.dll
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmk.dll
R2 NITaggerService;National Instruments Variable Engine;"C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe"
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service
R3 E100B;Intel® PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbk.dll
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxg.sys
R3 wlluc48;Wireless LAN PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48.sys
S3 checker;Checker Port Driver;C:\WINDOWS\system32\DRIVERS\checker.sys
S3 Cognex.InSight.OpcServer;Cognex OPC Server;c:\program files\cognex\in-sight\in-sight opc server 3.4.1\opcinsightservice.exe
S3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys
S3 NiViPxiK;NiViPxiK;C:\WINDOWS\system32\drivers\NiViPxiK.sys
S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys
S3 rt2500usb;DWL-G122(rev.:thumbsup: USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 toslane;Toshiba BT-LANE;C:\WINDOWS\system32\DRIVERS\TOSRFLAN.sys
S3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
S3 Tosrfbd;Bluetooth RFBUS from Toshiba;C:\WINDOWS\system32\Drivers\tosrfbd.sys
S3 Tosrfcom;Bluetooth RFCOMM from Toshiba;C:\WINDOWS\system32\Drivers\tosrfcom.sys
S3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys

*Newly Created Service* - NIPALK

Contents of the 'Scheduled Tasks' folder
2007-04-03 16:12:32 C:\WINDOWS\tasks\McQcTask.job
2007-04-03 16:12:34 C:\WINDOWS\tasks\McDefragTask.job
2007-07-16 10:31:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-19 02:00:02 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 08:53:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 8:54:49

--- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:00:52, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\opcenum.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DTH.lnk = C:\Program Files\Desktop Traffic Headlines\DTH.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175540403017
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175540786402
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - c:\program files\cognex\in-sight\in-sight opc server 3.4.1\opcinsightservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NiRioSvc - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\opcenum.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 11855 bytes

Edited by stewbert, 23 July 2007 - 03:02 AM.


#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:10 PM

Posted 26 July 2007 - 09:05 PM

Hello stewbert :thumbsup:

Sorry for the delay.

Step #1

The next program is with dubious repute and is being listed in Rogue/Suspect Anti-Spyware Products & Web Sites, there for i suggest removing it from your computer:


Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

SpywareBot

Please note any other programs that you don't recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\SpywareBot << This folder
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job << Delete this too.

Close Windows Explorer.

Step #2

- Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • - Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

If you are unable to run scan with AVG Anti-Spyware in Safe Mode, Click the next link http://fileserver.ewido.net/public.cgi?id=20990 and download AVG_Anti-Spyware_7.5.1.36_Safe_Mode_Registry_Patch.reg to your desktop. It should look like this -> Posted Image double click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

- Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

- Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Step #3

Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click fsbl.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


In your next post please include the following reports:
  • AVG Anti-Spyware report
  • Blacklight report
  • New dss scan report main.txt
Let me know how the things went.


Regards,
SNOWHITE
Posted Image

#7 stewbert

stewbert
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 27 July 2007 - 05:33 AM

Hi, thanks for the help.
Spywarebot was not listed in add/remove programs and i couldn't find it in program files. i did delete it from tasks though.
in add/remove programs i found these:
ANIO Service
ANIWZCS2 Service
which i am not sure what they are.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 02:39:39 27/07/2007

+ Scan result:



C:\VundoFix Backups\abksthkw.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\bfftwwft.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\bgimqxfb.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddiioooy.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\hbbvoxca.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\kgkecwoa.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\klrgqsau.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\llpxqgra.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\lvmhiefg.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\mditfjsf.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\mgvngeqj.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\mvkhofdt.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\nimmhpun.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\odybnagb.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\pkapowrs.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\rraubbcj.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\stkbpulr.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\tyyjmmsw.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\vesqxjmu.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\wwtjjyxe.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\sdfix\backups\backups.zip/backups/win1A8.tmp.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).


::Report end

07/27/07 03:00:05 [Info]: BlackLight Engine 1.0.64 initialized
07/27/07 03:00:05 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/27/07 03:00:05 [Note]: 7019 4
07/27/07 03:00:05 [Note]: 7005 0
07/27/07 03:00:08 [Note]: 7006 0
07/27/07 03:00:08 [Note]: 7011 2096
07/27/07 03:00:09 [Note]: 7026 0
07/27/07 03:00:09 [Note]: 7026 0
07/27/07 03:00:13 [Note]: FSRAW library version 1.7.1022
07/27/07 03:00:53 [Note]: 7007 0


Deckard's System Scanner v20070711.54
Run by Administrator on 2007-07-27 at 03:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:04:15, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\opcenum.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\malware stuff\dss.exe
C:\PROGRA~1\HIJACK~1\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DTH.lnk = C:\Program Files\Desktop Traffic Headlines\DTH.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175540403017
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175540786402
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - c:\program files\cognex\in-sight\in-sight opc server 3.4.1\opcinsightservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NiRioSvc - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\opcenum.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 12011 bytes

-- Files created between 2007-06-27 and 2007-07-27 -----------------------------

2007-07-27 08:52:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-07-27 08:52:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-20 08:41:49 0 d-------- C:\VundoFix Backups
2007-07-20 08:29:10 0 d-------- C:\WINDOWS\ERUNT
2007-07-19 01:57:22 49152 --a------ C:\WINDOWS\system32\JJAKEn.dll <Not Verified; ; JJAKEn Dynamic Link Library>
2007-07-19 01:57:21 163840 --a------ C:\WINDOWS\system32\WlanApp.dll <Not Verified; Alpha Networks Inc.; WlanApp Dynamic Link Library>
2007-07-19 01:57:21 237568 --a------ C:\WINDOWS\system32\wlanapi.dll <Not Verified; Alpha Networks Inc.; WLANAPI Dynamic Link Library>
2007-07-19 01:57:20 1327189 --a------ C:\WINDOWS\system32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit>
2007-07-19 01:57:20 49152 --a------ C:\WINDOWS\system32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator>
2007-07-19 01:57:19 630784 --a------ C:\WINDOWS\system32\ANIWZCS2.dll <Not Verified; Alpha Networks Inc.; ANIWZCS Dynamic Link Library>
2007-07-19 01:57:19 57407 --a------ C:\WINDOWS\system32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library>
2007-07-19 01:57:19 204800 --a------ C:\WINDOWS\system32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library>
2007-07-19 01:56:24 36864 --a------ C:\WINDOWS\system32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library>
2007-07-19 01:56:24 50176 --a------ C:\WINDOWS\system32\ANIO64.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2007-07-19 01:56:24 24288 --a------ C:\WINDOWS\system32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2007-07-19 01:56:23 11904 --a------ C:\WINDOWS\system32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver>
2007-07-19 01:56:23 0 d-------- C:\Program Files\ANI
2007-07-19 01:54:46 0 d-------- C:\Program Files\D-Link
2007-07-18 07:51:05 0 d-------- C:\National Instruments Downloads
2007-07-16 19:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-12 15:44:51 0 d-------- C:\WINDOWS\pss
2007-07-12 12:35:33 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2007-07-12 12:35:31 15840 --a------ C:\WINDOWS\system32\machnm1.exe
2007-07-12 12:35:31 122880 --a------ C:\WINDOWS\system32\kepopcdaauto.dll <Not Verified; KEPware; kepopcdauto Module>
2007-07-12 12:35:31 462848 --a------ C:\WINDOWS\system32\HHActiveX.dll <Not Verified; eHelp Corporation.; RoboHelp HTML 11>
2007-07-12 12:35:24 0 d-------- C:\Program Files\KEPServerEx
2007-07-06 17:10:23 0 d-------- C:\Program Files\RSLogix 5000 Module Profiles
2007-07-06 17:09:56 0 d-------- C:\Program Files\Rockwell Software
2007-07-06 17:09:26 0 d-------- C:\Program Files\Common Files\Rockwell


-- Find3M Report ---------------------------------------------------------------

2007-06-25 16:59:56 0 d-------- C:\Program Files\Common Files\Avery
2007-06-25 16:59:52 0 d-------- C:\Program Files\Avery Wizard 3.1
2007-06-12 11:23:48 0 d-------- C:\Program Files\DIFX
2007-06-06 16:36:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\SyncMyCal
2007-06-06 15:41:50 249 --a------ C:\Program Files\INSTALL.LOG
2007-06-06 15:31:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-06-06 15:25:30 0 d-------- C:\Program Files\Corel
2007-05-10 17:15:38 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"000StTHK"="000StTHK.exe"
"Tpwrtray"="TPWRTRAY.EXE"
"TMESRV.EXE"="C:\\Program Files\\TOSHIBA\\TME3\\TMESRV31.EXE /Logon"
"TMERzCtl.EXE"="C:\\Program Files\\TOSHIBA\\TME3\\TMERzCtl.EXE /Service"
"TMEEJME.EXE"="C:\\Program Files\\TOSHIBA\\TME3\\TMEEJME.EXE"
"TMESBS.EXE"="C:\\Program Files\\TOSHIBA\\TME3\\TMESBS32.EXE /Client"
"TosHKCW.exe"="C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe"
"TFNF5"="TFNF5.exe"
"nwiz"="nwiz.exe /installquiet /nodetect /keeploaded"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"eyeBeam SIP Client"="\"C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NIPALK


-- End of Deckard's System Scanner: finished at 2007-07-27 at 03:04:50 ---------

#8 stewbert

stewbert
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 27 July 2007 - 09:48 AM

hi again, i've just noticed that my system time keeps being set wrong. if i set the correct time, after an hour or so it changes to something completly different. the timezone and dates stay correct. not sure if this has anything to do with what we have been looking at or not.

#9 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:10 PM

Posted 28 July 2007 - 04:37 PM

Hello stewbert,

in add/remove programs i found these:
ANIO Service
ANIWZCS2 Service
which i am not sure what they are.


The two programs are legit and are utilities related to a D-link wireless network device, nothing to worry about.

hi again, i've just noticed that my system time keeps being set wrong. if i set the correct time, after an hour or so it changes to something completly different. the timezone and dates stay correct. not sure if this has anything to do with what we have been looking at or not.


How old is the computer your using?

The CMOS battery might be low and causing this problem.

Step #1

* Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm.


* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Step #2

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.

Regards,
SNOWHITE
Posted Image

#10 stewbert

stewbert
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 30 July 2007 - 07:50 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 30, 2007 1:46:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/07/2007
Kaspersky Anti-Virus database records: 369516
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 108383
Number of viruses found: 5
Number of infected objects: 50 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:03:44

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\mcmsc_kEFiQynZNFfUzvg Object is locked skipped
C:\WINDOWS\Temp\mcafee_zy5dBuABJhN6Hmf Object is locked skipped
C:\WINDOWS\Temp\mcafee_pff9bXs6IN4C5dt Object is locked skipped
C:\WINDOWS\Temp\mcmsc_5NYHdd4iYxAE0YJ Object is locked skipped
C:\WINDOWS\Temp\mcmsc_19sigoybfUUz26y Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Ghu2tcBkVeQ7zjY Object is locked skipped
C:\WINDOWS\Temp\mcmsc_JvZDlMd5eDisp46 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{B5304620-06F9-423F-8E8B-B0D917214FB8}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{BC714A65-1778-4DA1-82F7-D1D0FAB325DA}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\National Instruments\MAX\Data\config3.mxs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\National Instruments\Shared Memory\MXSEventSharedMemory.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\National Instruments\Shared Memory\NI-SMSL LPCSockets Shared Memory.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007072320070730\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007073020070731\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\stewj15@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC769.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC779.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRF0002.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF104.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE5D1.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRS0003.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9E39.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE3AA.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRD3748.doc Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRA3224.as$ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\chat1024.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\user1024.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\index2.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\profile256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\user256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\user4096.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\user16384.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\call256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\chat512.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\stewart.bytronic\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\azwzrd10.dot Object is locked skipped
C:\sdfix\backups\backups.zip/backups/win167B.tmp.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\sdfix\backups\backups.zip/backups/win1668.tmp.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\sdfix\backups\backups.zip/backups/win1600.tmp.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\sdfix\backups\backups.zip/backups/win1A8.tmp.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\sdfix\backups\backups.zip ZIP: infected - 4 skipped
C:\VundoFix Backups\abaotpjd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\VundoFix Backups\bfsluoni.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\bnbpahxf.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\bnpwklyx.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\ccsybflf.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\ednmytsb.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\emmywwsq.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\fpfhcovn.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\hddiywho.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\hggde.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\VundoFix Backups\kkprebpt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\VundoFix Backups\ksvfueky.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\VundoFix Backups\mcdjhfvr.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\mfjpqghd.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\mqfckeom.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\nchdsvtg.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\obfvhsji.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\sofftihe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\VundoFix Backups\tftxthss.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\uawwnvqn.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\wqpgxxsi.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\dohgtmno.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fwmomkpo.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\eswvdqjo.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\tnqtxowx.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\qmvjphnb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rxmltndg.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ydkdhhhe.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\jarkuvss.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\qjmronll.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\xbmqpuxn.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\mrftlrxq.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\wnpjjixy.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\cyvxagat.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fhlulkte.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ocaeqjky.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\gkvkkldj.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ugklbdbq.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\yuhfajgf.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\jrfsofmg.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\yjntcisq.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\mcwnwhif.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\obgxvlti.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\akvpyqsn.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\irhlwopt.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
D:\32d6168487eb1df6a87894\update\update.log Object is locked skipped
D:\6e00f9b4a25d60d9b67f221bdcfa0c\update\update.log Object is locked skipped
D:\8e02a2353963d20955a61716f2cf90\update\update.log Object is locked skipped
D:\a492a10b77706a5c456e8a2917\update\update.log Object is locked skipped
D:\b9195193995bc8bc07bc\update\update.log Object is locked skipped
D:\dfa99307fbecd1489ec0dea4e2884623\msxml4-KB927978-enu.log Object is locked skipped
D:\k&b\beck and kirst.JPG Object is locked skipped
D:\k&b\car.JPG Object is locked skipped
D:\k&b\car2.JPG Object is locked skipped
D:\k&b\DCP00745.JPG Object is locked skipped
D:\k&b\DCP00746.JPG Object is locked skipped
D:\k&b\DCP00747.JPG Object is locked skipped
D:\k&b\DCP00748.JPG Object is locked skipped
D:\k&b\DCP00749.JPG Object is locked skipped
D:\k&b\DCP00750.JPG Object is locked skipped
D:\k&b\DCP00751.JPG Object is locked skipped
D:\k&b\DCP00752.JPG Object is locked skipped
D:\k&b\DCP00753.JPG Object is locked skipped
D:\k&b\k&b.zip Object is locked skipped
D:\k&b\ped and missus.JPG Object is locked skipped
D:\k&b\ped1.JPG Object is locked skipped
D:\k&b\pedro.JPG Object is locked skipped
D:\k&b\pspbrwse.jbf Object is locked skipped
D:\k&b\Thumbs.db Object is locked skipped
D:\Kirsten\686lx_1_1_sep0397_b.pdf Object is locked skipped
D:\Kirsten\686lx_1_1_sep0397_m.pdf Object is locked skipped
D:\Kirsten\CBSCSApplicationforms.dot Object is locked skipped
D:\Kirsten\CBSCSschemedetails.dot Object is locked skipped
D:\Kirsten\cover.doc Object is locked skipped
D:\Kirsten\kgcv.doc Object is locked skipped
D:\Kirsten\kirsten cover2.doc Object is locked skipped
D:\Kirsten\kirsten Curriculum vitae.doc Object is locked skipped
D:\Kirsten\Kirsten_sCV.doc Object is locked skipped
D:\Kirsten\pspbrwse.jbf Object is locked skipped
D:\Kirsten\Tutorsreference-cbscs.dot Object is locked skipped
D:\monday projects updates\update.doc Object is locked skipped
D:\My Downloads\1.wmv Object is locked skipped
D:\My Downloads\2.wmv Object is locked skipped
D:\My Downloads\3.wmv Object is locked skipped
D:\My Downloads\ally_et.wmv Object is locked skipped
D:\My Downloads\angel3.wmv Object is locked skipped
D:\My Downloads\ariel.wmv Object is locked skipped
D:\My Downloads\Thumbs.db Object is locked skipped
D:\My Downloads\zlsSetup_55_062_011.exe Object is locked skipped
D:\My Downloads\zlsSetup_55_094_000.exe Object is locked skipped
D:\My Received Files\1.jpg Object is locked skipped
D:\My Received Files\18_3_110[1].gif Object is locked skipped
D:\My Received Files\944_turbo_commercial.mpeg Object is locked skipped
D:\My Received Files\ABC-win32-v3.1.exe Object is locked skipped
D:\My Received Files\As gostosas do pedaço.....jpg Object is locked skipped
D:\My Received Files\B.jpg Object is locked skipped
D:\My Received Files\b10.jpg Object is locked skipped
D:\My Received Files\barplay.jpg Object is locked skipped
D:\My Received Files\Cheech Marin - Chets speech (cont).mp3 Object is locked skipped
D:\My Received Files\elles pics 007.jpg Object is locked skipped
D:\My Received Files\Emma.jpg Object is locked skipped
D:\My Received Files\foto 3.jpg Object is locked skipped
D:\My Received Files\ga031009.gif Object is locked skipped
D:\My Received Files\Gem 1.JPG Object is locked skipped
D:\My Received Files\genuineduckw.jpg Object is locked skipped
D:\My Received Files\go wild.jpg Object is locked skipped
D:\My Received Files\Greyboy Allstars - Grey Royale.mp3 Object is locked skipped
D:\My Received Files\IMG_0025.JPG Object is locked skipped
D:\My Received Files\Img_0153.jpg Object is locked skipped
D:\My Received Files\IrenePix 11-07-03 034.JPG Object is locked skipped
D:\My Received Files\laura's birthday 008.jpg Object is locked skipped
D:\My Received Files\laura's birthday 010.jpg Object is locked skipped
D:\My Received Files\lock&load.jpg Object is locked skipped
D:\My Received Files\Logon script - IFM Support.vbs Object is locked skipped
D:\My Received Files\me in zante 001.jpg Object is locked skipped
D:\My Received Files\me%20n%20wens%2000008[1].JPG Object is locked skipped
D:\My Received Files\me.jpg Object is locked skipped
D:\My Received Files\Papi chulo.mp3 Object is locked skipped
D:\My Received Files\Photo0005.bmp Object is locked skipped
D:\My Received Files\pspbrwse.jbf Object is locked skipped
D:\My Received Files\Thumbs.db Object is locked skipped
D:\My Received Files\TurboForce3D_The_Annoying_Thing.avi Object is locked skipped
D:\My Received Files\Uni Feb2004 063.jpg Object is locked skipped
D:\My Received Files\VSTAR-Cust-beauty-md.jpg Object is locked skipped
D:\My Received Files\W3335AKa03mo.jpg Object is locked skipped
D:\My Received Files\W3335BKS03.jpg Object is locked skipped
D:\My Received Files\x1pZLh117Fh3wpWrlelI91l6oGiuqw7s09XZKXDE966nMGIG-ptM9VsKAHaxmzT0VaH-aicar1pHA59s5plYEAp0plJXcTo2Ncd11m_hEZuXOA7UwthT6wuflJPU6FTVz6S[1].jpg Object is locked skipped
D:\My Received Files\x1pZLh117Fh3wpWrlelI91l6qmMIn4vRolgaqB9adLUu7bmteSZ36nOe-aWjibBh9hSiq5W38i-H1BPAe2znI4LBRi6IgwAhi8kWg4tdAal9iJUGwIiqZmVaoaw8HGNAi15[1].jpg Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\01 - Chicago.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\02 - whatever, whenever.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\04 - Pre 63.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\05 - If Everybody Looked The Same.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\06 - Serve chilled.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\07 - I See You Baby.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\08 - a private interlude.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\09 - At The River.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\10 - In my bones.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\11 - Your Song.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\12 - Inside My Mind.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd1\Cover.jpg Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\01 - Purple Haze.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\02 - Groove Is On.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\03 - Remember.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\04 - madder.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\05 - think twice.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\06 - Final Shakedown.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\07 - Be Careful What You Say.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\08 - hands of time.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\09 - Tuning In (Rewritten).mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\10 - Easy.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\11 - lovebox.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\12 - but i feel good.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd2\Cover.jpg Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\01- Suntoucher.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\02 - Superstylin'.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\03- Drifted.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\04- Little by Little.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\05 - Fogma.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\06 - My Friend.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\07 - Lazy Moon.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\08 - Raisin' the Stakes.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\09 - Healing.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\10 - Edge Hill.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\11 - Tuning in ( Dub Mix ).mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\12 - Join Hands.mp3 Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd3\Cover.jpg Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd485.JPG Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd526\012.jpg Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd526\p1.JPG Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd526\p2.JPG Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd526\p3.JPG Object is locked skipped
D:\RECYCLER\S-1-5-21-4269483969-4168273537-3479383672-500\Dd526\Thumbs.db Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Edited by stewbert, 30 July 2007 - 07:54 AM.


#11 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:10 PM

Posted 30 July 2007 - 05:08 PM

Hello stewbert :thumbsup:

How is the computer running?

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompt by your firewall that OTMoveIt tries to contact internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes.

NOTE: This will remove some of the tools we used so far, including OTMoveIt.

You should empty your Recycle Bin too.



Regards,
SNOWHITE
Posted Image

#12 stewbert

stewbert
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 03 August 2007 - 07:21 AM

hi, the pc is running well now, apart from the clock issue. the strange thing about this that makes me think it isn't battery related is that it changes time whilst the pc is on aswell as on re-boot and power cycles. im using a laptop so don't suffer from power losses. this is a problem that started just a few days ago.

#13 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:10 PM

Posted 04 August 2007 - 04:08 PM

Hello stewbert,

hi, the pc is running well now, apart from the clock issue. the strange thing about this that makes me think it isn't battery related is that it changes time whilst the pc is on aswell as on re-boot and power cycles. im using a laptop so don't suffer from power losses. this is a problem that started just a few days ago.


See this links for more information about CMOS :

http://www.computerhope.com/jargon/c/cmos.htm
http://www.computerhope.com/help/cmos.htm

There is also Issue / Question section, check it out :thumbsup:

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Post back with GMER report, also run this online scan too:

Please run this online scan:

Panda ActiveScan
  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log

Regards,
SNOWHITE
Posted Image

#14 stewbert

stewbert
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 06 August 2007 - 07:11 AM

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-06 10:36:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection

---- Kernel code sections - GMER 1.0.13 ----

.text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP F2A5A5BF \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwOpenKey 80567CFB 5 Bytes JMP F2A5A4EB \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwCreateKey 8056E7A9 5 Bytes JMP F2A5A4FF \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtCreateFile 8056FBF8 5 Bytes JMP F2A5A581 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571EF1 5 Bytes JMP F2A5A5EB \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtMapViewOfSection 8057236C 7 Bytes JMP F2A5A5D5 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 805730B5 7 Bytes JMP F2A5A595 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwSetValueKey 80573C8D 2 Bytes JMP F2A5A555 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwSetValueKey + 3 80573C90 4 Bytes [ 4E, 72, 90, 90 ]
PAGE ntoskrnl.exe!ZwDeleteValueKey 80593AAC 7 Bytes JMP F2A5A53F \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwDeleteKey 80595136 7 Bytes JMP F2A5A513 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwCreateProcess 805B0AA4 5 Bytes JMP F2A5A5AB \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwRenameKey 8064D029 7 Bytes JMP F2A5A529 \SystemRoot\system32\drivers\mfehidk.sys

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00DD0F4E
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00DD0F5F
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DD0039
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00DD0F7C
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00DD0FA8
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00DD008C
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00DD006F
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DD0F0E
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DD00A7
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00DD0EFD
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00DD0F8D
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00DD005E
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00DD0FD4
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00DD0F33
.text C:\WINDOWS\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009C0F97
.text C:\WINDOWS\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009C0014
.text C:\WINDOWS\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009C004A
.text C:\WINDOWS\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009C002F
.text C:\WINDOWS\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009C0FA8
.text C:\WINDOWS\system32\services.exe[784] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D60091
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D60FA6
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D60080
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D60065
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D60039
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D60F64
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D60F7F
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D600E2
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D600D1
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00D600F3
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00D60054
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00D60FDE
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00D600B6
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00D6001E
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00D60FCD
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00D60F49
.text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00D50FCA
.text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00D50F97
.text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00D5001B
.text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00D50054
.text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00D50FA8
.text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00D50FB9
.text C:\WINDOWS\system32\lsass.exe[796] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E40089
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E40F94
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E4006E
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E40047
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E4002C
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E40F63
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E400AB
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E40F26
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E40F37
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00E400DA
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00E40FA5
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00E4009A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00E40F48
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00E30FD1
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00E30FB6
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00E30022
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00E30011
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00E30073
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00E30058
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00E30047
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AD0FA3
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AD0FB4
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AD008E
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AD007D
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AD0051
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AD00DF
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AD00CE
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AD0F6B
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AD0F7C
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00AD0F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00AD0062
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00AD00B3
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00AD0FDB
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00AD002C
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00AD00FA
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AC0FD1
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AC005B
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AC002C
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AC0F94
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AC0FA5
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AC0FC0
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02250000
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 022500A2
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02250087
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02250076
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02250FB9
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02250051
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02250F86
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 022500CE
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0225010E
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 022500F3
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02250129
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02250FCA
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02250025
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 022500BD
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02250040
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02250FEF
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 02250F75
.text C:\WINDOWS\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02240FAF
.text C:\WINDOWS\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 02240F4A
.text C:\WINDOWS\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02240000
.text C:\WINDOWS\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02240FD4
.text C:\WINDOWS\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 02240F65
.text C:\WINDOWS\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 02240011
.text C:\WINDOWS\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02240FEF
.text C:\WINDOWS\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02240F94
.text C:\WINDOWS\System32\svchost.exe[1028] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02220FEF
.text C:\WINDOWS\System32\svchost.exe[1028] WININET.dll!InternetOpenA 42C2C869 5 Bytes JMP 0124000A
.text C:\WINDOWS\System32\svchost.exe[1028] WININET.dll!InternetOpenW 42C2CEA1 5 Bytes JMP 01240FE5
.text C:\WINDOWS\System32\svchost.exe[1028] WININET.dll!InternetOpenUrlA 42C306DD 5 Bytes JMP 0124001B
.text C:\WINDOWS\System32\svchost.exe[1028] WININET.dll!InternetOpenUrlW 42C7A8B1 5 Bytes JMP 01240FD4
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00880000
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00880F43
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00880F54
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00880038
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00880F79
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00880F9E
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0088005F
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00880F17
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00880095
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00880084
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00880ED7
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0088001B
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00880FEF
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00880F28
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00880FB9
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00880FD4
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00880EFC
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00870FCD
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00870F9E
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00870FDE
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0087005B
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00870040
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00870FEF
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0087002F
.text C:\WINDOWS\System32\svchost.exe[1084] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00850FEF
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A50F5A
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A50F6B
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A50F7C
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A50F97
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A5001E
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A50060
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A50F18
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A50EF3
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A5008C
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A50ED8
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A50039
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A50FD4
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A50F3F
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A50FB2
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A50FC3
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A5007B
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00800040
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00800FC0
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00800025
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00800FEF
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0080007D
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0080006C
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00800000
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0080005B
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007E000A
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenA 42C2C869 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenW 42C2CEA1 5 Bytes JMP 007D000A
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlA 42C306DD 5 Bytes JMP 007D0FDE
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlW 42C7A8B1 5 Bytes JMP 007D0FC3
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CD0000
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CD0058
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CD0F63
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CD003D
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CD0F80
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CD0FAF
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CD0F12
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CD0F2D
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CD0090
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CD0EF7
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00CD0ED2
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00CD002C
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00CD0F48
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00CD001B
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\Explorer.EXE[2056] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00CD0075
.text C:\WINDOWS\Explorer.EXE[2056] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C00036
.text C:\WINDOWS\Explorer.EXE[2056] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C00084
.text C:\WINDOWS\Explorer.EXE[2056] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\Explorer.EXE[2056] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C0001B
.text C:\WINDOWS\Explorer.EXE[2056] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C00073
.text C:\WINDOWS\Explorer.EXE[2056] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C00062
.text C:\WINDOWS\Explorer.EXE[2056] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C00000
.text C:\WINDOWS\Explorer.EXE[2056] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C00047
.text C:\WINDOWS\Explorer.EXE[2056] WININET.dll!InternetOpenA 42C2C869 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\Explorer.EXE[2056] WININET.dll!InternetOpenW 42C2CEA1 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\Explorer.EXE[2056] WININET.dll!InternetOpenUrlA 42C306DD 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[2056] WININET.dll!InternetOpenUrlW 42C7A8B1 5 Bytes JMP 00BD001B
.text C:\WINDOWS\Explorer.EXE[2056] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BE0FE5
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2204] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0062
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F77
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0040
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0084
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0073
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0EEB
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F06
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A009F
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A002F
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F48
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0014
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F17
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00280FA5
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00280F6F
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00280FCA
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00280000
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0028002C
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0028001B
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00280FE5
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00280F8A
.text C:\WINDOWS\System32\svchost.exe[2672] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007D0FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0025009A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250089
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250FA5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250062
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250040
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00250F66
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00250F83
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00250F3A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 002500D3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00250F15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00250051
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0025000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00250F94
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00250FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00250025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00250F4B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00330FB2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00330051
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00330FCD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00330FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00330040
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0033002F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00330FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0033001E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2A1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A0277 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A01F8 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A023C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A0184 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A01BE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A02B2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F3164E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] WININET.dll!InternetOpenA 42C2C869 5 Bytes JMP 01AD0FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] WININET.dll!InternetOpenW 42C2CEA1 5 Bytes JMP 01AD000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] WININET.dll!InternetOpenUrlA 42C306DD 5 Bytes JMP 01AD0FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] WININET.dll!InternetOpenUrlW 42C7A8B1 5 Bytes JMP 01AD0FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3408] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 01F80FEF

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F2A5BE01] mfehidk.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F5DFB10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F5DFB10E] Mpfp.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F2A5BE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F2A5BE01] mfehidk.sys

---- Registry - GMER 1.0.13 ----

Reg \Registry\USER\S-1-5-21-2529006832-953129233-1774555873-500\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xA8 0xEE 0x41 0x93 ...
Reg \Registry\USER\S-1-5-21-2529006832-953129233-1774555873-500\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x5D 0x19 0x9C 0x5D ...

---- Files - GMER 1.0.13 ----

ADS D:\My Received Files\1.jpg:Q30lsldxJoudresxAaaqpcawXc
ADS D:\My Received Files\1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\My Received Files\18_3_110[1].gif:Q30lsldxJoudresxAaaqpcawXc
ADS D:\My Received Files\18_3_110[1].gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
---- EOF - GMER 1.0.13 ----


Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\DOHGTMNO.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\FWMOMKPO.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\ESWVDQJO.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\TNQTXOWX.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\QMVJPHNB.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\RXMLTNDG.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\YDKDHHHE.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\JARKUVSS.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\QJMRONLL.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\XBMQPUXN.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\MRFTLRXQ.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\WNPJJIXY.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\CYVXAGAT.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\FHLULKTE.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\OCAEQJKY.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\GKVKKLDJ.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\UGKLBDBQ.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\YUHFAJGF.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\JRFSOFMG.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\YJNTCISQ.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\MCWNWHIF.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\OBGXVLTI.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\AKVPYQSN.EXE
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc166\IRHLWOPT.EXE
Virus:Trj/Agent.FZI Disinfected C:\Recycled\Dc171\BACKUPS.ZIP[backups/win167B.tmp.exe]
Virus:Trj/Agent.FZI Disinfected C:\Recycled\Dc171\BACKUPS.ZIP[backups/win1668.tmp.exe]
Virus:Trj/Agent.FZI Disinfected C:\Recycled\Dc171\BACKUPS.ZIP[backups/win1600.tmp.exe]
Virus:Generic Malware Disinfected C:\Recycled\Dc171\BACKUPS.ZIP[backups/win1A8.tmp.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Recycled\Dc172\APPS\Process.exe
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\bfsluoni.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\bnbpahxf.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\bnpwklyx.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\ccsybflf.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\Recycled\Dc173\cyyoussy.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\ednmytsb.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\emmywwsq.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\fpfhcovn.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\hddiywho.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\Recycled\Dc173\kmhbheuy.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\mcdjhfvr.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\mqfckeom.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\nchdsvtg.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\obfvhsji.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\tftxthss.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\Recycled\Dc173\wqpgxxsi.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Recycled\Dc80.exe
Virus:Generic Trojan Disinfected D:\malware stuff\ComboFix.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\malware stuff\SDFix.exe[SDFix\apps\Process.exe]

#15 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:10 PM

Posted 09 August 2007 - 06:45 PM

Hello stewbert,

How is the computer running? Your logs are looking clean.
  • Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Let me know hows the computer running.

Regards,
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users